2021 has been off to a flying start! While that is a relief for all of us, there are some cyber security trends from 2020 that will likely carry over into 2021. In this blog, we will look at three key cyber security trends we expect in 2021, and how we recommend you respond in anticipation of them. We will look at the continuing trend of ransomware, and two trends that are brought about or have increased as a result of the pandemic: remote workforce and the move to the cloud.
New and Continuing Cyber Security Trends
Let’s face it, as much as we wish it was otherwise, ransomware is one of the cyber security trends that isn’t going away any time soon. Why? Well simply put, because malicious actors are still getting paid by their victims and have no reason to think that will be stopping anytime soon. According to a 2020 Crowdstrike Global Security Attitude Survey which was conducted in 3Q 2020, 27% of ransomware victims paid the ransom in 2020, paying on average $1.1 million. In addition, there is very little chance of an attacker being prosecuted. Most organisations don’t have the logging and resources to identify the attack until it is too late, and even if they do, the attackers are usually in foreign countries with no extradition agreements. Because of this, and for the foreseeable future, ransomware will continue to increase.
While ransomware is here to stay, you can take practical steps to protect your organisations. Your approach should focus on three key areas:
- First, prevent ransomware in the first place by ensuring systems are patched, your external attack surface is minimized, and you’re providing effective security awareness training to your staff. You can get an understanding of your risk to these types of threats through penetration testing or other security assessments.
- Second, you should focus on detecting and containing an attack before it spreads. Where would alerts come from, are the alerts you are receiving sufficient, and does your team know what to do when they see that alert? Conduct table top exercises of your incident response plan with executive leadership to get everyone on the same page.
- Finally, and maybe most importantly, make sure you have the ability to restore from a ransomware attack. Let’s assume that an attacker gets access to a domain administrator account. Let’s also assume that the attacker is able to gain access to every account in your domain and use them to try to go after your backups (because if they can’t encrypt the backups, they probably won’t get paid). With those two conditions, are you safe? Do you have a backup that is completely offline? If not, that needs to be a major priority.
Remote Workforce Concerns
For the most part, everyone is still working remotely and this will likely continue at least into the summer for most organisations, if not indefinitely. With that being said, there are some unique threats that everyone is facing because of this shift. Consider that your employee’s corporate laptop is now on the same network as their kid’s devices, which may be used to download some pirated music off a sketchy website. Also consider the situation where that employee’s laptop stops working for whatever reason and they need to get work done. They can’t just walk down the hall to the IT team and get them to fix it, so maybe they will try to fix it themselves or use another device he has to directly connect to your VPN.
Protecting yourself from this new reality should focus primarily on the VPN and endpoint protection in place on corporate assets. First, your VPN should have MFA enabled. Second, your VPN should be full tunnel so that all traffic crosses that secure tunnel and other devices on the same local network can’t see/intercept that traffic. Third, if possible, use client certificates or some other type of endpoint validation on everyone’s computer. These types of controls can serve as one of the methods of authentication, but more importantly, they can prevent unauthorized devices from accessing the corporate network using the VPN. Finally, a next generation endpoint protection platform is more important in a distributed network, because centralized protections are less effective.
This pandemic has changed the way organisations think. Already, there was a large push towards moving everything to the cloud because it is scalable, cheaper, more adaptive to organisational changes, someone else is responsible for physical security, etc. However, that desire and push was always tampered by organisations wanting to have control of everything and the old-school way of thinking everything needs to be under one roof. With the pandemic, this fear has pretty much disappeared. Everyone is learning the advantages of working remotely and any systems that organisations already had in the cloud may have been a lifesaver for them as they send their workforce home. As a result, 2021 will see an unprecedented shift towards the cloud.
However, this is not without risk. Anytime you are making significant changes to your network, you should conduct a thorough security assessment of those changes to ensure they did not introduce any new risks. These assessments should consider how the networks are tied together and if there are any new links to your network, how permissions are managed for those new systems, what due diligence the service provider is offering, and how these changes may affect any compliance requirements that are in play.
Cyber Security Trends to Look Out For
In this blog, we took a look at three key cyber security trends we expect will define 2021. Ransomware has been around for awhile and is not going away any time soon. As the pandemic has forced the workforce to move remotely, which we expect to continue into this year and beyond, it is time to seriously consider the security implications that brings. Finally, the pandemic has increased the urgency of organisations migrating to the cloud. However, while this effort has been prioritized, it is important to consider the security implications as you move forward with these changes. If you have any questions or want to talk further, reach out to us here.