Security leaders have had a fraught past year. 2020 upended security strategies and IT roadmaps. The secure legacy perimeter of the physical office disappeared. And increasing threats, from ransomware to supply chain attacks, loomed large.
As we reflected on 2020, our team identified five cybersecurity trends that will influence security and business priorities moving forward. What lies ahead is largely unknown, but there is still an opportunity — and a challenge — for organizations to adapt and prepare for what’s to come.
Five Cybersecurity Trends to Watch
In early 2020, companies scrambled to accommodate remote work due to COVID-19. In the spring, it seemed like a temporary situation, but nine months have passed since widespread precautions began. Increased remote work remains a necessity for the indefinite future, and may become the new normal in many companies, even when the pandemic subsides.
However, 60% of organizations that adopted work-from-home technology have accelerated or bypassed the normal privacy and security reviews. To ensure choices made at speed haven’t sacrificed security for functionality, IT and security professionals will need to revisit their work-from-home infrastructure with an eye for security weak points. CISA has provided a detailed Telework Essentials Toolkit to help guide organizations on next steps, from security training to patching and more. For those looking to fully test their remote work controls, a red teaming engagement provides a real-world view of a company’s security posture and steps to strategically move forward.
Supply Chain Attacks
Sophisticated attackers know that the most effective way into a target’s network is often through their supply chain. The compromise at SolarWinds in December 2020 dominated security news and brought this point home. An increasing list of compromises at companies from FireEye to the U.S. Department of Homeland Security were all linked to a backdoored update of the SolarWinds network monitoring tool, Orion. The Trojanized version gave the attackers internal network access to any company that downloaded and deployed the update.
Third parties provide critical business and security services, but their vulnerabilities become an organization’s vulnerabilities by default. Whether a vendor is compromised by traditional means, the use of a malicious tool or code library that leads to data theft, or an insider threat, the effects are often widespread and devastating. Moving ahead, organizations will need to invest resources into supply chain security on two fronts. First, businesses will need to place heavier scrutiny on their third parties and give third-party risk the priority it deserves. Second, the product makers will need to integrate security into their practices to meet higher scrutiny from customers. Comprehensive penetration testing is one important way to prove that their security is up to par.
Ransomware is such an effective category of attack that new strains and campaigns continue to arise. The increase in Ryuk ransomware activity against the healthcare sector and the MAZE group’s attack on the Fairfax County school system are two examples from this past year.
A key trend to keep an eye on is the emergence of new ransomware groups with ties to the old. Though MAZE has claimed it’s shutting down, the individuals behind the group can’t be counted out. The group may be sunsetting, but MAZE actors will be back, either by starting or joining other ransomware groups.
Ransomware gangs have also become more sophisticated than simply encrypting files, also using both custom tools and “living off the land” techniques to conduct reconnaissance, network compromise, and data exfiltration. This year, not only are attackers demanding ransom for the decryption of data, they’re also demanding ransom in exchange for not revealing stolen data. One clear trend in the second half of 2020 is these “double extortion” attacks. Though typical precautions like backups can still help when faced with the ransomware phase, they cannot guard against the threat of revealing data, making prevention even more crucial.
Cloud Services Attacks
Both on-site and remote workplaces now lean heavily on all types of cloud services. Remote work has upped cloud security concerns, but the risks transcend beyond the shift to a distributed workforce. Risks include traditional software issues as well as API vulnerabilities. Weaknesses in configuration and integration, including authentication and authorization, of one cloud service, can lead to broader issues as well. For example, attackers are leveraging vulnerable Platform as a Service products to spread the reach of their malware.
The benefits of the cloud are often enough to outweigh the risks. By taking a programmatic approach, a business can minimize the risks of expanding cloud operations and build a foundation for a secure future.
5G is an exciting new frontier, introducing an entirely new way for technological devices to interact with each other. However, 5G has raised security questions that companies will wrestle with for years to come.
Though 5G has built-in security features like encryption and network slicing, networks built on it are still only as secure as their implementations. 5G’s speed and bandwidth make it more attractive to design new IoT devices. Insecurely designed or configured IoT devices, however, are attractive targets for threat groups building botnets, as the US Departments of Commerce and Homeland Security warned in a joint report. Furthermore, backward compatibility features could lead to the compromise of sensitive personal or corporate data being transmitted by 5G networks. At the end of the day, the security of 5G rests in the hands of the entities implementing it.
Keeping these five security trends in mind will help you revisit security plans and adjust to keep your business secure in 2021 and beyond. The security landscape is always changing, but managing the challenges ahead is easier with a partner. Security Compass has the broad security expertise necessary to help prepare your organization for what’s next while achieving your business goals and priorities. Contact us to learn more about how we can help you stay secure in the long term.