With an eye toward the future, FireEye has compiled a list of cybersecurity expectations for the coming year. In the report, A Global Reset: Cyber Security Predictions 2021, it tackles the following topics: remote work and other impacts of the global pandemic, ransomware, nation-state activity, cloud security and security validation.
Remote Work and Other Impacts of the Global Pandemic
In the near term, the coronavirus will likely continue to have a significant impact on normal business operations, with a focus on supporting remote work, virtual events and new productivity platforms. In the longer term, technology solutions will step in to facilitate the return to work, school and other activities, potentially introducing new risks for privacy, personally identifiable information (PII) and protected health information (PHI).
Virtual private networks (VPNs) will continue to have their place in 2021. Organizations should be ready to have this capability in place as remote work continues to expand and becomes a more common way of doing business. In 2021, there will be a continued increase in perimeter security, mostly due to remote work.
Persistence and Growth of Ransomware Usage
The use of ransomware accelerated and became more dangerous than ever seen in 2020. Targeted attacks against medical facilities during the pandemic crossed a line that had never before been approached. Ransomware will continue its rapid growth in 2021 and its varieties will increase along with the frequency of attacks. Post-intrusion reconnaissance revealed that threat actors encrypt the most relied on and sensitive data and architecture leading to higher ransom demands.
In 2021, organizations need to be prepared for a ransomware attack. This means ensuring that networks are segmented, that an actual plan is in place and that tabletop exercises have been conducted with senior leaders and other key staff. This will ensure that everyone is ready to take optimal action in the event of an attack.
Organizations should have an incident response service-level agreement (SLA) in place. They should also establish secured backups that teams can revert to when necessary. Organizations are going to be targeted and they are going to be compromised, so it is crucial to have prevention and recovery strategies in place.
Espionage as an Ongoing Driver of Nation-State Activity
Major nation-state threat actors continuing efforts in 2021 will include Russia, China, Iran and North Korea. These countries are significant sponsors of threat activity, both regionally and globally. Beyond that, there has been an uptick in activity from Vietnam and South Asia.
Spear phishing is one of the most popular infection vectors when it comes to nation-state threat activity, and it will continue to dominate in 2021. In addition, an increasing number of nation-state actors are focusing on intrusion techniques that don’t require any victim interaction, such as exploiting web-facing applications and password spraying. These tactics are being used by a number of Iranian, Russian and Chinese groups in 2020, and are expected to continue in 2021. Countries that are just getting into the business of cyber espionage will continue to turn to third-party intrusion vendors for tools and capability enhancement.
Cloud Security Taking the Limelight
Companies will need to spend time building up awareness of their cloud presence in 2021.
Many companies deferred multi-factor authentication to legacy systems as they were accelerating their migration to cloud platforms in recent years. The urgency of business requirements often drives organizations to move technology adoption efforts forward faster without having the right security controls in place. As a result, many organizations will be playing catch-up on the security front as we move into 2021. Organizations need to secure the methods of access to data, and that means focusing on identity and access management and revisiting who qualifies for privileged access.
Many cloud threats are the same as those encountered on in-house networks. In 2021, cloud hacks are expected to continue to be executed through:
1) Stolen credentials, typically via phishing
2) Exploitation of cloud misconfigurations
3) Vulnerable cloud application hacking
Prevention and detection strategies will be crucial for all organizations to guard against such threats. Whether large or small, no organization is immune to cloud risk. Full and accurate tracking of cloud assets should be a priority in 2021.
Security Validation to Keep Defenses and Budgets in Check
As the economy continues to be strained moving into 2021, cybersecurity spend will be increasingly scrutinized. We expect many organizations to invest in security validation to understand if their technology is deployed optimally if threats are being detected and blocked, if security settings are configured correctly, and if they are getting a good return on investment.
Security validation provides quantifiable data to the business on the effectiveness of their cybersecurity.
Security automation and training are also expected to be areas of significant growth in 2021. Companies will continue to automate routine tasks so they can free up expertise for more high-value activities. Security validation will help identify areas ripe for automation as well as those that should be prioritized for more expert attention. The increased risk from remote work, especially for those organizations without established processes and policies for data access, will warrant significant additional security awareness training. Again, security validation can help by identifying some of the focus areas for that training.