17 minute read
TOP CYBERSECURITY TRENDS TO WATCH FOR IN 2021
PREDICTIONS FROM MOREY J. HABER, CHIEF TECHNOLOGY OFFICER AND CHIEF INFORMATION SECURITY OFFICER, BRIAN CHAPPELL, DIRECTOR, PRODUCT MANAGEMENT, AND KARL LANKFORD, DIRECTOR, SOLUTIONS ENGINEERING, BEYONDTRUST
BeyondTrusts’s annual cybersecurity predictions are projections of possibilities we see emerging based on shifts in technology, threat actor habits, and culture. However, sometimes the most impactful trends materialise completely out of left field. We have all been reminded and humbled by this in 2020. COVID-19 has not only upended lives, but truly effected a paradigm shift in how businesses and employees work. This has also had profound ramifications for securing the people and IT assets of enterprises.
Advertisement
So, as we soon turn the rip off burn the page for 2020, we look ahead with hope, but also brace ourselves for the new tricks and wrinkles cyber threat actors are bound to unleash. By anticipating what’s next, we can all be better prepared to reduce security exposures, while helping our businesses compete and thrive.
Prediction 1: The Hacking of Time — Network Time Protocol (NTP) and Windows-time-based servers will become a protocol of interest to hackers. These protocols help control the timing of everything transaction-based within an organization. If the timing is off, everything from licensing servers to batch-based transactions can fail, creating denial of service attacks in key infrastructure on the Internet and within the backend processes of an organisation.
Prediction 2: Poisoning of Machine Learning Training Data — As machine learning becomes more widespread within enterprises for making automated decisions, attackers have a new vector to consider. After a threat actor steals a copy of the original training data, they will begin to manipulate the models generated by injecting poisoned data into the training pool, creating a system that has learned something it shouldn’t. This manipulation will have a multiplying effect due to the automatic processing by downstream applications, destroying the integrity of any legitimately processed data.
Prediction 3: Weaponized AI, Now Just Another Tool in the Attacker Toolkit — Threat actors will leverage machine learning (ML) to accelerate attacks on networks and systems. ML engines will be trained with data from successful attacks. This will allow the ML to identify patterns in the defenses to quickly pinpoint vulnerabilities that have been found in similar systems/environments. Data from all subsequent attacks will be used to
continue to train the cyberattack engine. This approach will allow attackers to zero in on entry points in environments far more quickly and stealthily as they will be targeting fewer vulnerabilities with each attack, evading tools that need a volume of activity to identify wrongdoing.
Prediction 4: Deepfake Everything — Expect to encounter a new wave of deepfakes that challenges us to believe whether the entity on the other side of an interactive chat window or video call is human or not. For instance, you could soon have interactive sessions with past presidents or even deceased love ones. We will increasingly be in situations, unbeknownst to us, where we are engaged in communication with deepfake technology rather than with a real person.
Prediction 5: Cyberattackers Set up Shop at the Network Edge — New attack vectors will target remote workers and remote access pathways. Cybercriminals will continue to wage social engineering attacks and also try to exploit common home devices that can be used to compromise an individual and allow for lateral movement into a business. Social engineering attacks will primarily involve various forms of phishing, including by email, voice, text, instant messaging, and even third-party applications. We foresee remote workers to reign as the number one attack vector for exploitation in 2021.
Prediction 6: Data Privacy Implosion — In 2020, the European Union (EU) court system overturned the governance for protection provided by the EUU.S. (United States) “Privacy Shield.” Throughout 2021, businesses will scramble to adapt to this expansion of data privacy regulations and the potential implosion of established policies based on challenges in the court systems. International businesses will have to adapt quickly to reengineer how they process client data. Businesses that operate in multiple states must consider how they manage data per state, process it in a centralized location, and codify how they develop procedures around data deletion and breach notification. Prediction 7: Social Media Attack Vectors Thrive in the Era of Social Distancing — Expect attackers to move beyond just targeting individuals through social engineering to targeting businesses as well. Poor authentication and verification practices will allow social media-based attacks to be successful. Malicious QR codes or abbreviated URL’s could also be employed to obfuscate the malicious website. Since the social media controls around posting, verification, and URL redirection are so poorly managed, expect new attacks to flourish.
Prediction 8: Cybercriminals Play Puppet Master with Compromised Human Identities — To reduce the cost of an attack and improve profitability, cybercriminals will target individuals directly to gain an initial foothold in the environment by using non-cyber forms of coercion (bribery, extortion, etc.). These attacks will primarily focus on public figures (politicians, actors, activists, executives, etc.). As more of the human target’s sensitive personal data is stolen digitally, the pressure will mount for individuals to carry out nefarious actions or have their data and privacy exposed to the public.
Prediction 9: Cyber Insurance becomes Mandatory & Cybercriminals Rejoice — Cybercriminals will target large brands with insurance policies. The insurance policies will pay out to release stolen data rather than face paying out on the policy to cover any remedial action, providing attackers with a new stream of income.
Prediction 10: Who goes there? Friend or Fake? The Rise of Identity-Centric Security As systems and services move out of the traditional network/data center environment, security leans more heavily on proof of identity. A verified identity could now be the only ‘key’ needed for all access. Attacks on the mechanisms that maintain and secure verified identities will increase through 2021 and beyond.
Prediction 11: Most Successful Attacks will be from well-known and Largely Preventable Attack Vectors Lamentably, this prediction proves itself correct year after year. The majority of successful attacks still hinge on exploiting well-known and entirely preventable vulnerabilities. While some of the vulnerabilities may be relatively new, there is usually plenty of time to address them before compromise occurs.
If you can’t get on top of your vulnerabilities, layer your security so that attackers find themselves without access to privilege when they do infiltrate your network. An exploitable vulnerability is a problem, but considerably less so when it doesn’t lead to privileged access.
Final word
Every year we say it, but every year it’s worth saying again: being prepared for what’s ahead makes all the difference between being proactive and reactive. There is copious data showing that those enterprises with more proactive IT security postures prevent more threats, identify potential security issues faster, incur fewer breaches, and minimize damage from attacks more effectively than less prepared organizations.
And, one more prediction for 2021: We predict a resurgence in optimism, and we’re throwing some of ours your way, along with a dose of the best intentions and any cybersecurity bits of wisdom imparted from this blog.
STAYING SECURE
ALAIN PENEL, REGIONAL VICE PRESIDENT – MIDDLE EAST, FORTINET, ON THE 2021 THREAT LANDSCAPE WHAT CISOS SHOULD FOCUS ON
In an era of constant innovation, it is important to be constantly aware of the impact that new technology has on the threat landscape. While IoT devices and multi-cloud environments have proven beneficial, especially in times of increased remote work, CISOs must also understand the risks that such solutions pose to their employees and to their organisation.
Over the past 20 years, Fortinet’s team of security researchers has found that while certain aspects of cyberattacks continue to evolve, such as new malware or targeting new elements of the network, the underlying attack patterns, criminal behaviors, and end goals have typically remained the same. In recent years, the team’s predictions have addressed issues such as the evolution of ransomware, attacks targeting converged technologies, and the weaponisation of machine learning (ML) and artificial intelligence (AI). However, while some of these threats have already come and gone, others are only just starting to make an impact.
Cybercriminals Will Continue to Target Edge Environments
As digital innovation, the expansion of the network, evolving corporate strategies, and the growing reliance on business applications continue to accelerate, the traditional network perimeter has been replaced by multiple edge environments—each with their own unique set of risks. Cybercriminals are fully aware of these vulnerabilities, as well as the fact that for far too many organisations, a full security strategy often lags behind network expansion. They also know that organisations often sacrifice security to maximise agility and enhance performance between these interconnected edges. This lack of adequate security measures has led threat actors to allocate significant resources towards targeting and exploiting new edge environments, especially the home office branch and remote workers. Through the weaponisation of 5G and edge computing—and the subsequent deployment of swarm-based attacks— cybercriminals are able to easily target victims while fending off most of the lackluster solutions attempting to fight their attacks.
Combining AI and Playbooks to Anticipate Threats
As cyberattacks grow more advanced, CISOs should understand the role AI can play in helping their organisations stay a step ahead of their cyber adversaries. In addition to enabling an automated system that can detect threats and attacks before they occur, AI can also be used to document the behaviors of cyber-criminal activity in detail, resulting playbooks that can help identify an attack, anticipate an attacker’s next moves, and circumvent their threat before they can complete their mission or achieve their objectives. As AI and ML systems gain a greater foothold in networks, their ability to build out such playbooks is not far from reality. In fact, basic playbooks using schemes like the MITRE ATT&CK framework to standardise behaviors and methodologies are already being used by various threat research organisations, including FortiGuard Labs.
The Increasing Sophistication of Ransomware
One of the most likely outcomes of this will be the continued evolution of ransomware, making it one of the most dangerous and damaging threats facing organisations today. In addition to encrypting data and systems, cybercriminals are now posting data on public servers and threatening to expose organisational leaders unless a ransom is paid, moving extortion and defacement to the digital realm. And while there are now organisations appearing on the darknet with a business model of negotiating ransoms to save victims money, the benefits of this are short-term. And at the
end of the day, the bad guy will almost always get a payday, which will only reinforce their criminal behavior.
The Continued Development of Swarm Intelligence
Inspired by the collective behavior of biological systems such as ants, bees, or flocks of birds, swarm intelligence is being developed by industry to tackle such tasks as efficiently exploring a new environment by collecting, aggregating, and correlating data in real time, rapidly assembling complex devices, optimising complex problems such as vehicle routing, or tightly coordinating flight maneuvers of a squadron of military jets. As this technology matures, the opportunities for malicious use are endless. The cyber wars of the future will occur in milliseconds, meaning the primary role of humans will be to ensure that their security systems have been fed enough intelligence to not only counter attacks in real-time but also anticipate such attacks so that they do not happen in the first place. To defend their networks against these increasingly sophisticated, and eventually, AI-enabled attacks, security teams must look to adopt AI-enhanced technologies of their own designed to see, anticipate, and counter such threats.
Satellite-Based Systems Present New Opportunities for Threat Actors
Security implemented after the fact is never as effective as if it were to be interwoven in the fabric of a new network or solution right from the start. This is especially important to remember as our reliance on data and internet links enabled through advanced satellitebased systems continues to grow. And while satellite security concerns have traditionally been nominal because they are extremely remote, this may no longer be enough as satellite-based networks proliferate. By compromising satellite base stations and spreading malware through these networks, attackers potentially gain the ability to potentially target millions of users. Such attacks will likely start with such tactics distributed denial-of-service (DDoS) attacks, but as communication through satellite systems becomes more common, CISOs should expect more advanced attacks to follow.
Looking Ahead to the Role of Quantum Computing
The 2020 FortiGuard Labs Threat Predictions report highlights several important concerns, but perhaps the most forward-looking involves quantum computing. While access to quantum computers is beyond the scope of traditional cyber criminals, one of the biggest concerns is the use of such systems by nation-states to break cryptographic keys and algorithms. Experts now expect quantum computers to break elliptical curve cryptography by 2027, and governments everywhere are developing cyber strategies to address such a threat. With this in mind, organisations, like their government counterparts, will need to adopt quantum-resistant computing algorithms wherever cryptography is used to “sign” and protect the integrity of information as soon as they become available.
What’s Next for CISOs?
The threat landscape will only grow more advanced as time goes by, meaning that it is no longer a matter of if an organisation will be a target of a cyberattack, but instead a matter of when. Which is why, in addition to establishing a proactive and forward-looking defense strategy, CISOs also need to solidify their plans for effective incident response and business continuity. The use of an integrated AI system will enable a security team to defend their networks and respond to attacks before they can leave a mark.
But even with the right technology in place, organisations cannot be expected to fend off the full range of modern attacks on their own. To effectively protect their networks, they will also need to: • Subscribe to threat intelligence feeds • Join relevant consortiums • Proactively share data and strategies with others in their region or industry
In addition, organisations must also work with vendors who have established partnerships with public sector institutions, including education and law enforcement. Such publicprivate sector alliances help raise the bar for the detection, response, and prosecution of criminal behavior. And organisations must also play an active role in educating their employees and others to not only engage in safe cyber behaviors, but possibly even consider a career in cybersecurity, helping to close the skills gap while protecting others along the way.
Because cybercriminals do not respect political borders, law enforcement organisations have built global command centers closely tied to the public sector, helping them see and respond to cybercrime in real-time. By weaving similar threat intelligence into their security resources and enabling team members to stay abreast of the latest updates, CISOs can build and deploy more effective playbooks that will not only help their own organisations, but by being a good neighbor, also help protect others that could be affected by certain threats.
Final Thoughts on Cyberthreat Predictions for 2021
What this latest round of predictions highlights is the fact that cybercriminals will only grow more advanced in their attack methods. During such a time of rapid evolution, it is up to CISOs to stay up to date on the latest threat intelligence as well as understand how the new technologies and network operations their organisations adopt to improve efficiency could have a lasting impact on cybersecurity. By monitoring the threat landscape, partnering with the right vendors, and establishing valuable alliances, these security leaders can better protect their employees while also helping the industry as a whole stay ahead of modern threats.
WHY CONNECTIVITY MATTERS
BOOSTING CONNECTIVITY WILL FUEL THE NEW REMOTE EVERYTHING, WRITES AZZ-EDDINE MANSOURI, GENERAL MANAGER AT CIENA MIDDLE EAST
At the height of lockdown measures in the UAE, 85% of the country’s workers were working remotely according to a study commissioned by Ciena. With millions of people working from home fully or partially, many students still continuing to study remotely and social lives mostly focused indoors, home broadband has become more important than ever before.
With this home-centric life being more prevalent, both in the short-term related to COVID-19 and even longerterm with remote working being more widely adopted as the norm, there is an opportunity for service providers and global internet content providers to adapt to the changing network priorities of businesses, which have been accelerated by the global pandemic.
Broadband usage patterns changed overnight
When the pandemic hit, workers needed the same level of connectivity in their homes as in their offices. In addition, the way people used the internet at work and at home massively changed, putting more pressure on residential connectivity. To stay in touch with colleagues, workers turned to a variety of collaboration tools, including video conferencing. Indeed the internet has been a true enabler in bringing people together in this new paradigm and for telecom operators the increased appetite for data consumption has led to increased traffic volumes. It’s not just remote working that increased demand on home internet connections. According to the Ciena study, during lockdown, 67% of UAE adults did more video calls to connect with colleagues and loved ones, 78% used social media more often, and 74% watched more TV and movies online. While this is unsurprising given the restrictions on social activities that were put in place, the increased use of internet-reliant entertainment was putting more demand on home broadband.
Adaptable, flexible and automated
Many providers were able to shift bandwidth to where it was most needed. Providers that follow the principles of the Adaptive Network were able to do it autonomously, freeing up valuable time and ensuring SLAs were met. In essence, providers with networks that adapt can more seamlessly upgrade their hardware and software to react better to shifts in behaviour and connectivity priorities.
To react to the ongoing shift towards flexible, smart and remote working principles, many service providers have already taken steps to prepare for delivering bandwidth where it is needed. For instance, in the UAE, telecom services provider du announced that it has extended its support of the nation’s distance learning initiative by doubling the internet speed at no additional cost for schools and universities across the country, to ensure no disruption of learning through seamless and uninterrupted connectivity.
With potentially larger remote workforces, businesses may look to change how they approach connectivity. Even with employees working remotely, many businesses operate with a combination of hybrid, cloud and onpremise applications, so connectivity is ultimately still needed in offices.
Now more than ever, network connectivity plays a key role in helping the world navigate and overcome the challenge of this global pandemic and service providers must be able to offer additional value by delivering flexible connectivity both on-premise and to employees’ homes.
Opportunity for providers to offer added value
Service providers need to ensure that they are able to deliver connectivity when and where it’s needed the most. Ciena’s research revealed that UAE workers are willing to spend money to get faster, more reliable connectivity at home. Three quarters (75%) have taken steps to improve their home internet since the lockdown came into effect. The most common changes are: purchasing a new wireless/WiFi router (30%), upgrading a broadband package (25%), purchasing a wireless/WiFi extension or booster kit (24%), and using a wired connection (23%).
Whether these changes were driven by remote working, learning, social use or a combination of all three, it demonstrates that service providers can win customers based on their ability to deliver reliable and fast connectivity to people at home. This is not new, but it has the potential to be an even more important factor as remote working continues at meaningful levels beyond the pandemic.
As we move into a new way of working, there is an exciting opportunity for providers to explore new offerings for businesses to deliver connectivity outside of traditional city centre offices and into people’s homes. Trends like IoT, smart cities, driverless cars and 5G all have different connectivity requirements, from latency to uptime. As we forge ahead into a new world of remote everything, delivering connectivity where it needs to be before it needs to be there will allow providers to deliver enhanced value and set themselves apart from the competition.