The 2020 Year in Cybersecurity Review

• When it came to healthcare security, 2020 proved to be a continuation of the state of cybersecurity in prior years.
• While there was considerable concern about some type of digital attacks during the U.S. presidential elections, so far, there's been no credible evidence showing such occurred.
• One of the more interesting attacks last year was one everyone had the opportunity to watch occur in real-time. And that's the Twitter attack that resulted in the widespread tweeting of a bitcoin scam the summer.

When it came to cybersecurity, 2020 proved to be an incredible year. From industry-specific attacks to widespread nation-state attacks, the year had everything. Here are a handful of stories I think had the most impact:

Healthcare hacks — When it came to healthcare security, 2020 proved to be a continuation of the state of cybersecurity in prior years. As the year started, much of the focus was on how healthcare would digitally transform itself, and the industry would modernize I.T. systems and improve its security over time. Of course, the novel coronavirus changed all of that, and the industry had to focus on the greatest pandemic since 1918 — all the while, attacks on healthcare didn't let up as we covered throughout the year.

And there were many significant healthcare data breaches in 2020. One incident includes the ransomware attack on cloud computing provider Blackbaud that affected hundreds of organizations and the personally identifiable information for potentially millions. In another attack, the Dental Care Alliance breach exposed the protected health information and credit card numbers of one million patients.

As we covered in January 2020, in the post, U.S. Healthcare Data Breach Cost $4 Billion in 2019. 2020 Won't Be Any Better, "The race within the healthcare industry is going to continue to be to move their workloads to cloud computing, embrace medical IoT, electronic health records, consumer-driven health data services, upgrading legacy systems in too many doctor offices today, and more. And all of this is going to strain healthcare's already strained security efforts."

It certainly proved itself to be accurate. As did much of our other coverage, healthcare organizations and industry continued to embrace connected medical devices. They were hit with a relentless number of ransomware- and other types of attacks throughout the year.

Secure elections — While there was considerable concern about some type of digital attacks during the U.S. presidential elections, so far, there's been no credible evidence showing such occurred. "The November 3rd election was the most secure in American history. Right now, across the country, election officials are reviewing and double-checking the entire election process prior to finalizing the result," the U.S. Cybersecurity and Infrastructure Security Agency said in a statement.

The saving grace will prove not to be high-tech defenses, but a historical standby: paper. "When states have close elections, many will recount ballots. All of the states with close results in the 2020 presidential race have paper records of each vote, allowing them to go back and count each ballot if necessary. This is an added benefit for security and resilience. This process allows for the identification and correction of any mistakes or errors. There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised," the U.S. Cybersecurity and Infrastructure Security Agency continued in their statement. "While we know there are many unfounded claims and opportunities for misinformation about the process of our elections, we can assure you we have the utmost confidence in the security and integrity of our elections, and you should too. When you have questions, turn to elections officials as trusted voices as they administer elections," the CISA added.

SolarWinds Orion — The recent successful software supply chain attack on a widespread network monitoring and management tool potentially impacted thousands of enterprises and government departments, including the U.S. Treasury. According to this story from CSOonline, the attack was made possible by compromising the vendor's software updates between March 2020 and June 2020, with a component that delivered a trojan. And the attackers then managed to digitally sign the Trojan and maintained communication command and control.

Software supply chains have been a growing concern for some time now, and there's no easy solution for software and hardware makers or their customers. These attacks are particularly troublesome because if an attacker can burrow themselves into a supplier's software components, it can be very difficult to identify and eradicate the associated malicious software, especially if the components are signed and trusted as they were in the most recent incident. These attacks have been linked to nation-states. While the most recent attack is believed to be attributed to a Russian operations group, there have been software supply chain attacks attributed to Chinese attackers.

Wired reported on one such Chinese attack group in its story A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree. In these incidents, the attackers commandeered the software updates from hardware maker Asus and infected CCleaner. In each case, the attackers could then comprise the unsuspecting customers of the respective firms.

The Twitter Bitcoin Attack — One of the more interesting attacks last year was one everyone had the opportunity to watch occur in real-time. And that's the Twitter attack that resulted in the widespread tweeting of a bitcoin scam the summer. During the attack, about 130 VIP Twitter accounts were compromised and used in the bitcoin scam pitch. The attack was made possible when the attackers managed to appropriate the Twitter administrative tools. Due to that social-engineered led breach, the Twitter accounts of Barack Obama, Elon Musk, Kanye West, Bill Gates, and companies such as Apple to tweet a Bitcoin scam their respective millions of followers.

This attack not only highlighted the risks associated with insiders as well as privileged user accounts, but it also highlighted the importance of social media security. Fortunately, the successful Twitter attack only involved a bitcoin scam, which is bad enough. Still, it could have been worse had the attackers wanted to foment civil unrest with Tweets from public figures or try to send the stock market into disarray or cause other havoc.

Expect more attacks targeting social media and expect them to be more sophisticated and perhaps more nefarious.

The switch to remote work — The shift to working from home was perhaps one of the biggest security stories on 2020, as the move of millions of workers from city-based offices to home-based offices was unprecedented, and so was the need to rapidly secure these remote workers and the corporate data they use, manage, and create.

Beyond the need to ensure worker endpoints were secured, enterprises also had to make sure that they accessed from secured networks and their access to enterprise resources could be buttoned down.

In the year ahead, enterprises (even as many workers return to their offices) will be bracing themselves for a forever larger workforce that will be working remotely. Fortunately, the move to cloud, virtualization, and digital transformation forms a foundation for successful, and hopefully securable, remote work.

When it came to cybersecurity, 2020 was quite the year. There's no reason to believe that 2021 won't prove just as challenging, perhaps in different ways. Most enterprises can do prepare the best they can and take the year as it unfolds.