A global reset: Predicting cybersecurity trends in 2021

A global reset: Predicting cybersecurity trends in 2021

CloudEnterprise SecurityInsightsTop Stories

FireEye shares its top cybersecurity trends for 2021 and says business leaders must build capabilities and strategies that will protect them in the days to come.

Companies across all industries commonly release forward-looking reports about what’s to come in the next year, but very few in 2019 anticipated the global pandemic and the worldwide reaction to it. While 2020 brought great uncertainty, there remain many guarantees in the cybersecurity realm – threat actors will continue to attack, without any regard for their targets and with motivations that include, but are not limited to, espionage and monetary gain.

With an eye towards the future, we compiled a list of cybersecurity expectations for the coming year. In the report, A Global Reset: Cyber Security Predictions 2021, we tackle the following topics: remote work and other impacts of the global pandemic, ransomware, nation-state activity, cloud security and security validation.

Remote work and other impacts of the pandemic

In the near term, the Coronavirus will likely continue to have a significant impact on normal business operations, with a focus on supporting remote work, virtual events and new productivity platforms. In the longer term, technology solutions will step in to facilitate the return to work, school and other activities, potentially introducing new risks for privacy, Personally Identifiable Information (PII) and protected health information (PHI).

Virtual Private Networks (VPNs) will continue to have their place in 2021. Organisations should be ready to have this capability in place as remote work continues to expand and becomes a more common way of doing business. This year, there will be a continued increase in perimeter security, mostly due to remote work.

Persistence and growth of ransomware usage

The use of ransomware accelerated and became more dangerous than ever in 2020. Targeted attacks against medical facilities during the pandemic crossed a line that had never before been approached. Ransomware will continue its rapid growth in 2021 and its varieties will increase along with the frequency of attacks. Post-intrusion reconnaissance revealed that threat actors encrypt the most relied on and sensitive data and architecture, leading to higher ransom demands.

In 2021, organisations need to be prepared for a ransomware attack. This means ensuring that networks are segmented, that an actual plan is in place and that tabletop exercises have been conducted with senior leaders and other key staff. This will ensure that everyone is ready to take optimal action in the event of an attack.

Organisations should have an incident response service-level agreement (SLA) in place. They should also establish secured backups that teams can revert to when necessary. Organisations are going to be targeted and they are going to be compromised, so it is crucial to have prevention and recovery strategies in place.

Espionage as an ongoing driver of nation-state activity

Major nation-state threat actors continuing efforts in 2021 will include Russia, China, Iran and North Korea. These countries are significant sponsors of threat activity, both regionally and globally. Beyond that, there has been an uptick in activity from Vietnam and South Asia.

Spear phishing is one of the most popular infection vectors when it comes to nation-state threat activity and it will continue to dominate in 2021. In addition, an increasing number of nation-state actors are focusing on intrusion techniques that don’t require any victim interaction, such as exploiting web-facing applications and password spraying. These tactics are being used by a number of Iranian, Russian and Chinese groups in 2020 and are expected to continue in 2021. Countries that are just getting into the business of cyberespionage will continue to turn to third-party intrusion vendors for tools and capability enhancement.

Cloud security taking the limelight

This year, companies will need to spend time building up awareness of their cloud presence.

Many companies deferred multi-factor authentication to legacy systems as they were accelerating their migration to cloud platforms in recent years. The urgency of business requirements often drives organisations to move technology adoption efforts forward faster without having the right security controls in place. As a result, many organisations will be playing catch up on the security front as we move into 2021. Organisations need to secure the methods of access to data and that means focusing on identity and access management and revisiting who qualifies for privileged access.

Many cloud threats are the same as those encountered on in-house networks. In 2021, cloud hacks are expected to continue to be executed through:

  1. Stolen credentials, typically via phishing
  2. Exploitation of cloud misconfigurations
  3. Vulnerable cloud application hacking

Prevention and detection strategies will be crucial for all organisations to guard against such threats. Whether large or small, no organisation is immune to cloud risk. Full and accurate tracking of cloud assets should be a priority.

Security validation to keep defences and budgets in check

As the economy continues to be strained in 2021, cybersecurity spend will be increasingly scrutinised. We expect many organisations to invest in security validation to understand if their technology is deployed optimally, if threats are being detected and blocked, if security settings are configured correctly, and if they are getting a good return on investment.

Security validation provides quantifiable data to the business on the effectiveness of their cybersecurity controls, and will help organisations answer questions such as:

  • Is my VPN working like it should?
  • What vulnerabilities or gaps do I have in my remote infrastructure?
  • Do people who have higher level privileges still need them now that they’re working from home rather than on-premises where their access could more easily be monitored?

Security automation and training are also expected to be areas of significant growth in 2021. Companies will continue to automate routine tasks so they can free up expertise for more high-value activities. Security validation will help identify areas ripe for automation as well as those that should be prioritised for more expert attention. The increased risk from remote work, especially for those organisations without established processes and policies for data access, will warrant significant additional security awareness training. Again, security validation can help by identifying some of the focus areas for that training.

Positive security results with effective planning and implementation

Organisations had much to overcome in 2020 and a rapidly changing security environment was just one of the challenges. The chance of these challenges continuing through 2021 are high and the adversity will be from more than just cyberthreat actors.

Today, it’s all about ransomware. This once opportunistic threat that used to cost organisations thousands of dollars is now being deployed in sophisticated operations with ransom demands upwards of a million dollars. Ransomware is only going to get worse in 2021 and organisations are going to need to be prepared with incident response plans and data backups.

2020 was one of the most challenging years in recent history and forced many organisations to stop what they were doing and reprioritise. As we navigate through a new year, we must learn from the threats we faced in 2020 and build capabilities and strategies that will protect us in the days to come.

Click below to share this article