VIEWPOINT
TOP CYBERSECURITY TRENDS TO WATCH FOR IN 2021 PREDICTIONS FROM MOREY J. HABER, CHIEF TECHNOLOGY OFFICER AND CHIEF INFORMATION SECURITY OFFICER, BRIAN CHAPPELL, DIRECTOR, PRODUCT MANAGEMENT, AND KARL LANKFORD, DIRECTOR, SOLUTIONS ENGINEERING, BEYONDTRUST
B
eyondTrusts’s annual cybersecurity predictions are projections of possibilities we see emerging based on shifts in technology, threat actor habits, and culture. However, sometimes the most impactful trends materialise completely out of left field. We have all been reminded and humbled by this in 2020. COVID-19 has not only upended lives, but truly effected a paradigm shift in how businesses and employees work. This has also had profound ramifications for securing the people and IT assets of enterprises. 38
CXO INSIGHT ME
DECEMBER 2020
So, as we soon turn the rip off burn the page for 2020, we look ahead with hope, but also brace ourselves for the new tricks and wrinkles cyber threat actors are bound to unleash. By anticipating what’s next, we can all be better prepared to reduce security exposures, while helping our businesses compete and thrive. Prediction 1: The Hacking of Time — Network Time Protocol (NTP) and Windows-time-based servers will become a protocol of interest to hackers. These protocols help control the timing of everything transaction-based within an organization. If the timing is off,
everything from licensing servers to batch-based transactions can fail, creating denial of service attacks in key infrastructure on the Internet and within the backend processes of an organisation. Prediction 2: Poisoning of Machine Learning Training Data — As machine learning becomes more widespread within enterprises for making automated decisions, attackers have a new vector to consider. After a threat actor steals a copy of the original training data, they will begin to manipulate the models generated by injecting poisoned data into the training pool, creating a system that has learned something it shouldn’t. This manipulation will have a multiplying effect due to the automatic processing by downstream applications, destroying the integrity of any legitimately processed data. Prediction 3: Weaponized AI, Now Just Another Tool in the Attacker Toolkit — Threat actors will leverage machine learning (ML) to accelerate attacks on networks and systems. ML engines will be trained with data from successful attacks. This will allow the ML to identify patterns in the defenses to quickly pinpoint vulnerabilities that have been found in similar systems/environments. Data from all subsequent attacks will be used to
