My team at Cyber Security Newsletter, our weekly newsletter covering everything Cyber Security, reached out to 16 of the smartest people in Cyber Security to find out what trends they see happening within the space over the next 12 months. Here’s what they had to say:
With a large percentage of the work force still working out of their homes there will be steady growth in targeted attacks affecting collaborative tools that remote workers are using such as Zoom, Slack, and Microsoft Teams.
-Detrimental Security Debt and the Great Ransomware Reckoning
Security debt will not only continue to be a problem for businesses, but will also continue to grow. As is the case with finances, if you can’t keep track of your bills, it will be much more difficult to resolve the debt. Security debt operates the same way. If companies do not implement basic security best practices, such as strong passwords, antivirus, two-factor authentication and other measures simply because they don’t know enough about it or don’t care to, hackers are going to make them pay for it.
The reality is that the current economy is ripe for cybercriminals to exploit vulnerabilities, especially with ransomware payments in the millions.
2021 presents an opportunity to catch up, pay down debt, mature and align security with growing businesses. Just like the housing economic collapse, ransomware is a great reckoning – certainly not one we want, but one we may need.
-Security Requirements Will Be Necessary to Conduct Business
As more and more attacks occur against MSPs – and other businesses – some enterprises will further drive the terms of their engagements in that they’ll require businesses they’re working with to have certain security measures or cyber insurance in place. Security will become a basic requirement up and down the ladder, particularly due to so many big-name breaches coming via third-party vendors for things like HVAC, POS systems, etc.
While enterprises will be first in line to adopt this mindset, SMBs and midmarket orgs would be wise to follow suit. With these requirements trickling down, enterprises will play a larger role in driving organizational – and ultimately security – maturity.
-Hackers Will Continue to Centrally Target Victims
As businesses move to cloud-enabled technology, these technologies will sometimes allow hackers to centrally target their victims. Initially, cloud adoption posed a challenge for attackers targeting endpoints, but they have since figured out how to break in with new techniques. We saw it in 2020 and we’ll continue to see it in 2021. If any product offers centralized management of endpoints, that is going to be a ready attack surface and attackers will add that to their 2021 arsenal.
This type of attack method makes MSPs a top target for hackers. The reality is that hackers are maturing faster than SMBs and MSPs, and the latter will need to engage in more business planning through an attacker’s lens than as a security vendor to stand a chance.
-Reimagine The Opposition to Reimagine Security
However, businesses need to begin to rethink the opposition. Once businesses and organizations reorient their thinking around hackers as business competitors – rather than ‘the bad guys’ donning hoodies in basements – they’ll have a better chance at defending against them. Because modern attackers are more similar to businesses than illusive, hooded data thieves commonly imagined, the ‘good guys’ often aren’t playing the same game.
Attackers are now mature teams that operate like proper commercial businesses. They’re doing marketing, scaling operations, economizing their approaches, developing innovative technology and more. When organizations ask themselves, what if their business was the one hacking, how would they operate it? They would likely be able to do an even better job than the attacker, with more sophisticated marketing strategies. It all boils down to thinking of an attacker like a competitor instead of a hacker, and how to beat them at their own game.
With attackers being more sophisticated in how they scale, automated target validation and hackers using automation more effectively is definitely on the rise. This means that those who don’t expect hackers to target their specific business will have a wake up call for prioritizing security.
The reality is that attackers are not actively searching for your business and poking around your website for more information, or randomly trying to force their way into your network. But rather they’re leveraging automation to do discovery for them, and they’re going after the easy and/or high-value targets based on what information they’re scraping with automated tools.
Therefore, hackers are casting a wide net to maximize the least amount of effort by letting discovery do the work for them. Small businesses today need to be more protected than ever.
API security, Zero Trust, and Hardware/firmware security.
“Continued Attack Surface Management Problems of the Modern Web”
Modern web has become an intricate mesh of the connected systems, making it very hard for organizations to keep track of their assets. This has become a major cause of data breaches in recent type, as a result of organizations failing to stay ahead in the attack surface management.
Cybersecurity will continue to consolidate while the cycle turns to new innovation. The new innovation will come in the form of enhanced endpoint protection – mainly the browser, as most business now occurs in cloud applications. With that, cloud security will continue to evolve – server and access-side.
Lastly and importantly, cybersecurity will begin to adopt the blockchain in what it does, allowing for attestation and attribute to occur securely.
Last year, the pandemic drove many enterprises to migrate to the cloud faster than planned. That leaves a lot of room for error. I expect to see plenty of misconfigurations that could lead to significant incidents (including permissions on S3 buckets, code repositories, etc).
I expect to see companies that ramped up their investment without putting controls in place at all. Or, if they did, they didn’t put enough thought into it, and will struggle to get the right level of visibility and accuracy. That is, some security operations teams will see almost no alerts, even when there’s a real incident, and some will see far too many than they can handle.
In either case, expect real attacks to make it through. We’ve heard plenty of people in the cloud say, “we found out we had an issue, not because of our security investment, but because our cloud bill went up”, and the rush to move more to the cloud is going to make that type of sentiment even more common.
Infosec has a history of being late to the technology party, and the cloud’s been no different. And even the cloud has been changing rapidly, such as with adoption of container management technologies, service meshes, and so on. We see lots of people rationalizing away the risk – that Linux is safer, or their attack surface is low. A good portion of that is wishful thinking. Expect history to repeat itself, and security to be late to the party.
More Linux and cloud focused threats. More supply chain attacks (SolarWinds).
Trend #1: AI in Cyber.
AI is key for the future of Cybersecurity for one reason. The Noise.
At CybelAngel we find billions of documents a day. How do we find the needle in the haystack?
Our Machine Learning reads all day and night sorting billions of documents. ML is used to augmented people, to empower everyone in the cybersecurity process.
Trend#2: Death of the Perimeter and Unifying Inside/Outside Threats
With cloud apps, a sprawling supply chains, work from home. The perimeter isn’t blurry, the perimeter is DEAD.
Companies like CybelAngel are finding threats starting outside the perimeter before hackers connect the dots to find their way inside.
Threats inside and outside affect the whole. Both will unify soon.
An increasing amount of Privacy and Compliance solutions.
Subscribe to Cyber Security Newsletter, our free weekly newsletter covering all things Cyber Security →
At present, cybercrime is lucrative as everything is digital. With the growth in adoption of smart devices and rise in remote workforce, businesses are interconnected, leading to gaps in their defense armors. This will be aggravated by the rise of cloud-native solutions and invasive technologies that disrupt critical business systems.
By 2022, technologies like quantum computing, artificial intelligence (AI) and machine learning will transform cybersecurity, with challenges arising from spear phishing campaigns, ransomware attacks, and data breaches increasing manifold. Businesses must advance and mature their capabilities to effectively tackle cyber threats and attacks.
With all the changes, impacts, and attacks over 2020, enterprises are looking for the confidence to move forward in 2021. I expect to see continuing risks from both traditional malware and ransomware attacks, as well as increasing risks around more advanced intrusions — supply-chain, code replacement, and advanced DGA malware attacks.
As part of protecting themselves, and acting instead of just reacting, I see enterprises both adopting new defenses such as Protective DNS, as CISA and the NSA recommended in their March 2021 bulletin, and better integrating their capabilities “end-to-end” from endpoint through Protective DNS to SIEM/SOAR and XDR.
More large hacks, data leaks, web scraping. Companies will need to rethink to proactively take counter measurements.
Here at CYBRI, we noticed a new emerging trend – Breach and Attack Simulation (BAS). This concept has been gaining traction since 2017, however only now is it turning into a viable business opportunity. The idea of BAS is to show a real scenario of an attack and showcase the post-breach effects on the organization’s operational capabilities and potential damages that arise.
Modern businesses are driven by internet and technology, which enables greater operational efficiencies and increases profits, but also exposes the organization to multiple attack vectors that a hacker may choose from. BAS may showcase this beforehand.
Mobile fraud will continue to increase, making AI-powered device intelligence essential. Mobile fraud has grown at least 44% year over year, and last year, 93% of the total mobile transactions in 20 countries were blocked as fraudulent.
Fraudsters may create malicious apps that appear legitimate, to get a user to download it to their device. They can run install farms — physical banks of mobile phones or use device emulators to run bot-based scripts and pose as real end-users to commit application fraud. Because fraudsters can manipulate data at multiple touchpoints throughout the user journey, it’s important to collect data at the source, to validate whether the user is legitimate.
What I’ve seen recently is that every CIO and CISO is asking themselves how will the balance of remote and in-person operations look like. And the key question is: Okay, are we properly set up with our cloud-based infrastructure to allow employees to operate just as well remotely as they could and can in-person.
So in other words, how can we as an organization make it easy for our employees to switch easily between remote and in-person operations, WHILE maintaining a high level of security. This will be a key question to answer in 2021.
Working from home has become the new norm and Internet connectivity services from Communications Service Providers (CSPs) have never been more important. The heavy use and reliance of online services has since given rise to a spate of attacks employed to overwhelm CSPs.
In the coming years, CSPs will take more active roles in offering affordable and effective Managed Security Services (MSS) to protect their customers as well as itself. A CSP’s ability to overcome mounting challenges to swiftly and successfully productize and deliver such services will be the key to its success in staying competitive against both local and global competitors.
Are you interested in getting access to exclusive interviews with Cyber Security experts, along with a recap of what’s happening in Cyber Security every week? If so, subscribe to Cyber Security Newsletter.