Rapid change and disruption can create cyberattack vulnerabilities – and, unfortunately, ample change and disruption are in the cards heading into 2021. However, staying informed of prevalent threats and security predictions for which pose the greatest risks will help you set priorities and provide the highest possible level of protection.
Security predictions for 2021 from industry experts include:
1 Ransomware will abound as employees return to the workplace.
Matt Glenn, VP of Product Management at Illumio: Workplaces that have been vacant for 9+ months will inherit an abundance of ransomware risk as employees return in droves. Companies have prioritized securing remote work and have been less focused on protecting the office itself. Therefore, every human who reenters the office will become a new threat based on the number of websites they clicked on while sheltering, the amount of content they downloaded, and the number of assets they carry from home back into the workplace.
Derek Brost, Director, Professional Services – Security and Compliance at InterVision: Many organizations are already weakened due to COVID-19 impacts, and one significant ransomware situation could be an ending event. While vendors compete for mindshare to present their anti-ransomware solutions, the reality is setting in that this threat is beyond the scope of any one technology or vendor. Detective and preventative controls need to be layered across the entire attack surface — sometimes even doubly applied – to be successful in deterrence and protection. From an impact perspective, organizations absolutely need to understand their total value of assets at risk, anticipate a major impact on their operations, evaluate potential liabilities to shareholders/customers, and make investments to protect data, operations, and overall viability.
2 Businesses must play a bigger role in preventing account takeover.
Jane Lee, Trust and Safety Architect at Sift: Account takeover (ATO) attacks are a direct result of the continuous stream of data breaches we read about on a daily basis. ATO attacks are a critical link in the fraud supply chain, serving as a vehicle to facilitate further malicious activity. ATO attacks have two main consequences: they compromise consumer accounts on a targeted website, and they jeopardize consumers’ accounts on other sites because individuals frequently reuse their credentials across the web. Ultimately they lead to the erosion of consumers’ trust, which can be particularly devastating to businesses in saturated markets where consumers can easily pivot to a competitor.
Since consumers continue to practice poor password hygiene, the burden of securing their online accounts falls on businesses. While data breaches may seem inevitable, account hacking isn’t. Online merchants should ensure they can review and block suspicious account activity – including unusual logins, liquidating stored value, or major account changes – in order to prevent these damaging attacks.
3 The older the infrastructure, the riper it is for attacks.
Matt Glenn, VP of Product Management of Illumio: Bad actors will look to exploit outdated, unmonitored technology in the new year — the opposite of attacking emerging technologies like artificial intelligence (AI), machine learning (ML), and 5G, which have been outfitted with the latest cybersecurity technology.
Bad actors will focus their efforts on older infrastructure and less on individual users, maintaining a “minimize risk and maximize reward” mindset. They’ll target the manufacturing lines and supply chains to command a much higher return on their efforts. The cost of a manufacturing plant immobilized by ransomware is so great to a company, it would make them more likely to pay the ransom – and in turn, maximize the reward to the attacker.
4 Organizations will stop trusting their people and services in an IT environment.
Marco Palladino, CTO and Co-Founder of Kong: Zero-trust security will become the prevailing model for organizations in 2021. With more companies moving to distributed architectures, technology teams need a scalable way to make security foolproof while managing a growing number of microservices and greater complexity. Companies should act as though every person and service (whether internal or external) could have malicious intent, and the organization should implement zero-trust security protocols to adequately protect their services, applications and the data that flows through them. Failure to do so will only result in more high-profile data breaches, widespread outages, and heightened concerns from customers.
Bob Ritchie, VP of Software at SAIC: The coming year will see an increased focus on implementing zero trust architectures in DevSecOps. As automation tools continue to improve and advance toward ubiquitous table stakes, the organizational bottlenecks around “authority to operate” continue to prevent many organizations from fully realizing the value that DevSecOps offers. Organizations that embrace zero trust have a leg up overcoming this last bastion of traditional “castle and moat” IT security. In the same way that CI/CD established the trust that brought together the development and operator communities, establishing a software-defined IT security ecosystem that is equally observable and with no implicit trust is paramount to gaining buy-in of authorizing officials. Paradoxically, proving that from an IT perspective, you don’t implicitly trust anyone/anything is the key to establishing a high-trust DevSecOps culture.
5 DevOps pipelines and machine identities become attack surfaces.
Flint Brenton, CEO of Centrify: As companies look to adopt new technologies, tools, and methodologies to enhance the DevOps process, security measures become increasingly complex. Human identities and now applications, virtual machines, microservices, and workloads (non-human identities) need to be protected as well as APIs. Add in the challenge of development, operations, and security teams working remotely, and organizations are much more likely to experience a cyberattack.
With remote working expected to be a reality for some time and credential-based attacks on the rise, organizations need to adopt a centralized privileged access management (PAM) solution architected in the cloud to minimize attack surfaces. PAM solutions that evolve modern application-to-application password management (AAPM) approaches can help DevOps teams secure all identities, even in distributed environments. Methods such as federation, ephemeral tokens, and delegated machine credentials can reduce the overall attack surface and seamlessly incorporate PAM into the DevOps pipeline. Combined with adopting a least privilege approach, these best practices and modern solutions can improve an organization’s security posture without compromising the agility that DevOps relies on.
6 Without effective security integration, AI/ML systems may overwhelm operations.
Derek Brost, Director, Professional Services – Security and Compliance at InterVision: Integration is now king in security technology. No silver bullet exists, so turning threat detection into rapid containment and response takes tight integration. Security automation is only as powerful as the value of the heuristics and the completeness of indicators in a timely, thorough manner. While AI/ML systems can detect threats faster and more completely than ever before, keeping pace with IT environment growth without multi-vendor/multi-tech correlation, they are beginning to produce more noise than a signal to security operations. As a result, companies intent on adopting AI/ML in 2021 should do so while keeping a careful eye on their incident response security stance, how notifications will be processed and tracked, and how it will assist (rather than hinder) integration efforts. Recall, in very large publicly disclosed breaches, many times the organization did receive notice of intrusion but failed to take appropriate action in a timely manner. Security incident and event data are only as valuable as the actions taken in response.
7 Cybersecurity success will mean improving post-event restoration.
Derek Brost, Director, Professional Services – Security and Compliance at InterVision:
There will be a shift from sexy technologies addressing the preventative and detective controls and move to foundational and higher-value directive and restorative controls. This also means security teams need to progress from blocking and tackling technology towards governance in quantifying risk and making executive decisions on acceptable and appropriate remediation or mitigating measures. It’s also past time to talk about the “if” and shift strategy to the “when” by having effective, verified, and high-assurance abilities to restore after an incident or disaster, commensurate with the threats and risks of the organization. A strategy must be put into action to be effective; therefore, it’s essential to test repeatedly and iteratively improve on that restoration strategy to build confidence and assurance that it will work when most needed.