The year 2020 has literally been like no other. The entire world went from being very connected, where people could easily meet each other without a second thought, to suddenly having to think about every single movement they made. One of the biggest changes that we saw take place was how everyone interacted with one another. The “new” world is mostly online.
Within the first few months of the pandemic, Zoom was valued more than the top airlines of the world – combined! The mass scale up of everyone moving everything online, came with another pandemic, one that was online.
There was an 800% surge in cyberattacks – on average, the world saw almost 4000 cyber attacks every single day.
The move from reactive to proactive cybersecurity
Just how quickly people switched over to Zoom, we saw just how unsafe the platform was in terms of cybersecurity. “Zoombombing” became a common occurrence, where uninvited guests could drop into an ongoing Zoom call. The developers at Zoom had to quickly follow up with security patches, which they did but then the attackers moved on to Twitter. The attack on Twitter showed the world that the IT security teams can no longer afford to wait until the attack happens to fight it, the “new normal” needs to be one where the hackers are never successful in their attack.
The second half of 2020 was all about the proactive approach. We could see this approach working, only a handful of cyberattacks were successful towards the end of the year. A lot of cybercriminal gangs were taken down by law enforcement agencies and the world online, was a lot safer.
Expecting the unexpected
Traditionally, people and businesses have trusted whoever is on the “inside” and defense strategies are only used for the “outsiders”. 2020 has given everyone a lesson to “expect the unexpected”, in terms of absolutely everything.
Offices have adopted a “zero trust approach” one that applies to both inside and outside the office.
Employers and employees together are taught to make better decisions in their time online. Nothing is on “automatically trust”, this includes everything from emails, websites to applications, everything needs to be manually trusted. This practice helps teams isolate systems and prevent a widespread attack that could attack multiple user accounts, devices and the entire network all at once. In addition to these, predictive analytics are being used to find patterns in the system, everytime something out of the ordinary is noticed, it can be checked out and any possible threats can be ruled out, or dealt with, in a timely manner.
The takedown of EncroChat and Safe-Inet
Criminals that work through the internet can be one of the smartest people. A lot of organised crime gangs had moved over to using tools like “EncroChat” to communicate using encrypted messages. Police forces across Europe hacked and shut down the EncroChat network by harvesting data, such as passwords, messages, and geolocations. This led to a mass takedown of criminal gangs. 746 criminals were arrested in the UK alone, these were people that were suspects in high profile crimes such as murders and smuggling. The operation also led the police to seize £54m in cash and more than 1.5 tonnes of cocaine.
It was found that criminals were using VPNs to communicate with one another in a way that they wouldn’t be found. Safe-Inet was one of the most popular ones they used. Its premium version gave the users 5 layers of protection, making them virtually untraceable. Law enforcement agencies hacked into their system and found that using the VPN, criminals were targeting at least 250 companies. The servers were taken down immediately and Safe-Inet services were shut down – saving the data of several companies.
The dangers of criminalizing VPNs and encrypted communication
It is important that we don’t fall into the notion of “Whoever uses a VPN or encrypted communication services has something to hide”. There are several countries in the world where citizens are under mass surveillance and have no privacy even when using their own devices. If someone is a law abiding citizen, they have the right to have privacy in their personal communications.
Letting law enforcement agencies, “get in through the backdoor” is bound to end up causing a lot more problems than it solves.
Proactive cybersecurity measures are important to protect companies and people in the long run. It’s integral that people have access to resources like VPNs and encrypted communication tools for their own safety and that the tools aren’t criminalised, only the criminals using them for criminal activities are.