Since vulnerabilities require immediate patching to reduce danger, the spike in amount can potentially add to the workloads of IT teams without a viable strategy for shielding them from attack.Ĭybercriminals are using an arsenal of attacks to compromise systems and exploit sensitive data, creating major security risks for enterprises struggling with a new working environment due to the pandemic. Old vulnerabilities, dating as far back as 2005, were also still being exploited. Trend Micro™ Zero Day Initiative™ (ZDI) reported a 40% increase in discovered vulnerabilities, with critical- and high-severity vulnerabilities seeing significant increases. Increased number of dangerous vulnerabilities threaten organizations. Enterprises were impacted not only by the new attack techniques, but the speed at which the vulnerabilities could spread and the shrinking time gap between the attack and theft of valuable information. The internet of things (IoT) also played an important role in the shift to remote work and malicious actors took notice-inbound attack events tripled while outbound attack events nearly doubled from 2019. Organizations face threats in cloud, IoT, and mobile environments.Īs the cloud became a more integral part of business operations, cloud misconfigurations remained a problem for many organizations. Organizations grappled with securing virtual private networks (VPNs) that leverage usernames and plain-text passwords from being compromised with stolen credentials, as well as protecting communication tools like Zoom, Slack, and Discord from malware or being used as a launching point for installer or email spam campaign attacks. The sudden influx of remote workers presented cybersecurity challenges for businesses. Enterprises beware-the workforce positions most spoofed by BEC scammers were the CEO and managing director.
Global pandemic causes major shifts in cybersecurity.Ĭybercriminals took advantage of the global pandemic-launching Covid-19 based threats such as spam emails about symptoms or business email compromise (BEC) scams offering fake vaccines to extort personal and financial information from victims.
Ransomware attacks focus on prominent targets.Ģ020 saw ransomware operators focusing their efforts on high-value assets in industries hard hit by the pandemic, using sophisticated targeting methodologies in concert with proven attacks processes for maximum effect.Įnterprise supply chains continued to be the easiest avenue of compromise for ransomware, taking advantage of the fact that organizations often assume that the products and services offered by their partners are safe combined with an inability to check for threats within their extended supply chains. This annual report aims to equip cybersecurity leaders with valuable insights and tools that can inform cybersecurity strategies focused on both protecting and enabling the organization. Trend Micro’s 2020 Security Roundup reviews the most important cybersecurity stories, issues and trends that occurred during this unprecedented year. Organizations were tasked with the challenge of sustaining a year-round remote work setup and handling the major security issues associated with it. The global pandemic led to a dramatic transformation in the workforce.