2021 will overburden already stressed infosec teams
The year 2020 has given us a contentious U.S. election, a global economic crisis, and most notably a global pandemic. Disinformation has wreaked havoc in our ability to discern fact from truth, ransomware has been delivering ever more serious consequences, and insider leaks continue to validate privacy concerns despite increased adoption of privacy laws across the globe.
According to a recent study published by Webroot, there has been a 40% increase in unsecured RDP-enabled machines because of the dramatic shift to work-from home, and there has been a 2000% increase in malicious files with “Zoom” in their name.
Even with vaccines on the horizon, the dispersed work environment due to COVID-19 will continue. Many organizations, including my own, are embracing the remote work as a way to reduce costs and give employees more flexibility. For security teams, this means that the benefits of the corporate network perimeter (perceived or real) are all but erased.
Up until 2020, cloud was still viewed as an option by most organizations. With the onset of COVID-19 and the overnight shift to working from home, it has become a mandate. This shift will see changes in both how security is focused and where attackers focus in 2021.
In fact, a recent global survey revealed two in five organizations opted to reduce cybersecurity budgets in order to cut costs as a result of the pandemic. In 2021, CISOs and CIOs will look to consolidate vendors and platforms to accomplish multiple objectives as they look to maintain capabilities across every stage of the NIST cybersecurity framework (detect, protect, identify, recover and respond).
The borderless network
While in 2020 organizations were focused on adapting existing technology to borderless and disconnected environments, we will see a massive shift to cloud-native solutions in 2021. We will see increased adoption of SASE (Secure Access Service Edge), authentication and identity management, and host, data, and user-centric approaches to security. On premise technologies will be upgraded or ripped out for cloud-native and containerized solutions. Infrastructure- and Desktop-as-a-Service will enter a heyday.
Following the natural progression of things, we will see attackers set their sights on breaking container-based architectures, such as Kubernetes, and very likely see the first major breach of such an environment in 2021. Vendors will be forced to adapt their technology to this new paradigm or risk going the way of anti-virus.
In addition to new attacks on container-based environments, 2021 will bring the heightened threat of ransomware and new solutions to combat disinformation.
Ransomware
While 2021 is sure to include new examples of malware and criminal tactics, ransomware persists as a major threat. Ransomware groups have already indicated that they will show no mercy, targeting healthcare organizations specifically as the pandemic gathers strength.
Ransomware attacks are also evolving beyond simple encrypt and ransom format. Recently, cybercriminals have started to publish websites specifically to leak or auction information when a ransomware victim refuses to pay up. This increases incentives for victims to comply or face damaging information leaks, regulatory reporting costs, and potential fines under laws like GDPR, CCPA, etc.
Ransomware attackers have also adopted new modular tactics. For example, attackers leverage the Emotet botnet – via spam campaign or other vector – to get the access they need to deliver ransomware. Even though it’s not a ransomware payload itself – it is the botnet responsible for the most ransomware infections. We see it very often with ransomware like TrickBot, Dridex, QakBot, Conti/Ryuk, BitPaymer and REvil. And this is just one example of this modular framework, many more are out there.
In 2021, past this obvious evolution of ransomware, expect to see startups focused on an attempt to “get ahead” of the ransomware problem through the detection of dark web criminal communications and C2 activity targeting specific organizations.
In the meantime, what should organizations do to better protect against ransomware in 2021? The principle of defense-in-depth is more important than ever. Organizations need to combine multiple layers from training, to advance detection and response, to back up AND recovery.
By doing so, organizations can move beyond cybersecurity – to a position focused on cyber resilience. Attacks do and will continue to happen. Cyber resilient organizations can limit their risk, exposure, and when a successful attack does occur, they limit the impact and prevent significant business disruption.
Disinformation
Dis- and misinformation impacts businesses and the public at large in a myriad of ways. False or misleading claims can have a major impact on a businesses’ bottom line, not to mention turning the tide of public opinion.
In 2021, every organization and individual will face three challenges:
- The need to discern what is real from what is fake
- The need to determine what sources are credible
- The need to verify information
Disinformation becomes a cybersecurity issue because cybercriminals thrive on uncertainty. According to OpenText research, one in five people (at least) have received a COVID-19 related phishing email as of this fall. That number will surely grow. We’ve also seen spikes in phishing campaigns around fake COVID-19 stimulus offers, fake streaming media links, etc.
We can expect trends specific to COVID-19 to continue. More generally, as trust in media and institutions is threatened, cybercriminals will have more opportunities to exploit the resulting uncertainty.
The good news, cybersecurity teams are used to dealing with a level of disinformation. If you think about it, what is a phishing campaign if not an active disinformation attack? There have already been great examples of security professionals – especially digital forensic experts – publicly shutting down disinformation this election cycle.
Expect to see early applications of autonomous fact-checking technology appearing across various platforms next year. I expect to see applications for business systems – validating critical business process data, as well as the obvious consumer applications within social media platforms. Think secure supply-chain approaches, but for information.
Stressed infosec teams are looking ahead
As we look ahead to the new year, some things are abundantly clear.
First, the remote work environment will continue. Cybercriminals will look to exploit weaknesses in the digital chain, like less secure personal devices and home Wi-Fi. They will continue to thrive in a high-uncertainty environment. Disinformation will be a persistent threat, and ransomware a specific risk to large enterprises, but also the SMB community.
It is also clear that education and training around cybersecurity are no longer optional for organizations. Training doesn’t just help reduce risk at the user level, it also has impacts down the line. According to a recent global study by Accenture, the speed with which organizations find security breaches is faster for businesses that provide higher levels of training. The study revealed the organizations best at training found 52 percent of security breaches in less than 24 hours, compared with only 32 percent for the rest.
Security teams must also have the right solutions to find and respond to the threats that make it through to user endpoints or the company network. And finally, back-up and restoration solutions must be in place to protect the organization should the worst happen.
The technical solutions and employee training need to be effectively drilled with breach simulations and ongoing testing to ensure your organizations is cyber resilient in 2021.
In summary, 2020 exposed gaps in our ability to trust information, ignited cloud migrations, and put even greater strain on already stressed infosec and digital forensic teams. In 2021, these are the challenges that will receive the most attention.