Predictions for 2021, and for what remains of December
The view of the near future is refracted through the pandemic, the holidays, and, of course, Cozy Bear.
Tech executives see nation-state operations as a major threat.
The massive, long-running SVR intrusion into US Government and corporate systems has strongly shaped business views of where the biggest cyberthreat lies. A CNBC poll of technology executives last week found that 50% of them regarded nation-state cyber operations ("state attacks," in reports about the poll) as the biggest threat their organizations face. They're also alive to the counterintelligence failure the Sunburst and Supernova incidents represent: 32% of the respondents thought that "defining a national cybersecurity protocol should be the top priority for the incoming Biden administration and new Congress."
Governments expected to increase regulation of companies in the interest of data protection.
Computing sees a coming regulatory wave breaking against the rock of Big Tech's resistance, and Computing thinks the turbulence will last for a good decade. It's more complicated than a simple struggle between good government and sound free markets (to take the most charitable interpretation of the two imagined sides), since a great deal depends upon what kind of regulation is proposed, and also upon the ways in which corporate interests differ, as do, for that matter, agency equities. Not all regulation is unwelcome, even by the most devotedly self-interested: it often amounts, for example, to rent-seeking on behalf of the regulated industries, or even cartelization to the advantage of incumbents.
Online threats emerging during the holidays are unlikely to fade in early January.
The holiday shopping season has seen a surge in online fraud that won't abate with the winter holidays. Not only have periods of online bargains and special offers followed the familiar pattern of seasonal creep, expanding so that what was once a single "Cyber Monday" has become at least a solid fortnight, but the pandemic will continue to drive trade out of brick-and-mortar venues and onto the Internet. That risk affects not only consumers and retailers, but businesses whose workforce is now significantly remote are to consider, Arab News glumly points out, that this workforce is likely to be doing a lot of that shopping on the same devices they use to connect to the enterprise.
Bogus delivery notices are bad; bogus job offers are worse.
Fake delivery notices are proving one of the most common scams, CNBC reports, and this will continue as long as people continue, in their innocence, to fall for them. Crueler than these, however, are the bogus job offers, scam franchise opportunities, and phony work-from-home come-ons that target people rendered unemployed or at least underemployed by pandemic-driven restrictions on trade. The Washington Post outlines a US law enforcement effort, “Operation Income Illusion,” that the Federal Trade Commission has undertaken with nineteen Federal, state, and local partner agencies in an attempt to bring employment fraudsters to justice.
It's not going to be easy, although Operation Income Illusion has scored some successes. The Post distills some of the general advice the FTC is offering. It may help people avoid being duped. It's platitudinous, to be sure, but sound nonetheless:
- "Slow down." Don't jump at the offer. And if the pitch is act now, because you don't want to be the one left behind, walk away. High-pressure tactics should always move you to skepticism.
- "Don’t believe the hype of success stories or testimonials." Don't take the hype seriously. And online reviews are easy to fake.
- "Skip the research and you’re more likely to be victimized." The desperate are in a hurry, criminals know it, and criminals will count on their victims not looking too closely at their offers. Even something as simple as searching for the offering organization's name along with the terms "scam," "complaint," etc. can help make potential victims more wary. Absence of evidence isn't of course decisive evidence of absence, so turning up no results is no guarantee of legitimacy. And of course perfectly legitimate businesses get bad reviews, too. But even a simple search is a good start.