Every year, cybersecurity experts start preparing for the threats that organisations and individuals may face in the year ahead. As we stare down the barrel of this new year, it could perhaps be considered one of the hardest to ‘predict' for, if 2020 is anything to go by.
Last year, organisations were thrust into the new challenge of rapidly accommodating mass remote workforces, enabling cloud systems with little opportunity for review, playing ‘whack-a-mole' with shadow IT and, through it all, maintaining business continuity.
While we were doing that, opportunistic cybercriminals quickly adapted their tactics to incorporate emotive, pandemic-related themes to their attacks and to take advantage of the widened attack surface that remote working brought with it.
As security teams plan for the new year, their strategies have to both revisit 2020 to look for any cut corners, and evolve to address the continually shifting threat landscape of 2021. But what will this year hold, and how should organisations best prepare?
Below are Proofpoint's top security trends and predictions for the year ahead.
- Cybercriminals target the cloud
With remote working here to stay for a majority of global organisations, the need for cloud-based collaboration is greater than ever.
In 2021 and beyond, traditional means of controlling data will be less and less effective, as employees spread critical data and information across multiple platforms - some authorised, some not, and nearly all less visible to the security function. It's vital that organisations have increased visibility into this data - but also into who has access to it, and what they are doing with it.
The acceleration of cloud adoption will drive ransomware attacks to drift toward these new platforms, and we expect to see new attacks targeting online organisational data repositories, such as OneDrive, along with attacks on an organisation's AWS and Azure infrastructure. Remember that these online data stores are unlikely to have any form of ‘offline backup', making recovery much more challenging.
So, in 2021, security professionals can expect to see ransomware increasingly target cloud storage to maximise impact and increase leverage to boost profits.
- Social engineering will remain a tool of choice
The vast majority of cyberattacks start via email, and 99.9 per cent of these rely on user action for the initial compromise (i.e. run code, provide credentials, hand over cash). Threat actors understand that trying to break through in other ways (like unpatched VPN gateways) is possible, but much tougher - so they choose the easier path to trick end users, convincing them to take action to compromise systems.
Cybercriminals are opportunistic, chasing popular trends and newsworthy items to prey on human nature and emotions to maximise the success of their social engineering efforts. For example, in March last year, our threat research team saw an exponential number of phishing attempts using COVID-19 themes, and we'll see this peak again during vaccine deployment.
These people-centric attacks will continue to drive Business Email Compromise (BEC) attacks and, while we predict BEC attacks may not necessarily increase in volume, they will remain one of the biggest sources of cybercrime losses. Both the FBI, and cyber liability insurers, already chalk up a majority of cybercrime losses to BEC.
We'll also see attackers work to increase their ‘earning potential' and success rate, by taking the additional step of compromising a user account and pretending to be a legitimate user - an email account compromise (EAC) attack. As BEC actors broaden their toolsets to include EAC, by compromising cloud accounts and organisations' suppliers and vendors, managing the risk and impact will become increasingly challenging.
- Automation will become imperative, not just a ‘nice to have'
The shortage of security talent has been a concern for several years with CISOs struggling to build and retain fully staffed and skilled teams without completely blowing their salary budget.
As the threat landscape continues to expand, and we continue in this remote work environment, security teams are more stretched than ever. The only way security functions are going to survive is by automating parts of their role.
To date, automation functionality has typically been addressed by buying additional tools or as bolt-on functions from suppliers. We expect that to change in 2021, as automation becomes more of a standard ‘in the box' feature for most enterprise security tools - and for many CISOs, this can't come soon enough.
- Security budgets will bounce back, but staffing will continue to be a challenge
Resources for many organisations have been constrained during the pandemic - including security spending. We expect to see a return to ‘normality' during 2021 and this will likely be reflected in security budgets, which will be incremented by 10-15 per cent. This is good news for CISOs, but much of that money will likely be to address corners that were cut in 2020 to deploy new services rapidly.
Security staffing, however, is not a short-term problem. CISOs will continue struggling to recruit staff for their growing teams. Offering more remote and flexible positions will help many organisations, but it will also accelerate salaries and create problems for smaller, regional firms who will be ‘priced out' of talent.
- We will see increased collaboration and interaction between cybercriminal groups, playing to their strengths.
The three most common paths to profit used by cybercriminals are BEC, EAC and ransomware. Many actors who specialise in BEC and EAC, however, do not tend to deploy ransomware even though they have the necessary access. Similarly, threat actors focused on ransomware do not tend to utilise BEC and EAC attacks. Commonly, however, the same initial attack vectors are used. We expect 2021 to drive threat actor collaboration to maximise the ‘income opportunity' from each successful breach. For example, we could see firms exploited by EAC attacks, and that access then ‘sold on' to a different group to deliver ransomware; alternatively, that EAC group upskills themselves and starts to leverage commercially available ransomware tools.
The common theme throughout our 2021 predictions is people.
This year will certainly continue to be a challenge for security leaders; however, attackers will continue to focus on people as their gateway to your information and money. Leveraging a people-centric strategy, which combines people, technology and process should form the basis of a robust cybersecurity strategy.
Andrew Rose is Proofpoint's Resident CISO for EMEA.