Click to learn more about author Samantha Humphries.
As stated in part one of our 2021 cybersecurity predictions series, businesses rapidly moved much of their workforces online, and the threatscape grew, creating new opportunities for cybercrime. Most organizations — out of necessity — reduced security standards to quickly meet the demands of a newly remote workforce.
Unfortunately, this has created a bigger playground for cybercriminals and, unless controls are strengthened, this will lead to a flurry of data breach notifications. Predictions can be difficult at the best of times but, going into 2021, one thing is clear — protecting the credential will be key. With far more entry points open to attackers, securing and monitoring the credential is more important than ever.
We’re rounding out this series with part two, which focuses on expert commentary around the future of credential-based attacks, Zero Trust, ransomware, and more.
Trevor Daughney, VP of Product Marketing, Exabeam
We will see credential-based attacks continue to rise in 2021 and beyond. Unsurprisingly, we know login credentials still carry significant value because of how often they are stolen. Usernames and passwords remain critical to helping us get work done or pursue personal matters like online shopping, banking, or connecting with friends and family. In 2019, billions of credentials were exposed in data breaches. This trend continued in 2020. These stolen credentials fuel the underground economy and enable credential stuffing attacks. People around the world have come to just accept this as a way of life.
We also know that hackers are not concerned with being detected on the network and will “live off the land,” mimicking typical user activity because it is extremely difficult for administrators to catch. What complicates matters further is that most organizations don’t have the staff, tools, or bandwidth to detect unusual activities among users. Lateral movement combined with account switching (using a different account when targeting a different host) is even more challenging to sniff out. Organizations across industries can invest in machine learning-based user and entity behavior analytics (UEBA) to ensure that malicious activity by attackers is not overlooked. Further, UEBA can identify when a legitimate user account is exhibiting anomalous behavior, providing greater insights into both compromised and malicious users to SOC analysts.
Flint Brenton, CEO, Centrify
Intellectual property will be hackers’ next golden ticket. In 2020, we saw a rise in healthcare breaches, likely because patient records often fetch up to $1,000 each. Compared to credit card data, which goes for just $12-20, and email addresses, which average around $100 in bulk, it makes complete financial sense. But during the COVID-19 pandemic, we began seeing an alarming trend of cyber adversaries targeting intellectual property such as vaccine research, including Russia’s APT29 going after research centers in the U.K., U.S., and Canada. With countries and companies around the world competing to be the first to distribute a viable vaccine, we believe hackers and possibly even insiders will begin releasing the fruits of their malicious efforts on the dark web in 2021 — for a premium fee of tens, if not hundreds of thousands of dollars.
Messaging and video conferencing platforms will become the catalysts for the next wave of phishing attacks. Spear phishing attacks have steadily been on the rise as a result of COVID-19, increasing by as much as 600 percent, according to Barracuda. As organizations continue to work remotely and rely on video conferencing and messaging platforms for daily correspondence among team members, cybercriminals will creatively leverage the range of ways we connect in a remote world. From video conferencing platforms to messaging apps, these channels keep us virtually connected to our colleagues but leave substantial room for cyberattacks. As we grow accustomed to communicating in real-time, we will see a rise in cybercriminals utilizing employee accounts to conduct phishing attacks, potentially even including spear-phishing by video (e.g., using “deep fake” technology) and spear-phishing on third-party messaging platforms (often through hackers weaponizing webhooks).
Prevention for this new, opportunistic wave of phishing goes beyond training. Organizations should plan ahead by requiring multi-factor authentication (MFA) wherever possible, as well as ensuring they leave zero standing administrative privileges. MFA is designed to create more certainty that the person using the username and password is who they claim to be based on something they know (such as a password or PIN), something they have (such as a smartphone or hardware key), or something they are (such as biometrics including face ID or a fingerprint scan). Eliminating standing privileges reduces the ability of the attacker to cause damage and move laterally throughout the network.
Ransomware incidents will triple — and data exfiltration will overtake encryption as the attackers’ end game. Since the beginning of 2020, research has shown U.S. ransomware attacks are rapidly increasing. In Q3 2020 alone, the daily average number of attacks essentially doubled in frequency. While ransomware variants also continue to evolve into more sophisticated threats, perhaps the most troubling data point is that the U.S. has become the most targeted country, with attacks jumping as much as 98 percent in the same timeframe.
These statistics illustrate a persistent onslaught of threat actors that could indicate 2021 will be our most challenging year yet in combating ransomware in the enterprise. What’s important to understand is that the attacks don’t just attempt to execute a lockout or encryption of data anymore but are increasingly aimed at extraction or stealing data from organizations. While some cybercriminals may sell the data on the dark web, others may threaten to leak the data for a higher payout on the ransom. We predict that this will become hackers’ ransomware end game — though the risk of detection rises along with the potential payday. Granting “least privilege” is essential in preventing unauthorized access to business-critical systems and sensitive data by both external actors and malicious insiders. Striving towards zero-standing privileges and only granting just-enough, just-in-time access to target systems and infrastructure can limit lateral movement that could lead to data exfiltration and additional damage.
Andy Skrei, VP of Worldwide Sales Engineering, Exabeam
Analysts will identify major gaps in their threat hunting tools and techniques and move to quickly modernize their security posture. Protecting businesses from security threats on an ongoing basis is essential, but many organizations have continued to use outdated threat hunting procedures that put them at greater risk. The key to steering toward a proactive security posture is to look at tactics, techniques, or procedures, also known as TTPs.
Instead of waiting for an incident to happen and setting off alerts or relying purely on IOCs, TTP monitoring looks for certain behaviors that are telltale signs of an impending attack. TTPs are all about attacker behavior, and the only way to move to a TTP-based approach is to leverage analytic capabilities.
In 2021, we’ll see a steep rise in security analysts adopting this approach. By introducing analytics to the equation and pairing them with TTPs, security professionals will be able to filter out those everyday activities. Instead of monitoring for specific risks, analytics watch for changes in patterns, which can help prevent alert fatigue that comes from too many false positives. When a business is aware of the activities happening across its network, it’s better prepared to protect itself against security breaches.
Bryan Skene, CTO, Tempered
Zero Trust will become a mainstay for every organization touching sensitive data. With an increased number of remote workers, and in turn, vulnerable entry points for cybercriminals, it is more important than ever for organizations to secure every potential pathway to the network. Zero Trust essentially means “never trust and always verify.” This approach to cybersecurity ensures all users, applications, systems, and cloud providers are thoroughly authenticated, built on the foundation of least privilege, and it makes remote user support easier and more secure. To realize their full potential in 2021, it will be crucial for businesses to work with a secure networking provider that can deliver a true Zero Trust infrastructure that extends and adapts to the demands of their network.
Steve Cochran, CTO, ConnectWise
In 2021, we will continue to see heavy investment in and expansion of remote work tools like Zoom and Microsoft Teams. While these technologies will continue to evolve, bad actors will constantly try to take advantage of the remote situation. The software industry needs to respond from an application security standpoint. It will be more important than ever to maintain your team’s security training and awareness and factor in security from the beginning, as most security breaches come from within the application.
There will be many opportunities for growth for companies willing to take the time to understand their customers. For example, businesses around the world are reinforcing their remote work strategies and need a trusted advisor to strengthen their advanced security solutions and ensure that employee’s devices are protected. There is also a huge opportunity for the channel to educate SMBs about regulation, compliance, and best practices.
JG Heithcock, GM of Retrospect, a StorCentric Company
This year, organizations have been busy responding to the rapid shift to remote work and the cyber risks that were heightened as a result of bad actors using the pandemic as a catalyst to continue carrying out their crimes against organizations through phishing, malware distribution, false domain names, and other attacks on teleworking infrastructure. With a distributed workforce, organizations of all sizes and across industries have relied on email to maintain business continuity, especially in a world that was already trending towards a greater adoption of flexible remote working opportunities. Unfortunately, email attacks have risen and will likely continue to increase, making them prime targets for enacting cybercrime, especially if providing information about COVID-19 testing, resources, and research.
While we continue to navigate the uncertainties of the pandemic in 2021, it is important to reiterate simple steps to avoid or minimize attacks on businesses: Identify suspicious senders, exercise caution before clicking on links or opening attachments, and instill a backup strategy that utilizes the 3-2-1 backup rule. A strong 3-2-1 backup plan includes having at least three copies of your data across multiple locations: the original, a first backup stored onsite, and a second backup located offsite. Although the new year will certainly bring new risks, we have the tools to build a foundation that actively protects us from them.
Avi Raichel, CIO, Zerto
This past year found nearly everyone working from home at some point. Some loved it, some didn’t, but I don’t see us ever going back to exactly how it was before. My hope is that companies are learning to adjust and be ready for what the new normal will require. Recent months have made it clear that companies are coming to the understanding (or at least they should be) that digital transformation is not an option but an absolute necessity. However, that makes the stakes higher than just 12 months ago; the risks are more widespread, and there are more opportunities for cybercriminals to succeed. This means that IT disruption caused by the threat of ransomware is something that should be near the top of the list of concerns for every CIO and every company. But companies need a clear-eyed view of reality and need to accept that no matter how much they invest in protection, eventually, something will get in. The ultimate protection isn’t a wall around the perimeter, so to speak; it’s the ability to recover quickly and get back to business as usual.
2021 will be the year of what I like to call “recoverware.” The ability to recover is just as critical as all the protection walls companies are building. Companies need to invest in recovery solutions that are very fast and affordable, as this will save money in the long run as opposed to paying a ransom. Paying ransom makes you a target but being able to recover and avoid downtime following an attack makes you wasted effort for those who want to profit from harming companies. After all, ransom doesn’t work if the target doesn’t have to pay it. And realize this, it’s smarter to prepare with recoverware than to pay a ransom. Eventually, it happens to everyone, so the choice is how you deal with it.
Steve Moore, Chief Security Strategist, Exabeam
To aid in the fight against sophisticated digital adversaries, CISOs will empower their SOC teams to be more open on staffing and technological shortcomings. Analysts are tasked with combing through thousands of security alerts a day, which is exacerbated by the fact that over half of their time is spent on data collection and chasing false positives. Leadership should be concerned that analysts are at a severe risk of becoming overwhelmed and consistently feeling that the odds are stacked against them.
CISOs are ultimately responsible for developing and maturing the security program and reevaluating what tools are missing. With SOCs being distributed in the remote work environment, CISOs must empower their teams to report staffing and technological shortcomings to develop and enhance security programs. When security teams express issues that may be heavily affecting their work, it lessens the burden on the CISO to evaluate from the top down.
A CISO acts as a bridge between the security analysts and stakeholders such as the CFO, CEO, and board of directors. By empowering their analysts to be vocal, a CISO can cite personal anecdotes and evidence to the leadership team. This proof can help to expedite approval to purchase and implement new, advanced security controls, such as behavioral analytics, and even hire new personnel in order to combat risks and lessen burnout. Streamlining communication between the CISO and their security teams will become critical in 2021 in order for enterprises to stand a chance against advanced adversaries and beat the odds.