Challenges 2021 holds for cybersecurity professionals

Ray Kafity, Vice President – Middle East Turkey and Africa (META) at Attivo Networks, highlights the key challenges 2021 holds for cybersecurity professionals.

The COVID-19 pandemic has single-handedly caused unprecedented disruption & ensuing change on a global scale. Organizations adopted a “work-from-home” strategy overnight, and with no advance notice, 96% of employees switched to full work from home operations versus only 4% of employees before the COVID-19 pandemic started. IT departments working at lightning speed configured a robust and scalable infrastructure to access core applications and data stores securely and easily.

CISOs and their teams faced monumental challenges in their mission to provide secure links to a dispersed workforce while maintaining adequate protection against cyberattacks. In many cases, they brought forward investments they had put aside for the future to help overcome the new challenges. The main challenge for CISO’s has become managing the explosive attack surface now comprised of managed and unmanaged assets. Remote workers are accessing company resources from many of their own devices and across home networks with varying security levels. Trying to make sure that every endpoint is secure and adequately patched has become an insurmountable task. Organizations need to shift attention to preventing and detecting attackers moving laterally off an endpoint instead of only relying on stopping an initial compromise. The second challenge that remains as paramount as ever is to reduce the current dwell time from years/months to immediate and real-time. This monumental challenge includes broader ramifications to high-end enterprises and government organizations. It requires a close look at advanced Internal Cyber Threat Detection and Preventions solutions utilizing Cyber Deception, Identity Access Management, Governance, and Dynamic and Accelerated Cyber Incident Response ecosystems.

So, what does 2021 have in store for Cybersecurity professionals:
Artificial intelligence:
The UAE government set aside USD 73 million to spend on AI in 2020. An initiative on track with their digital innovation drive. Like the rest of the world, the cybersecurity industry in the Middle East will witness increased use of AI in applications and in-depth analysis of network traffic to spot anomalous behaviour. AI will also help to stress-test security measures to ensure maximum protection.

On the other hand, cybercriminals have the same access to those tools. They will continue to crack codes, break encryption, and unlock passwords. Cyber attackers will try different methods and avenues but only need to succeed once, whilst defenders will need to successfully defend the entire attack surface against a wide variety of attack tactics and techniques.

Cyber deception:
In 2020, the industry and analysts did a big push to educate the world on the benefits of cyber deception. With the increase in sophistication and destructiveness of attacks, it became clear that organisations needed cyber deception capabilities to detect attackers as they attempt to break out from a compromised network. Deception has also gained recognition for its efficiency in detecting exposed and misused credentials, which attackers use in most attacks. Although modern deception platform availability began to appear around 2014, many security professionals see 2021 as the “year of deception.”

Ransomware:
Although many organisations may think they have already taken the steps required to avoid ransomware attacks, systems infections are still occurring at unprecedented rates. Take the case of the ransomware attack on Oman’s largest insurance company in Jan 2020, which caused data loss but no publicized monetary loss. Ransomware will continue to be a significant threat throughout 2021.

So-called ransomware 2.0, where humans rather than automated code guide attacks, will continue to increase in 2021. Attackers will take more sophisticated and aggressive paths to gain domain control to inject their ransomware code en masse into systems. Security teams must continue to guard against attacks. They should look at adopting security controls that prevent attacker privilege escalation and can hide and deny access to data so that attackers can neither steal nor encrypt a company’s files.

Remote working:
Businesses stabilized working from home in the year 2020, and governments in GCC are encouraging them to continue to do so to prevent a rise in COVID-19 cases. Companies must continue to adjust to support a significant proportion of employees working from home during 2021.

These adjustments include factoring in a significantly expanded attack surface of devices and unsecured WI-FI networks that can make devices directly vulnerable since home Wi-Fi networks may use weaker security passwords and protocols. Once attackers compromise a system, they will look for vulnerable connections to exploit and gain access to company networks. Security practitioners must also be conscious that employees might use devices that are already compromised when they return to the office during the year. Reconnecting them to the central network might pave the way for cybercriminals to access the network.

Internal security controls must adapt to addressing these increased risks. CISOs and CTOs should immediately assess their VPN and cloud security programs. They should also put in programs to detect the misuse of a legitimate employee’s credentials and in-network lateral movement, privilege escalation, and data collection activities.
There is no doubt that 2021 will be a challenging yet interesting year for the IT security industry. Coming to terms with the longer-term impacts of COVID-19 and striving to reach a “new normal” state will focus minds and direct strategies for months to come.