What will 2021 bring? While events are challenging to predict in volatile times, we can analyze emerging trends and extrapolate to get a sense of the significant cybersecurity challenges facing companies in the next year, along with some of the solutions that may help.
1) Online extortion techniques will proliferate
Ransomware has been with us for years and shows little sign of going away because it has been working so well for cybercriminals. That doesn't mean it isn't changing.
In its early days, ransomware gangs would focus on encrypting data and then charging to get it back. More recently, they have taken to blackmailing organizations by going a step further, stealing their sensitive information and threatening to publish it. For example, in May hackers attacked law firm Grubman Shire Meiselas & Sacks, stealing and publishing files related to its work with pop star Lady Gaga after it refused to pay up.
Specialist ransomware response company Coveware found that these threats to publish began as a way of forcing companies to pay up, even if they were able to reconstruct their data from backups. Around half of all ransomware attacks now use data exfiltration as a tactic, it said. Attackers are now beginning to milk victims repeatedly for ransoms, asking for payments repeatedly to stop them from publishing the data. Eventually, they publish it anyway. Expect this double-extortion activity to increase in the coming year.
2) COVID security missteps will come home to roost
The start of the COVID-19 lockdown period forced organizations to react quickly, sending staff home without all the security measures they would have liked.
Organizations that hadn't considered bring-your-own-device (BYOD) policies before suddenly had to grapple with employees working on their own devices or using company laptops at home on insecure networks.
Many of these employees continue to work at home as companies stay under lockdown conditions. We expect to see ramifications from this shift to homeworking in 2021 when they begin returning to the office.
Companies that didn't have adequate mobile management policies will be forced to treat returning equipment as hostile and take protective measures. We might also see breaches come to light as companies with immature remote working security policies succumb to attacks.
3) VPN technology will start giving way to cloud-based secure access
Perimeter security technologies like VPNs were a go-to defense mechanism for many companies as they supported homeworkers during the pandemic. This highlighted a key weakness in this cybersecurity model. VPNs extend the trust reserved for internal network users beyond the network, becoming potential flashpoints for attacks.
2020 was a landmark year for vulnerabilities in VPNs and attacks on perimeter security infrastructure. Attacks on unpatched VPN systems grew so rife that the U.S. and UK governments were forced to issue advisories warning companies about these attacks.
Companies will begin to recognize these shortcomings and explore moving to alternative zero-trust security models. In its Market Guide for Zero-Trust Network Access (ZTNA), Gartner advises clients to begin deprecating VPNs in favor of this new model, which removes the location of the device and its connection to the corporate infrastructure as factors. Instead, ZTNA processes user requests based on identity and user context.
4) MFA adoption will increase
Multi-factor authentication (MFA) will be an important factor in this changing perimeter model, but its usage is still far too low, with Cisco measuring it at 27%. As account hijacking attacks escalate and people continue to use predictable passwords in appalling numbers, password continues to be a massive problem. With the continuing availability of phone-based authentication apps and biometric authentication securing access to the phones themselves, MFA adoption will rise.
5) More attacks will emerge at the network edge
Organizations continue to relocate information processing to the edge of the network, closer to where the data is created and consumed. They are experimenting with edge-based computing models in areas ranging from factory automation to smart cities.
The emergence of 5G communications networks will accelerate this trend by offering high-bandwidth, low-latency cellular networks for critical applications. Some companies may even build their own private 5G infrastructures to support edge-based applications.
This constellation of edge-based devices and communication links will increase organizations' attack surfaces, inviting a new generation of IoT malware, DDoS attacks and man-in-the-middle attacks.
6) More AI attacks will surface
Artificial intelligence has touched most industries in one way or another, and now it is beginning to transform illicit ones, too. Stories are emerging of AI-powered cyber intrusions from malware that uses machine-learning algorithms to blend in with background network traffic and stay undetected.
Open-source algorithms that can extract key facts and talking points from text and even write convincingly are also now available, making AI-powered reconnaissance and social engineering more likely.
We think it is just a matter of time before attackers use these technologies to begin crafting more effective attacks at machine scale, creating more headaches than ever for overworked cybersecurity teams.
7) Demand will grow for converged security infrastructures
As attack volumes increase, gaps in companies' existing security operation centers and incident response processes will continue to show. Cisco reports that 42% are suffering from cybersecurity fatigue, defined as virtually giving up on proactively defending against malicious actors.
Today, many companies use a variety of threat intelligence, detection, containment and mitigation tools, often from different vendors. Cisco found that 86% of companies are trying to reduce their numbers of security technologies.
These tools rarely play well together, making it difficult to exchange data between different stakeholders and process owners. This creates a complex and disjointed incident response process and blinds security teams to network events.
We believe that companies will call for simpler, more integrated toolchains in 2021 as they face rising volumes of cyberattacks.
Conclusion
With economic and political conditions so volatile, businesses face unprecedented levels of uncertainty as they enter 2021. The ability to adapt in the face of adversity is priceless. Robust, flexible technology infrastructures that can withstand attack while offering new functionality are an important asset in keeping organizations agile and resilient.
The Orange Cyberdefense Security Navigator 2021 report has been released. It includes first-hand information from our 17 global SOCs and CyberSOCs, the Epidemiology Labs and World Watch; expert reports and technology reviews on topics like videoconferencing solutions and the cybercrime ecosystem. Find out what the most disrupting events in 2020 were and how that projects into the future.