By Andrew Rose, Resident CISO, EMEA at Proofpoint
In 2020, organisations were challenged to accommodate mass remote workforces, while stopping pandemic-related threats and maintaining business continuity. As security teams plan for 2021, their strategies have to evolve in a shifting threat landscape. Below are our top security trends and predictions for the year ahead.
#1: Ransomware will hit cloud repositories
Cloud adoption was accelerated in 2020 driven by the COVID-19 pandemic. In 2021, ransomware attacks will also drift toward the cloud. Many firms now house substantial amounts of sensitive data in external, cloud-based repositories and, in 2021, ransomware is expected to increasingly target this cloud storage to maximize impact and boost profits.
#2: Malware continues to rely on user interaction
Threat actors understand that trying to break through firewalls and VPN gateways is possible, but much tougher thanks to the great work security professionals have put in over the years. As a result, the threat actors have pivoted their attacks toward more vulnerable end-users and we see the vast majority of cyberattacks starting via email, and virtually 100% of malware relying on user action, rather than technical vulnerabilities, for the initial compromise.
#3: BEC still the largest source of cybercrime losses
Already a massive issue, business email compromise (BEC) will worsen in 2021. Costing billions of dollars annually, BEC fraud’s low barrier to entry and high reward attracts threat actors. These actors will likely look to increase their ‘earning potential’ by compromising user accounts and spoofing legitimate users for increased credibility and pay out rates. As BEC actors broaden their toolsets to compromise cloud accounts and organisations’ suppliers and vendors, stopping them will continue to be challenging.
#4: More techniques will emerge to bypass MFA
While multi-factor authentication (MFA) is widely regarded as the best way to protect access to enterprise systems, it’s not a silver bullet. Attackers have recognised MFA is a major blocker to their success and they are now focusing on circumventing MFA by exploiting older protocols or creating new attack types, like OAuth phishing.
#5: Increased automation in security tools
Security functions can only survive by automating parts of their role – from account administration and firewall admin, to metrics creation, SOC alerts and triage, DLP investigations, and more. Automation has typically been addressed by buying additional tools or as bolt-on functions from suppliers. In 2021, we expect automation become more of a standard ‘in the box’ feature for most enterprise security tools.
#6: Staffing remains a challenge
In 2021, security budgets will return to expected levels however, CISOs will continue struggling to recruit staff for their growing teams. Many smaller, regional firms will find themselves ‘priced out’ of the talent they need, even when they can draw from the more diverse talent pool of fully remote workers.
#7: Cybercriminals collaborate more
Many actors who specialise in BEC and email account compromise (EAC), do not tend to serve up ransomware even if they have the necessary access. Similarly, threat actors focused on ransomware do not tend to utilise BEC and EAC attacks. In 2021, this may change as criminals collaborate. For example, firms could be exploited by EAC attacks, and that access ‘sold’ to a different group to deliver ransomware.
Next year will continue to be a challenge for security leaders; however, leveraging a people-centric strategy, that protects users across the key channels will help ensure success.