{"id":6116,"date":"2021-01-05T21:04:15","date_gmt":"2021-01-05T19:04:15","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=6116"},"modified":"2021-01-05T21:04:17","modified_gmt":"2021-01-05T19:04:17","slug":"security-long-reads-cyber-insiders-reveal-whats-to-come-in-2021","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/security-long-reads-cyber-insiders-reveal-whats-to-come-in-2021\/","title":{"rendered":"Security Long Reads: Cyber insiders reveal what\u2019s to come in 2021"},"content":{"rendered":"Reading Time-approximately:<\/span> 11<\/span> minutes<\/span><\/span>\n

In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021.<\/strong><\/h2>\n\n\n\n
\"Alex<\/figure>\n\n\n\n

By Alex Scroxton<\/a><\/p>\n\n\n\n

As we close the door on a year that the industry will surely look back on as one of the most difficult and dangerous periods in history for cyber security teams, there can be no doubt that 2020 brought\u00a0foundational change for the security sector, and its tumultuous impact will be felt for years to come.<\/p>\n\n\n\n

But how? We gathered together cyber security insiders from across the industry to hear their thoughts on what is to come in 2021.<\/p><\/blockquote><\/figure>\n\n\n\n

Everything changes, yet nothing does<\/strong><\/h3>\n\n\n\n

For\u00a0VMware Carbon Black\u2019s\u00a0Tom Kellerman, even though we are looking ahead from a position nobody could have predicted this time in 2019, fundamentally, not much has changed.<\/p>\n\n\n\n

\u201cMost were\u00a0writing the \u2018pandemic playbook\u2019 as they went along, but ironically, one of the few certainties of the situation was that cyber criminals would take advantage of disruption to escalate campaigns,\u201d he says. \u201cIn that sense, nothing changed, except that the opportunity was suddenly much greater.\u201d<\/p>\n\n\n\n

The effects of Covid-19 will, of course, be the biggest lasting impact on security, opening the floodgates to a surge of innovation by both attackers and defenders, which means that some of the strategies and tactics that came to the fore this year will still be felt.<\/p>\n\n\n\n

Take remote working. \u201cAs business becomes more mobile than ever and remote working persists, mobile devices and operating systems will be increasingly targeted,\u201d says Kellerman. \u201cAs employees use personal devices to review and share sensitive corporate information, these become an excellent point of ingress for attackers. If hackers can get into your Android or iPhone, they will then be able to island-hop into the corporate networks you access, whether by deactivating VPNs or breaking down firewalls.<\/p>\n\n\n\n

\u201cWe will also see hackers using malware such as Shlayer to access iOS, ultimately turning Siri into their personal listening device to eavesdrop on sensitive business communications.\u201d<\/p>\n\n\n\n

Kellerman adds: \u201cCombating these risks requires a combination of new mobile device policies and infrastructure designed to facilitate continued remote working, as well as raising employee awareness of the persistent risks and the importance of digital distancing.\u201d<\/p>\n\n\n\n

Igor Andriushchenko, director of quality and security for engineering at\u00a0Snow Software, expects that, thanks to remote working, we will soon see a surge in attacks where the initial compromise is achieved via social engineering.<\/p>\n\n\n\n

\u201cPeople have not ever met many of their colleagues who joined companies in 2020 due to the shift towards remote work,\u201d he says. \u201cThis makes an ordinary social engineering attack much simpler, as in this case we all know much less unique information about each of our co-workers \u2013 which is the key to proving the authenticity of an email, call or video chat.\u201d<\/p><\/blockquote>\n\n\n\n

Ilia Kolochenko,\u00a0Immuniweb\u00a0founder and CEO, also sees more breaches occasioned by remote working in 2021, and believes the ongoing chaos is making it harder for security teams to work effectively.<\/p>\n\n\n\n

He says the disruption has\u00a0negated much of the combined effort\u00a0put in by developers, IT teams and security teams to improve agility and cost-efficiency, and cut the number of breaches, and although videoconferencing and tools such as Slack alleviate some of this, they are no substitute for face-to-face contact. This lack of inter-team collaboration points to more breaches next year.<\/p>\n\n\n\n

The evolution of ransomware<\/strong><\/h3>\n\n\n\n

In other continuing trends, the much-documented pivot among ransomware gangs to neutralise traditional defences such as backup and disaster recovery tools by\u00a0stealing and leaking their victims\u2019 data\u00a0will not go away, and will become an even bigger threat over the next 12 months.<\/p>\n\n\n\n

Casey Ellis, founder, CTO and chair of\u00a0Bugcrowd, says the increase in ransomware volumes will spur more innovation among defenders next year. \u201cAs ransomware becomes more a question of \u2018when it will happen\u2019 than \u2018if it will happen\u2019, legislators and the cyber security industry itself will be pressured to find ways to solve the ransomware problem without needing to reduce the choice to \u2018pay or not pay\u2019,\u201d he says.<\/p>\n\n\n\n

Ryan Kalember and Andrew Rose of\u00a0Proofpoint\u00a0foresee the increased targeting of cloud environments by ransomware crews.\u00a0They write: \u201cMany firms now house substantial portions of their sensitive data in external, cloud-based repositories and these data stores are often less visible to the security function and often not as secured or backed up in a way that adversaries can\u2019t also encrypt. In 2021, security professionals can expect to see ransomware increasingly target cloud storage to maximise impact and increase leverage to boost profits.\u201d<\/p>\n\n\n\n

Andriushchenko also thinks ransomware gangs will begin to focus their energies a little differently in 2021. \u201cThey may shift more into the area of industrial ransomware where the attacks are targeted in order to get the competitive advantage and stop production for a long time,\u201d he says.<\/p>\n\n\n\n

Guy Propper, threat intelligence team lead\u00a0at Deep Instinct, highlights the competitive advantage in the ransomware game, saying attackers have now learnt that the litmus test of a good ransomware hit is its method of extortion, and the greater the stakes for the victim, the better the likelihood of a payout.<\/p>\n\n\n\n

\u201cFor this reason, in 2021 we expect to see a move towards targeting mission-critical organisations, ie those organisations that have minimal risk tolerance to having their digital systems shut down or their data stolen and exposed,\u201d he says.<\/p>\n\n\n\n

\u201cHospitals and educational institutions are a good example of this, with both sectors having already suffered from a wave of ransomware infections, and both schools and hospitals are under enormous pressure to keep their doors open. In the crossroads between ransomware and data privacy regulations, private companies are also more susceptible to being breached, with the added risk of being hit with large fines if found to have exposed data.\u201d<\/p><\/blockquote>\n\n\n\n

Competitive advantage is also achieved through collaboration and resource sharing to maximise returns, something ransomware operators have also learned in 2020 \u2013 lessons they will put into practice in 2021. \u201cRansomware as a service is getting more traction \u2013 where ransomware creators \u2018servicise\u2019 their product and make it available to criminals at scale,\u201d says Andriuschenko.<\/p>\n\n\n\n

On this score, there is some good news \u2013 not all these collaborations will bear fruit, as Kellerman notes: \u201cWe\u2019ll see groups disagreeing on the ethics of targeting vulnerable sectors such as healthcare.\u201d<\/p>\n\n\n\n

Healthcare will still be a juicy target<\/strong><\/h3>\n\n\n\n

On the subject of healthcare, the impact of Covid-19 has also been particularly\u00a0keenly felt in this vital sector, where Kellerman predicts risk levels will continue to spike as the world moves closer to mass vaccination and, fingers crossed, an exit route from this waking nightmare.<\/p>\n\n\n\n

Bugcrowd\u2019s Ellis says the impact of ransomware on healthcare will grow next year as the need to access patient data creates a sense of urgency that makes organisations in the sector much more likely to pay up.<\/p>\n\n\n\n

This was seen earlier in 2020 when an attack in Germany\u00a0was blamed at first\u00a0for the death of a patient, and while prosecutors were unable to establish a legal basis of causation in German law and said that in the end,\u00a0the patient would have died anyway, the first officially fatal cyber attack will surely happen very soon, and this will ramp up the pressure.<\/p>\n\n\n\n

\u201cIt\u2019s likely that other attackers will prioritise ransomware attacks on strained healthcare facilities\u2019 critical life support systems as the urgency to save a patient\u2019s life would put great pressure on any hospital to pay a ransom,\u201d says Ellis.<\/p>\n\n\n\n

\u201cTo prepare for potentially fatal ransomware campaigns, the healthcare sector needs to identify its critical systems and determine which are most business-critical. Then, each healthcare organisation can prioritise those critical systems for upgrades to ensure proper security for patient wellbeing.\u201d<\/p><\/blockquote>\n\n\n\n

However, there is a little more good news here, too. \u201cThe strain on healthcare cyber security is not going unheeded,\u201d says Kellerman. \u201cWe will see increased IT and security budgets in the sector to combat the growth in external threats.\u201d<\/p>\n\n\n\n

New risks still emerging<\/strong><\/h3>\n\n\n\n

Kellerman is also keeping his eye on some other emergent trends, such as cloud-jacking via public clouds, which he believes will become the \u201cisland-hopping strategy of choice\u201d for cyber criminals, thanks to what he calls a new over-reliance on public cloud infrastructure.<\/p>\n\n\n\n

And this will not be the only under-threat environment \u2013 it is possible, indeed likely, that some threat actors, particularly nation-state-associated ones, will ramp up bolder and more destructive attacks against industrial control systems, critical national infrastructure, utilities, manufacturers, and more. Indeed, with the emergence in December 2020 of a massive campaign conducted\u00a0through compromised SolarWinds tools, this may already be happening.<\/p>\n\n\n\n

Snow Software\u2019s Andriushchenko says the impact of the \u201csuccessful\u201d SolarWinds attack will be felt in an increasing volume of similar supply chain attacks. He warns that as companies improve their own security postures, third parties will remain a blind spot and can provide a pathway into the target. Thanks to the ongoing compromise of multiple government agencies in the US, malicious actors now know this works very well.<\/p>\n\n\n\n

State-sponsored attacks from groups associated with Russia and China, and to a lesser extent Iran and North Korea, will evolve further, says BugCrowd\u2019s Ellis, who predicts the rise of false flag attacks. We have already seen state groups conduct attacks using techniques, tools and procedures associated with rivals, and given the difficulty of attribution at the best of times, this will become a bigger problem in 2021.<\/p><\/blockquote>\n\n\n\n

\u201cThere has been ample time for state-sponsored cyber groups to improve their tactics in order to successfully launch more advanced false flag campaigns,\u201d says Ellis. \u201c2020 has also seen an increasing burden of proof around the effectiveness of cyber-enabled disinformation and misinformation as a tool in the hands of both foreign and domestic actors with a political goal.<\/p>\n\n\n\n

\u201cGovernments should expect state-sponsored attackers to launch false-flag campaigns more frequently. As such, governments must consider information warfare and cyber warfare to have merged in their execution and outcomes and be very focused on clear and clean attribution when an attack takes place.\u201d<\/p>\n\n\n\n

AI comes into its own, for both defenders and attackers<\/strong><\/h3>\n\n\n\n

Carbon Black\u2019s Kellerman says 2021 will be a year of significant developments in\u00a0artificial intelligence\u00a0(AI)<\/strong> and\u00a0machine learning<\/strong>\u00a0tools that make security automation a more simplified, integrated proposition, and not just something for an organisation that has forked out millions on a security operations centre.<\/p>\n\n\n\n

Snow Software\u2019s Andriushchenko also believes AI and machine learning will become powerful tools for defenders in 2021, thanks to their utility in supporting remote workers. He explains: \u201cHome networks, co-working spaces, caf\u00e9 Wi-Fi \u2013 all have different threats lurking in them and require organisations to be ready to recognise and react on any issues originating from uncharted territories.<\/p>\n\n\n\n

\u201cTherefore, it is important to start employing the intelligent behaviour analysis tools that could spot an anomaly in how a supposedly legit user interacts with the corporate network and what actions it performs. Machine learning, in this case, becomes more than just a buzzword, but rather a necessity to mitigate potential issues in 2021.\u201d<\/p>\n\n\n\n

The counterpoint to this, of course, is that adversaries will also see some benefit in advancing how AI and machine learning are used for pre- and post-exploitation activities, as Deep Instinct\u2019s Propper points out.<\/p>\n\n\n\n

\u201cAs knowledge on adversarial machine learning continues to grow, that knowledge is disseminating among both sides of the cyber battle ground,\u201d he says. \u201c2020 saw the increased adoption of machine learning academic knowledge being used in adversarial attacks in private industry research.<\/p>\n\n\n\n

\u201cAs this knowledge gradually makes the transition from academia to the wild, we expect to see malware campaigns attempting to evade products based on machine learning models, by fooling the model, learning how to subvert it, or by forcing it to shut down.<\/p>\n\n\n\n

\u201cSince machine learning-based products are becoming the market-dominant solution, it makes sense that they represent the next target for well-resourced hackers. We expect that those perpetrating the attacks will be only a select few. The bar of entry to AI-based attacks is still very high, and we therefore don\u2019t expect it to become \u2018run-of-the-mill\u2019 malware next year.\u201d<\/p>\n\n\n\n

Kellerman adds: \u201cAs awareness of how attackers are using automation increases, we can expect defenders to fix the issue, maximising automation to spot malicious activity faster than ever before.\u201d<\/p><\/blockquote><\/figure>\n\n\n\n

Kalember and Rose at Proofpoint also have something to say about the growth of automation, suggesting it will help security teams cope with\u00a0the growing skills crisis.<\/p>\n\n\n\n

\u201cThe shortage of security talent has been a concern for several years, with CISOs struggling to keep fully staffed and skilled teams together for any length of time,\u201d they say. \u201cThe only way security functions are going to survive is by automating parts of their role.<\/p>\n\n\n\n

\u201cTo date, automation functionality has typically been addressed by buying additional tools or as bolt-on functions from suppliers. We expect that to change in 2021, as automation become more of a standard \u2018in the box\u2019 feature for most enterprise security tools \u2013 and for many CISOs, this can\u2019t come soon enough.\u201d<\/p>\n\n\n\n

Some positivity: we may not be winning, but nor are we losing<\/strong><\/h3>\n\n\n\n

To end with some positivity, there is growing awareness of cyber security in the public sphere, organisations are increasingly well-prepared in spite of all the high-profile failures documented in Computer Weekly and elsewhere, and defenders are getting better at their jobs all the time. We may not be overwhelmingly winning the fight against cyber crime, but nor can we say we are losing it.<\/p>\n\n\n\n

Ellis at Bugcrowd expects positive change in security culture, with ethical hackers increasingly proving their worth, particularly when it comes to critical infrastructure and organisations. This will be spurred in part by\u00a0the discourse around election security\u00a0that dominated in the US in late 2020. And this is not just a US issue, it affects the UK too.<\/p>\n\n\n\n

\u201cThe reality is that security researchers can test voting systems just as an adversary would to uncover exploitable vulnerabilities, and then relay that feedback to the appropriate personnel for remediation on a prioritised basis,\u201d says Ellis. All that is needed to make this a reality, he argues, is buy-in from governments, and reform to laws,\u00a0such as the UK\u2019s Computer Misuse Act.<\/p><\/blockquote>\n\n\n\n

\u201cThese laws currently serve as barriers for security researchers to do their jobs and test voting systems in good faith, as ethical researchers fear being prosecuted for doing their jobs,\u201d he says. \u201cLooking ahead, as government officials start to pay closer attention to cyber security, it is possible we may see these laws revised for the betterment of our democracy.<\/p>\n\n\n\n

\u201cGovernments are collectively realising the scale and distributed nature of the threats they face in the cyber domain, as well as the league of good-faith hackers available to help them balance forces. When you\u2019re faced with an army of adversaries, an army of allies makes a lot of sense.\u201d<\/p>\n\n\n\n

Sticking with this theme, Marten Mickos, CEO of\u00a0HackerOne, which could itself reasonably be described as an army of allies, perhaps unsurprisingly also predicts good times for ethical hackers.<\/p>\n\n\n\n

\u201cI predict the UK will be the next government to push to mandate vulnerability disclosure programmes (VDPs) for consumer IoT devices,\u201d he says. \u201cOther technically advanced and moderately transparent governments are also in line to follow. I anticipate Singapore and the Netherlands won\u2019t be far behind \u2013 many Dutch cities already have VDPs in their local government organisations.<\/p>\n\n\n\n

\u201cThe DACH region, though conservative, places a high priority on the security of its citizens. Just recently, the German armed forces unveiled their own bug bounty programme and the Swiss government has already introduced a VDP for its voting technology.\u201d<\/p>\n\n\n\n

Reports made through HackerOne have been responsible for some of\u00a0the biggest bug bounty payments in security history, and Mickos also predicts that such is the scale of cyber threats today, at some point in the next few years, we will see a hacker make over $10m \u2013 a vote of confidence in the community\u2019s talent and dedication to the cause.<\/p>\n\n\n\n

Kellerman similarly believes defender confidence is actually on the rise. \u201cThis year we saw cyber defences placed under inconceivable strain and they flexed in response,\u201d he says. \u201cYes, there were vulnerabilities due to the rapidity of the switch to fully remote working, but on the whole, security tools and processes are working. Defender technology is doing the job is it designed to do \u2013 and that is no small feat.<\/p>\n\n\n\n

\u201cThe mission-critical nature of cyber security has never been more apparent than in 2020 as teams have risen to the challenge of uniquely difficult circumstances. In recognition of this, we will see board-level support and a much healthier relationship between IT and security teams as they collaborate to simultaneously empower and safeguard users. 2020 has been the catalyst for change for which we were more than ready.\u201d<\/p>\n\n\n\n

Nominet\u00a0chief executive Russell Haworth also sees positive developments on the horizon. This year saw many governments take on more powers and responsibility for citizen cyber security, a trend he predicts will become more prominent.<\/p>\n\n\n\n

\u201cThe recent establishment of a national cyber force\u00a0and increased funding towards the UK\u2019s cyber defence is the beginning of a new era,\u201d says Haworth. \u201cBesides the arenas of land, sea and air, cyber has been officially recognised as a new battleground. Warfare in cyber space is of a fundamentally different nature and will require new tools and collaborations to combat aggressive nation-backed activity.<\/p><\/blockquote>\n\n\n\n

\u201cDecisive action is being taken by governments around the world to tackle cyber crime and much of this is already in collaboration with the security industry. This is a positive step, which may decrease the volume of nation-backed activity perpetrated by known APT groups.<\/p>\n\n\n\n

\u201cIt would be too much to hope that attacks will cease, but we might expect less disruptive techniques and more \u2018stealth\u2019 cyber attacks, utilising espionage techniques and bringing in a number of different tactics to execute an attack. It is in this area we must next look to evolve cyber defence and for that, we will need a multi-faceted, coordinated approach across government, industry and society.\u201d<\/p>\n\n\n\n

Finally, Chris Harris, EMEA technical director at\u00a0Thales, reckons 2021 will be the year when defenders turn the tables on their attackers. \u201cThe business-hacker relationship has largely always been one way, with cyber criminals attempting to break in and businesses reacting to this,\u201d he says. \u201cHowever, 2021 will see that relationship change as businesses go on the offensive and attempt to throw hackers off their game.<\/p>\n\n\n\n

\u201cCompanies will start using deceptive techniques, such as deploying fake high-attraction systems to divert attackers, or leave fake credentials or breadcrumbs that lead to a fake high-value target.\u201d<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

Reading Time-approximately:<\/span> 11<\/span> minutes<\/span><\/span>In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021. By Alex Scroxton As we close the door on a year that the industry will surely look back on as one of the most difficult and dangerous periods in history for cyber security<\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,30,54,3,103,95,84],"tags":[],"class_list":["post-6116","post","type-post","status-publish","format-standard","hentry","category-datacenter-news","category-expert-advise-and-opinion","category-hackers-and-cybercrime-prevention","category-industry-news-and-expert-advise","category-research-results-and-trends","category-timeless-tips","category-trends-datacenter-hardware-and-solutions"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=6116"}],"version-history":[{"count":1,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6116\/revisions"}],"predecessor-version":[{"id":6117,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6116\/revisions\/6117"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=6116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=6116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=6116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}