Hackers are always looking for an opportunity and the COVID-19 pandemic provided a big one this year: As remote work in unprecedented numbers took hold, they preyed upon vulnerable employees who were unfamiliar with how to navigate their tech environments.
Threat actors found success infecting businesses with ransomware and stealing company data, turning those ransomware attacks into data breaches. Expect more of this to continue next year as remote work continues, according to Accenture.
Going into 2021, “threat actor profits [are] likely to increase as a result of targets’ weakened security and remote working, enabling threat actors [to] innovate and invest in even more advanced ransomware,” Accenture’s 2020 Cyber Threatscape Report said.
Remote work created something of a new playground for hackers in 2020, agreed Gartner. An October survey of nearly 2,000 CIOs found that cybersecurity investments in technologies that support digitization will be one of the major priorities next year.
SEE: The 5 biggest cybersecurity threats for the healthcare industry (TechRepublic)
“With the opening of new attack surfaces due to the shift to remote work, cybersecurity spending continues to increase,” the firm said, with 61% of respondents reporting they will increase investment in cyber/information security, followed closely by business intelligence and data analytics (58%); and cloud services and solutions (53%).
Cybersecurity mesh for securing any digital asset, anywhere
Next year and beyond, Gartner is predicting organizations will use cybersecurity mesh, a distributed architectural approach to scalable, flexible and reliable cybersecurity control. Cybersecurity mesh enables anyone to access any digital asset securely, no matter where the asset or person is located, the firm said in its Top Strategic Technology Trends for 2021 report.
“Cybersecurity mesh essentially allows for the security perimeter to be defined around the identity of a person or thing,” Gartner said.
As perimeter protection becomes less meaningful, the security approach of a “walled city” must evolve, the firm said. By 2025, Gartner predicts the cybersecurity mesh will support over half of digital access control requests.
More attacks on healthcare systems. “The seemingly crazy predictions of the past around the cost of ransomware attacks on the healthcare industry stand to be proven true in 2021. We’ve seen a substantial rise in ransomware since the onset of COVID, and as the space race 2.0 continues, so will the prevalence of attacks,” said John Ford, IronNet cyber strategist and former healthcare CISO.
With countries all around the world hunting for a COVID vaccine there will be more nation-state attacks leveraging ransomware and an increase in cloud-based ransomware attacks as healthcare systems expedite their transition to meet the growing remote needs, Ford predicts.
“Lately, what is different about this tried-and-true attack method is that malicious actors aren’t just locking out data,” Ford said. “They are also putting it on data leak sites where people can buy/have access to it leading to additional compliance concerns and my prediction for upcoming HIPAA changes.”
Over-permissioned identities will cause more attacks in the cloud. As a result of the accelerated shift to the cloud due to the pandemic, in 2021 attackers will not only shift their focus more to cloud infrastructure and cloud applications, but also continue to advance their techniques, said Michael Raggo, cloud security expert at CloudKnox.
“One of the systemic issues we’ve seen in organizations that have been breached recently are a vast amount of over-permissioned identities accessing cloud infrastructure and gaining access to business critical resources and confidential data,” Raggo said. “We’ve seen when an attacker gains access to an associated identity with broad privileged permissions, the attacker can leverage those and cause havoc.”
Most of the time, identity permissions are too broad because enterprises are still using manual and assumptions-based techniques to manage these, he said.
Over-provisioned permissions “begs for a clear need for adhering to the principle of least privilege, leveraging a continuous, automated and data driven approach using activity-based authorization across the cloud infrastructure,” Raggo said.
Growth of insider threats and accidents. Raggo also predicts that accidents and insider threats will become even bigger concerns for enterprises, especially those in the cloud, citing a guilty plea by a former Cisco employee earlier this year who was charged with wiping 16,000 WebEx Teams cloud accounts disrupting their access to the service.
CloudKnox research found that more than 80% of the cloud users have the ability to escalate permissions that can be very hard to track in the cloud infrastructure, according to Raggo.
“These escalation scenarios allow the bad actors to have the ability to create dummy accounts for themselves,” which he said can be used “to perform nefarious actions as some user other than themselves, thus allowing them to cover their tracks.”
Where CISOs should allocate budget in 2021
Jason Rader, national director network &amp; cloud security at Insight Enterprises, believes that if security leaders still have a viable business in 2021, they have “already done some things very right.” 2021 is a time for security leaders to become more efficient with their budgets and more strategic in supporting the business, he said.
According to Rader, this includes addressing:
Ransomware–A huge number of organizations are expected to be hit with ransomware next year. Rader advocates for a strategy that incorporates the controls to mitigate a ransomware attack into an overall program. Buying a “ransomware solution” that doesn’t integrate with workflow or other security controls is very shortsighted, he said.
Data classification/appropriate controls on the data–Data is everywhere and a liability for CISOs.
DevOps–It’s critical to know how security is integrated into an organization’s current development and operations processes. CISOs should act as the catalyst for the groups to work together. One cannot live without the other.
Vulnerability management–Remote worker setup and cloud initiatives have probably stabilized for the most part after the WFH scramble. Security teams must mature the patch and vulnerability management process.
Identity, authentication &amp; access–Identifying your users, ensuring they are who they say they are, and controlling the resources they are permitted to access has always been important. With this year’s rise in remote workers and WFH, it is time to revisit ways to gain more control and analysis out of this effort.
Regulated data: client data, PII, etc.–Many organizations are changing the way they do business to comply with current and impending data privacy regulations. This will have a trickledown effect to the ecosystems/supply chains of different industries. “If you collect client data, know what systems touch it, how authentication is handled at each step, how the data is secured during transit and while at rest, and what back-end systems can access the systems that process the data.”