Just when it seemed that 2020 couldn’t get any weirder, news broke that Russian state-sponsored hackers had spent much of the year exploiting vulnerabilities in SolarWinds‘ widely used Orion IT management software to hack into major federal agencies and corporations.
Suddenly the year wasn’t about the massive shift toward remote work caused by the COVID-19 pandemic, so in a way the incident had a feeling of normalcy by returning the focus to timeless IT security issues – with the caveat that cyber attacks typically don’t lead to international incidents.
2021 cybersecurity predictions
Those two issues – remote work and a nation-state cyber attack – sum up our IT security outlook for 2021: Even as things return to normal, they will be forever changed. A few of the items here are holdovers from our 2020 list: Nation-state attacks, zero trust, cloud buckets and ransomware, for example, and we expect those to loom even larger in 2021.
The cyber cold war heats up
Our first prediction is a no-brainer: After four years of deference toward Russia by the Trump Administration, the incoming Biden Administration will respond with renewed sanctions and retaliatory attacks for the SolarWinds hack (not to mention the 2016 DNC hack and repeated election disinformation).
The challenge for the Biden Administration will be to respond strongly enough to deter future attacks – without triggering an escalation into cyber warfare. Also expect a much stronger cybersecurity focus from the new administration. Simply cleaning up the mess from the SolarWinds attack will take time; cyber attackers likely continue to dwell within the hacked networks.
Companies will be forced to take nation-state actors more seriously after about 18,000 were exposed in the attack (some experts estimate that only a few hundred were actually hacked).
MITRE endpoint security testing – which tests security tools’ effectiveness in stopping attacks from the likes of the Russian-affiliated APT29 group – will become more important.
Note: the MITRE ATT&CK group has done a good job tracking all the security developments surrounding the SolarWinds hack.
Pandemic’s end will make security even tougher
If you thought the end of the pandemic would make life easier for security pros and other IT staff, we think the opposite is likely to be true: A large number of employees will work remotely more than they used to, so in addition to branch offices and main campuses filling up, security pros will still need to worry about securing remote connections too. That means remote access concerns like RDP, VPNs, and insecure apps, devices and networks will remain a primary focus for security pros.
At a time when 78% of security operations center (SOC) staffers say their jobs are “very painful,” according to a Devo-Ponemon report, the added security worries are not good news.
“We already knew that business was growing increasingly cloud-based and remote well before COVID hit,” WatchGuard CTO Corey Nachreiner told eSecurity Planet. “We’ve since adjusted to working this way and have experienced the benefits. Moving forward, many organizations will continue to prioritize security controls – such as VPNs, endpoint protection suites, managed detection and response services and more – that protect off-network employees as remote work becomes a major part of the new normal.”
One scary threat that Nacheiner predicts: Worm-enabled malware that targets home-based computers that use corporate VPN connections as a way to infiltrate business networks.
For more on the cybersecurity jobs outlook, see our 2021 Cybersecurity Employment Outlook.
Zero trust becomes a thing
2020 was the year that zero trust became a product; 2021 will be the year that it begins to take off in enterprises.
It makes sense that access to networks, applications and data be as limited as possible, so expect zero trust capabilities to begin to show up in every kind of access product. That will help greatly in cases of stolen credentials and could also help prevent lateral movement across networks. Zero trust can also replace or supplement VPNs, plugging vulnerabilities there. But zero trust won’t do much if those applications and networks have vulnerabilities, so things like patch management, configuration and threat detection will still matter.
Secure access service edge (SASE) is a broader technology that encompasses zero trust and will also see greater adoption as external users and Internet of Things devices continue to drive growth in edge computing.
Cloud buckets remain leaky
The explosion in remote work led to acceleration in digital business transformation and application migrations to the cloud. Along with that rush will come the inevitable cloud bucket misconfigurations and security breaches. CompariTech recently estimated that 6% of Google Cloud buckets are vulnerable due to misconfiguration, and AWS and Azure users have their vulnerabilities too. Expect billions of sensitive records to be exposed again this year because of user error in the cloud.
Ransomware: Bigger and badder
Ransomware just gets worse every year, and 2021 will be no exception.
Sophos predicts that the big ransomware families will become “more evasive and nation-state-like in sophistication,” targeting larger companies with multimillion-dollar ransom demands, and ransomware-as-a-service will continue to let smaller players wreak havoc with everyone else.
Expect to hear a lot more about ransomware names such as Ryuk, RagnarLocker, Netwalker, REvil, Egregor/Maze, Dharma and Buer Loader.
‘Little’ threats are still big
The latest threats always grab headlines but it’s the ones everyone already knows about that do most of the damage, and 2021 will be no exception.
Commodity malware such as loaders and botnets and human-operated Initial Access Brokers can do more damage than might appear.
“Such threats can seem like low-level malware noise, but they are designed to secure a foothold in a target, gather essential data and share data back to a command-and-control network that will provide further instructions,” says Sophos. “If human operators are behind these types of threats, they’ll review every compromised machine for its geolocation and other signs of high value, and then sell access to the most lucrative targets to the highest bidder, such as a major ransomware operation.”
Blocking and removing malware thus should be just the start – it should be followed by threat-hunting and a vulnerability assessment.
One bright spot
While 2021 promises much of the same, one thing will likely improve: the pandemic should steadily improve as COVID-19 vaccines are produced and distributed. The health news alone is worth cheering, but with it will come an improving economy – and maybe more budget to spend on security tools for overwhelmed staffers.