A string of events arose just a few weeks before 2021. This made cybersecurity one of the essential tech topics of the year. It had implications for all IT professionals, from developers to security pros.
The federal government was still recovering from the cyber-espionage attack on SolarWinds and Orion network monitoring platform. The attack on the supply chain targeted 100 private corporations and nine general agencies. It seems to have been carried out by SVR or Russia’s Foreign Intelligence Service
Microsoft and other security experts discovered that the Exchange email server on-premises version of the software giant was vulnerable to several zero-day exploits by a Chinese-linked hacking team. These bugs were also exploited by other hackers in unpatched systems later.
As if this weren’t enough, ransomware attacks against companies like Colonial Pipeline Co., JBS, and others began in May. These ransomware attacks raised further attention about the fragile security of these networks, as well as how the U.S. government defends America’s essential infrastructure (including the U.S. electricity grid and oil and gas infrastructure) and its food supply.
In a meeting in Geneva between the two leaders, cybersecurity issues became a part of President Joe Biden’s plan by June 16. The U.S. accuses Russia of not paying attention to ransomware gangs and cybercriminals operating within its borders.
“Ransomware, IoT and critical infrastructure attacks have been a major focus of this year’s attendance. These attacks have had a destructive result on both the operational capabilities and economic status of many businesses. This was not only a top trend for the first half of 2018, but we also witnessed an increase in data breaches due to incorrectly configured datastores being attacked,” Tyler Shields (CMO at security firm JupiterOne) told. Enterprises and providers of critical infrastructure need to know the assets in their networks and how they are configured at any time.
Security experts are already anticipating what 2021 will bring. They have concerns ranging from large numbers of employees returning to post-pandemic offices to federal orders that might signal the future of cybersecurity.
Here are four cybersecurity trends you should be paying attention to in the second half.
Workers Return and the Age of Hybrid Job
The possibility that large numbers of workers in the U.S. will return to work in full-time or partial-time roles after Labor Day is one of the most significant unknowns in 2021’s second half. Hybrid work remains a new frontier for many organizations.
Many tech companies, such as Microsoft or Amazon, have indicated that they are interested in hiring back employees–if not immediately, then later in the year. Others, such as banks like JPMorgan or the SaaS giant e-Sales, have a more flexible approach.
Cybersecurity should be an essential factor in organizations’ approach to hybrid work as they seek to create a new norm. Over a year of work-from-home attacks have increased. Lax security practices, lack of resources and training to protect home networks mean that employees could be vulnerable to these threats.
John Morgan, Confluera’s CEO, stated that employees would return to work and expect an increase in support calls. Infected devices are trying to connect to the corporate network directly. The immediate uptick is not what you need to be concerned about, but the slow, subtle attack that sneaks by your radar. These attacks will slip by your fingers.
Hackers might wait for weeks, or even months, to launch an attack. This can make corporate protection look stable initially, but this could signify that warning actors map the system and strategy for the next steps.
Morgan stated that once an attacker has gained access to a corporate device, network or computer, they will not be in a hurry to move from server to server looking for their prize. Such actions could be a red flag for security and IT analysts. They will instead take small, benign steps that lie dormant for several weeks or months. IT and security analysts are often not equipped with the necessary tools to identify weak signals that could indicate an attack is underway. They also have difficulty relating events that are weeks, months or even years apart.
Shadow IT Returns
Employees will bring with them the devices or apps that they have used in their work. This opens up to security and shadows IT issues.
Dirk Schrader noted that IT and security teams need to ensure that all devices at home used in the past 18 months are up-to-date and secured before connecting to corporate networks. This will prevent attackers from gaining access through vulnerabilities.
Schrader stated that companies should make it mandatory for their employees to use Windows Update to update their systems when they arrive at work. Schrader also suggested that security checks be run using the built-in features. “If reviews are not possible, organizations should place incoming devices in a quarantine section on their network to perform a system integrity/security check. This will ensure no deviation from the known secure configurations and configurations and restore them where necessary. It is essential to plan appropriately and give time to this process.
Bert Kashyap is the CEO and co-founder of SecureW2 and says IT and security teams are likely to be tied down to track which apps and devices are being reconnected back into corporate networks.
Kashyap explained that employees are returning to work, and organizations need to have a better understanding of apps, services, and networks that can be accessed via personal devices. “Implementing device confidence through digital certificates is the heart of zero-trust projects in the second half-year. Organizations want to be sure that their device safety measures have been met.”
Cybersecurity: Zero Trust
Zero trust was a growing trend in some companies before the pandemic. However, IT and security personnel have adopted it more rapidly as they abandon legacy technologies like VPNs that have made some networks vulnerable to hacking.
Apart from the rising trend among businesses and the Biden executive orders on cybersecurity that the president signed in May, placed zero trust along with encryption, multifactor authentication at the top of federal government security priorities.
Experts predict that zero trust adoption will skyrocket in the second half of 2021 due to federal agencies having to adopt the concept and some of the rethinkings that the pandemic has caused.
Organizations should strongly consider a zero-trust approach in security. This can help to ensure that damage is minimal even if privileged accounts are compromised. Pathlock’s president Kevin Dunne stated that a zero-trust architecture is built by rationalizing applications, identities, access, and roles into a manageable, understandable structure. “Once this is done, organizations can put in more preventative and investigative policies to make sure that access has been granted to the intended purpose.
Although ransomware may have been on the U.S.-Russia summit agenda, cybersecurity experts do not expect attacks using crypto-locking malware to cease anytime soon.
Cybercriminals are too rich to stop. In the first quarter of 2021, incident response company Coverware reported a 43% increase in ransom payments to $220,00 from the previous quarter.
Sherrod deGrippo, security Proofpoint’s senior director of threat detection and research, says that attackers will continue to change their methods over the coming year, and workers will slowly return to work.
According to the CISO report, executives are worried about various threats, including inside threats to business email compromise and cloud account takeover attacks.
DiGrippo told that the vast attack surface would make it more difficult to stop any single threat campaign. “We have witnessed threat actors becoming very skilled at using anything in the news cycle to lure people into email-based phishing campaign, including vaccine availability and the 2020 Presidential Election. We suspect that the 2020 mass migration to remote work was a powerful campaign lure. This could be used to lure clicks and unlock the door to a breach.