A Global Reset: predicting cybersecurity trends in 2021
Companies across all industries commonly release forward-looking reports about what’s to come in the next year, but very few in 2019 anticipated the global pandemic and the worldwide reaction to it. While 2020 brought great uncertainty, there remain many guarantees in the cyber security realm - threat actors will continue to attack, without any regard for their targets and with motivations that include, but are not limited to, espionage and monetary gain.
With an eye toward the future, FireEye compiled a list of cyber security expectations for the coming year. The report, A Global Reset: Cyber Security Predictions 2021, tackles remote work and other impacts of the global pandemic, ransomware, nation-state activity, cloud security and security validation.
Remote work and other impacts of the global pandemic
In the near term, the coronavirus will likely continue to have a significant impact on normal business operations, with a focus on supporting remote work, virtual events and new productivity platforms. In the longer term, technology solutions will step in to facilitate the return to work, school and other activities, potentially introducing new risks for privacy, personally identifiable information (PII) and protected health information (PHI).
Virtual private networks (VPNs) will continue to have their place in 2021. Organizations should be ready to have this capability in place as remote work continues to expand and becomes a more common way of doing business. In 2021, there will be a continued increase in perimeter security, mostly due to remote work.
Persistence and growth of ransomware usage
The use of ransomware accelerated and became more dangerous than ever seen in 2020. Targeted attacks against medical facilities during the pandemic crossed a line that had never before been approached. Ransomware will continue its rapid growth in 2021 and its varieties will increase along with the frequency of attacks. Post-intrusion reconnaissance revealed that threat actors encrypt the most relied on and sensitive data and architecture leading to higher ransom demands.
In 2021, organizations need to be prepared for a ransomware attack. This means ensuring that networks are segmented, that an actual plan is in place and that tabletop exercises have been conducted with senior leaders and other key staff. This will ensure that everyone is ready to take optimal action in the event of an attack.
Organizations should have an incident response service-level agreement (SLA) in place. They should also establish secured backups that teams can revert to when necessary. Organizations are going to be targeted and they are going to be compromised, so it is crucial to have prevention and recovery strategies in place.
Espionage as an ongoing driver of Nation-State Activity
Major nation-state threat actors continuing efforts in 2021 will include Russia, China, Iran and North Korea. These countries are significant sponsors of threat activity, both regionally and globally. Beyond that, there has been an uptick in activity from Vietnam and South Asia.
Spear phishing is one of the most popular infection vectors when it comes to nation-state threat activity, and it will continue to dominate in 2021. In addition, an increasing number of nation-state actors are focusing on intrusion techniques that don’t require any victim interaction, such as exploiting web-facing applications and password spraying. These tactics are being used by a number of Iranian, Russian and Chinese groups in 2020, and are expected to continue in 2021. Countries that are just getting into the business of cyber espionage will continue to turn to third-party intrusion vendors for tools and capability enhancement.
Cloud Security Taking the Limelight
Companies will need to spend time building up awareness of their cloud presence in 2021. Many companies deferred multi-factor authentication to legacy systems as they were accelerating their migration to cloud platforms in recent years. The urgency of business requirements often drives organizations to move technology adoption efforts forward faster without having the right security controls in place. As a result, many organizations will be playing catch-up on the security front as we move into 2021. Organizations need to secure the methods of access to data, and that means focusing on identity and access management and revisiting who qualifies for privileged access.
Many cloud threats are the same as those encountered on in-house networks. In 2021, cloud hacks are expected to continue to be executed through stolen credentials, typically via phishing; exploitation of cloud misconfigurations; and vulnerable cloud application hacking.
Prevention and detection strategies will be crucial for all organizations to guard against such threats. Whether large or small, no organization is immune to cloud risk. Full and accurate tracking of cloud assets should be a priority in 2021.
Security Validation to Keep Defenses and Budgets in Check
As the economy continues to be strained moving into 2021, cyber security spend will be increasingly scrutinized. We expect many organizations to invest in security validation to understand if their technology is deployed optimally, if threats are being detected and blocked, if security settings are configured correctly, and if they are getting a good return on investment.
Security validation provides quantifiable data to the business on the effectiveness of their cyber security controls and will help organizations answer questions such as:
· Is my VPN working like it should?
· What vulnerabilities or gaps do I have in my remote infrastructure?
· Do people who have higher level privileges still need them now that they’re working from home rather than on premises where their access could more easily be monitored?
Security automation and training are also expected to be areas of significant growth in 2021. Companies will continue to automate routine tasks so they can free up expertise for more high-value activities. Security validation will help identify areas ripe for automation as well as those that should be prioritized for more expert attention. The increased risk from remote work, especially for those organizations without established processes and policies for data access, will warrant significant additional security awareness training. Again, security validation can help by identifying some of the focus areas for that training.
Positive Security Results with Effective Planning and Implementation
Organizations had much to overcome in 2020 and a rapidly changing security environment was just one challenge. The chance of these challenges continuing into 2021 are high, and the adversity will be from more than just cyber threat actors.
Ransomware, once an opportunistic threat that used to cost organizations thousands of dollars, is now being deployed in sophisticated operations with ransom demands upwards of a million dollars. Ransomware is only going to get worse in 2021 and organizations are going to need to be prepared with incident response plans and data backups.
2020 was one of the most challenging years in recent history and forced many organizations to stop what they were doing and reprioritize. As we move into the new year, we must learn from threats we faced these past 12 months and build capabilities and strategies that would protect us in the days to come.