We are in a unique position as 2021 gets underway. With the coronavirus pandemic still very much a factor, cybersecurity priorities have shifted dramatically in the last twelve months, with an increased focus on distributed workforces and the technologies that support them.
Risk comes from all angles, with users, vendors, partners, and systems all contributing to a different landscape in 2020. In a recent Salt Lake City & Denver Virtual Cybersecurity Summit panel featuring Capsule8’s Director of Sales Engineering, Austin Britt, this very question was a major focus. While we know that COVID-19 will continue to influence cybersecurity priorities in 2021 and work-from-home will continue both during and after the pandemic, what other cybersecurity trends should we watch for in 2021? Here are some of the most important takeaways:
The Major Cybersecurity Trends in 2021
Some of the key trends in cybersecurity moving into 2021 include:
Working with Low Code and No-Code Platforms
The spread of low code and no-code platforms requires the implementation of new security tools that work well with them. In some cases, this might mean a fundamental shift in approach to security to ensure it’s clear what is secure and what’s not. That means addressing the lack of visibility, decrease in data oversight, lack of auditing controls, and a lack of security processes to account for improper access.
Increased Threat Vectors
The means by which attacks occur are not necessarily new but are becoming more sophisticated. Carlo Beronio noted in the panel that 85% of their clients said Active Directory was a failure point due to continued challenges with privilege escalation. Security education is more important now than ever before due to the implementation of wide-scale digital transformation efforts.
Cloud Migration Threats
As companies migrate to the cloud, attack surfaces widen. These moves have accelerated due to the shift to remote work, which in turn increases risk with similar or reduced resources to address them. Understanding the software supply chain and the interaction between cloud platforms, security tools, and the people managing both becomes increasingly important.
Big Data Problems
Many large organizations have 25 or more software vendors, which means a lot of different detection tools and resources are needed to keep up with the reality of the situation. These larger organizations are subsequently adopting bigger data solutions to address vulnerabilities to fake data generation, protect against information mining, and ensuring more granular access control across all applications.
Reducing Time to Detection
The same adage that a breach takes minutes to happen and years to detect continues to hold true, especially in the wake of the SolarWinds breach that has so thoroughly impacted US organizations, both public and private. It’s vital that organizations know what is on the network, what exposures exist, where credentials might be compromised, and how users interact with the Active Directory. Tools and processes that allow organizations to distill this data quickly and act immediately are more important than ever.
Ransomware in 2021
Ransomware’s evolution accelerated rapidly in 2020 and is now coming full circle in 2021 with a 350% increase since 2018 leading to a 100% increase in payments and 200% increase in downtime. These attacks in the past would target a single device and encrypt that device as quickly as possible. Today, they’ve been further weaponized, evaluating where data exists and spreading laterally to impact as much of the network as possible. It’s a major problem if a device is infected. It’s a disaster if it gets into the entire network.
Running Tabletop Exercises
These exercises have always been difficult to prioritize, with many organizations viewing them as a time-consuming and costly process. However, after the myriad of failures and cybersecurity threats experienced in 2020, there is likely to be a major shift in 2021 as organizations reallocate resources to prepare for potential issues in advance.
These are just some of the many trends to watch for in 2021 as the growing threats of 2020 carry over into a year of transition.
How Can Security Teams Better Convey Risk to Executives in their Organizations?
In addition to the trends that will define cybersecurity efforts this year, it’s important to understand how security teams can better convey risk within the organization. How do you have these difficult conversations with executives and board-level decision-makers to ensure the resources needed are available and new processes implemented?
It starts with clear communication and understanding the context by which senior leadership will understand the risks being discussed. Prepare assessments and adversary planning to evaluate where your organization is being targeted and map coverage based on tools you already have on hand. Moreover, understand the strategic goals of the business and the language likely to be used in discussing these problems.
For example, everyone understands the immediate impact of the Slack outage that occurred early in January when their provisioning service went down due to heavy usage. Use similar examples to make it clear what the impact of an attack could be for your business, customers, and brand as a whole.
The Next Stage of Cybersecurity Preparation for the Year Ahead
From increases in ransomware attacks to consistent breaches stemming from mismanaged, stolen, or compromised accounts with privileges, 2021 will continue to present cybersecurity risks that the industry is familiar with. But further sophistication of threat actors combined with compression of cybersecurity budgets will influence how these risks are addressed.
It’s important to remain vigilant, prepare for anything that develops in the year ahead, and work internally, with senior leadership, DevOps, and individual departments to measure, determine, and reduce risk in 2021 and beyond.
If one of your top concerns for 2021 is protecting your production infrastructure and keeping your business resilient, Capsule8 can help. Request a demo today.