Yossi Naar, Chief Visionary Officer & Co-founder, Cybereason, Israel Barak, CISO, Cybereason, Yonatan Streim-Amit, CTO & Co-founder, Cybereason, present their cybersecurity predictions for 2021.
2020 became a four-letter word in itself and the subject of many memes. However, we did mobilize the largest remote workforce…ever. We have catalyzed how we do business and even managed to burn less fossil fuels. The question now is what will 2021 hold for us all in a globalized, connected and perhaps new-normal world?
Risks associated with working from home in 2021 (Contributed by: Yossi Naar, Chief Visionary Officer & Co-founder, Cybereason)
A major change in the world due to Covid-19 has been a swift and encompassing move to working from home. This change brought many challenges to IT departments and with those challenges — many opportunities that hackers like to exploit.
We can expect more of the same in 2021 as remote working continues and enterprises permanently downsize their physical space and give employees the flexibility to continue working from home.
The home environment has always been cause for concern for many in the security industry. Home equipment is often unpatched, unmanaged and exploited with no one ever becoming aware. Home routers are notoriously vulnerable and many routers remain unpatched and, in some cases, — unpatchable as vulnerabilities aren’t always fixed for older equipment.
Coupled with a challenging home environment where devices are often shared with family members and the rapid change that occurred — there was little time to prepare and that fact has been exploited widely by hackers leveraging phishing attacks and known exploits to penetrate and maintain their hold on the remote environment.
Organizations that have taken their time with the move from home, relying on a perimeter protection approach remain particularly vulnerable to the move to a remote workforce. Many organizations still have not had the time to prepare and upgrade their environments to deal with the new reality.
The positive of all of this is that we’re seeing progress in the adoption of zero trust and a fundamental change in the way IT is viewing cloud workloads, and remote monitoring of devices. There’s an understanding that working from home is here to stay — and this understanding encouraged and accelerated a paradigm shift in IT management and security operations.
Many devices that live on the home network like printers, routers and newer IoT devices that have poor security present perfect opportunities for hackers to gain a permanent foothold into a local home environment. When threats make their way through emerging vulnerabilities such as zerologon to take over unpatched networks — these threats can spread and gain a hold back in the home environment.
The risk of cross infection between environments pushes us to accelerate the adoption of endpoint-based protections that increase what you know and see in every environment. Hackers have had to adapt quickly as well, those targeting enterprises now look more at home environments as a lucrative entry point. They too needed time to adapt — and they are adapting fast.
2021 can be a transformational year for global cyber-security — defenders and attackers now live in the same battleground, whereas before many considered the internal organizational network as fundamentally secure — this illusion no longer holds. This shift is a positive development because it promotes a healthier, safer understanding of the true battleground, as well as a healthier and more secure home environment.
A rise in cyber threats facing SMBs in 2021 (Contributed by: Israel Barak, CISO, Cybereason)
Small and medium sized enterprises (SMBs) are very often ‘victims of opportunity’ — a combination of untargeted attack campaigns that happen to include enterprise assets like email or IP addresses.
A vulnerable enterprise security perimeter often leading to a breach that can escalate into causing business impacts, like ransomware or denial of service.
SMBs are often targeted by cyber criminals for the value of the data or services that they provide (e.g. credit card information), when attackers assume that the value of the compromised data will justify the effort in breaching what appears to be an inadequately protected target (“low value for a low effort”).
SMBs that offer managed or professional services for larger organizations are often ‘staging targets’ — they are targeted to serve as a jump off point to provide the attacker with access to their customers’ data or into their customers’ systems.
For SMBs, the biggest security risks in 2021 will involve:
– Mobile Devices
– Accelerated Cloud Services Adoptions
– Increases in attacks on Managed/Professional Service Providers
Mobile technologies, bring your own device, and remote work challenge businesses by amplifying risk and require re-thinking of security architecture and technology Business executives and network operation personnel will represent higher risk, since their access to business-critical systems is not commonly restricted by the same higher degree of protections and limits that is imposed on other employees.
Accelerated adoption of Cloud Services to host systems and data will amplify the risk of data breaches and service disruptions in poorly managed enterprise cloud environments. The COVID-19 crisis has accelerated digital transformation initiatives and cloud adoption and we’ll see continued acceleration in 2021, but most small and medium enterprises still lack the security controls, processes and skill-set to ensure visibility into their cloud assets and adequately secure their cloud footprint.
Managed and professional services providers are going to be increasingly targeted because of the type of data they process, services they deliver or systems that they have access to.
XDR: A future with extended detection and response (Contributed by Yonatan Streim-Amit, CTO & Co-founder, Cybereason)
We are in a new world where recent surveys estimate that in 2021 nearly half of employers intend to allow employees to remotely work from home on a permanent basis. This means employees need anywhere, anytime access while at the same time the quantity and complexity of the cyber-attacks we face have ramped up.
Does your enterprise deploy the technologies to stop correlated attacks across all users, devices and endpoints in your network? If you answered no, 2021 could be a rough and tumble year. XDR should allow organizations to be able to readily detect, correlate, and end sophisticated attacks wherever they start on the network. By fusing together endpoint telemetry with behavioral analytics for XDR, security teams can protect users and assets wherever they are in the world.
Finding the right XDR solution doesn’t have to be a painful process if you understand what the solution should look like. First, security begins with knowing what to protect. An XDR solution should empower analysts of all skill levels to quickly dig into the details of an attack without the need to craft complicated queries. XDR is intended to extend traditional detection and response capabilities from the endpoint out to critical SaaS services, email, and cloud infrastructure.
XDR solutions should also deliver superior visibility and enhanced correlations across both Indicators of Compromise (IOCs) and key Indicators of Behavior (IOBs), the more subtle signs of network compromise. XDR detections also need to identify suspicious user access and insider threats.
And last but not least, XDR solutions should make it simple for analysts to understand the full attack story immediately, and remediation actions such as kill process, quarantine asset and remote shell should be automated or accomplished remotely with a simple click. A solution should also offer automation options for immediate remediation of threats and continuous threat hunting.
XDR is a promising approach that can reverse the attacker advantage and return the high ground to the defenders by extending detection and response capabilities across the broader IT ecosystem that makes up modern enterprise environments. This unified detection and response capability can automatically surface Malops across the entire IT stack including endpoint, network and cloud deployments.