The Year of the Pandemic and 2021 Cybersecurity Predictions
2021 cybersecurity predictions by category:
Hacking and persistent threat trends
Enterprise security investment trends
Covid-19 security trends
The changing face of endpoint security
Remote working means enterprise edge and network protection are not there to protect individual employees at home. 2020 has seen a spate of high profile vulnerabilities affecting VPN vendors, and these vulnerabilities are being actively exploited by threat actors in a variety of ways. Depending on the VPN setups and for those not tunneling all traffic, the perimeter in many cases is now also including home equipment’s and involves members of the family. As the demands on bandwidth for full tunnel setups increases, organizations may be pushed towards less secure options due to the demands and pace of business change.
One of the current top priorities is Zero Trust implementation and Gartner SASE. Organizations need to secure the endpoints and restrict the access through zero trust to reduce the risk of a compromised endpoint.
BYOD, but not as you know it
The pandemic has turned BYOD on its head – workers are now bringing work devices to their homes instead of bringing a device to the office. It’s hard to set up a proper network perimeter to secure employees using their personal networks for work purposes. Where organizations got BYOD more or less under control in the past few years, this is a growing concern for 2021 and years to come. With staff using BYOD to carry out work tasks at home like Office365 to check emails, the risk of data leakage increases as convenience and productivity supersede security.
Therefore, it’s important for organizations to plan for the worst-case scenarios and understand their complex attack pathways including insider threats and human error in 2021. Providing their remote employees with the knowledge through security awareness training to spot prominent attacks and understanding the impact if an employee device were to be compromised.
Shifting security monitoring and incident response
Although employees are being asked to work from home more, the monitoring team does not move along with them. When it comes to monitoring and response, the blue team will have a hard time investigating potential breaches in 2021, as network perimeters become more stretched, fragmented, and challenging to defend against. We will see more companies shifting their security defense strategy from detection to prevention, as they recognize the best way to mitigate hacking attempts in the new normal and to better understand their security gaps and sharpen their preventative controls. In other words, a refocus on cyber hygiene and adversarial attack simulation exercises alike to ensure any hacking eventuality is stifled in advance.
More aggressive manual testing and adversarial attack simulations will be necessary for businesses in 2021, as infrastructure and scope changes and evolves. There will be a shift to more organic and scenario driven pen tests to measure gaps in the defences.
Hacking and persistent threat trends
The #1 public enemy Ransomware
We’ve seen a shift in trends this year, where ransomware groups bury deep and undetected prior to unleashing the infections on enterprise networks, meaning the hack comes prior to the malware spreading. Consider it as cultivation for growth, throwing out thousands of seeds and one may spread its roots, but a well-planted ransomware in the right spot has a far greater chance of spreading and success, sadly. Therefore, it’s important to ensure security awareness in the business is top of mind and phishing attacks are prevented from users clicking on malicious links and downloading harmful software. Also patching known vulnerabilities in old software will help prevent ransomware and hardened systems.
Phishing is here to stay
Phishing in all its forms will continue to press forward in 2021, especially with the home workspace starting to blur the lines for many between work and personal life. This offers greater opportunities for hackers to Phish/Smish/Vish away at the gatekeepers to our data from employees who work from home and sit separately from the secure firewalls of the office environment. Checking personal things like logging into online banking or watching TV series on media applications on work devices may seem harmless, but it’s all too easy for homeworkers to let their guard down and accidentally create a breach by clicking a malicious link or email.
In 2021, companies must take stock of security awareness and provide the knowledge employees need to recognize and fend off phishing threats. Red teaming exercises can be used to locate any weaknesses in your defenses by running custom phishing campaigns including impersonating CEO’s emails and reporting to ensure security is front of mind whilst staff remain away from the safe haven of the office. From a vulnerability management and network security standpoint, agent-based scanning enables businesses to monitor disconnected endpoints and shadow IT which pose a major security threat from the remote workforce.
Technology security trends
Cloud misconfigurations gather pace
Covid-19 has accelerated a movement in cloud computing, which was already going fast before the pandemic. Now that enterprises have experienced the advantages of flexibility, agility, pay per use - cloud adoption will continue to increase pace next year. But hurdles remain in terms of security, compliance, cost controls and hard migrations of legacy applications. However, with uncertainty rising enterprises need to adapt in an agile way, and there is no better solution than adoption of new technologies such as cloud native in 2021 to support this shift.
With the push towards cloud computing and the availability of huge compute power, we predict that attacks that compromise cloud instances and containers like crypto mining will accelerate in 2021. In 2020, we’ve seen the beginning of clever attacks on Docker containers, Kubernetes and elastic search clusters in order to crypto-mine and with the current price of crypto currencies this brings instant ROI for hackers.
Also, the speed required to set up clouds quickly during the pandemic leaves buckets and databases more exposed as many are deployed too fast and with little security insight and threat of misconfiguration. We have matured to a state where it is too easy to quickly make a poor deployment, and auditing and security is still sub-par for cloud in many organizations.
Rogue Docker container reuse
In 2020 the use of containers has skyrocketed due to the flexibility and agile nature for enhanced DevOps, however, this doesn’t mean they don’t come without weaknesses. We’ve discovered this year that Docker container images carry their own critical vulnerabilities when brought into a private registry creating a security issue later in-app production. Therefore, its critical to implement automated container image scanning and hardening to ensure no critical vulnerabilities exist especially if sourced from a whitelisted image registry. In 2021 DevOps teams will need to take responsibility for monitoring container security from container composition to configuration to minimize risks later down the line in deployment.
Web application breaches and DevOps awakening
Application threats will continue to be the top external source of attacks, leading to more organizations adopting DevSecOps. As part of the shift-left approach, an area often overlooked is developer education. eLearning for development teams will increase in popularity and become an important component in the secure SDLC as organizations ‘shift left’ in 2021, and the vendors that offer gamification eLearning will be favored by development teams.
Looking at different bug bounty programs from 2020, almost all risks reported and rewarded were related to applications, which is largely due to the fact there are so many to report due to the changing digital landscape and increase in vulnerability reward programs (VRPs). Understanding the attack surface of your web applications will be key to preventing vulnerabilities and causing data breaches later. It’s important to assess your web applications footprint (including the apps you don’t know to exist) to identify vulnerabilities before the hackers can take advantage.
Enterprise security investment trends
Risk-based and predictive vulnerability management gain popularity
Risk-based vulnerability management will become widely adopted as the sheer number of vulnerabilities continues to cause security teams headaches on remediation prioritization and the need to shift to a threat intelligence-led approach to vulnerability risk prioritization becoming important in making effective remediation decisions. Businesses who embrace this approach will also see significant cost savings as resource time to check all vulnerabilities is significantly reduced and you only fix the imminent threats rather than spending time and effort on irrelevant findings.
Named by Gartner as a top priority for 2021, organizations will turn to a predictive model for vulnerability exploitation to further refine the riskiest vulnerabilities they face. Machine learning will continue to play an important role in predicting which vulnerabilities will be exploited in the future. As security teams are being pushed into more operational roles to keep things moving with the massive increase in home workers and reduction in security resource means businesses will need access to more relevant threat information faster. Risk-based vulnerability management data will be key to mitigating this and enabling businesses to focus and prioritize the biggest threats.
Security skills gap and resource shortage widen
The security skills gap has been a major challenge for years and the need for skilled security resources has been further exacerbated by the pandemic. As IT and security teams take on other tasks like securing remote workers and transitioning their business online, this leaves an even bigger resource gap in terms of security. One of the solutions is to fill the gap through technologies such as risk-based vulnerability management to improve efficiency, relieving the resource burden, and providing data to ensure security controls are optimized and focused.
The lack of skilled resources and budget will continue to creep into many CISO’s minds (if it hasn’t already). We will see an increasing trend for outsourcing security operations to managed services providers (MSSPs) as a way to save time and fill the skills gap, especially for vulnerability management and security monitoring.
Outpost24’s Managed Service acts as an extension of your existing team and allows you to focus on your priorities without compromising on security standards – additional expertise will help you better understand your threat landscape in 2021 and beyond to optimize your security controls and eliminating the need for new headcount or skilled resources.
Our 2021 cybersecurity predictions are from a panel of Outpost24 experts;
- Martin Jartelius, CISO;
- Hugo van den Toorn, Team Leader Offsec;
- John Stock, Product Manager Network and Wireless Security;
- Sergio Loureiro, Product Manager Cloud Security;
- Simon Roe, Product Manager Application Security.