2020 is a year that nobody could have predicted, and one that few will forget. The global pandemic and resultant national lockdowns have changed the workplace as we know it. New words, phrases and definitions (‘Furlough’, ‘bubble’, ‘the new normal’) have now become commonplace in our vocabulary. And, against the backdrop of a pandemic-struck Britain, cybercriminals have taken full advantage. Research shows that UK businesses have lost over £6.2 million to cyber scams over the past year – with a 31% increase in cases during the height of the pandemic.
As the year draws to a close and we look ahead to 2021, we will undoubtedly be presented with new challenges and evolving threats. However, new tools and technologies will hopefully shift the balance towards defence. Cybersecurity Magazine spoke to seven cybersecurity experts about what they predict will be the evolving cybersecurity trends for the year ahead – and how best to bolster security for the new year.
John Day, Sales Engineering Leader, UK, Ireland & Nordics at Commvault predicts that cyber threats will continue to be an increasing issue in the year ahead. “We are already seeing more phishing scams in light of the pandemic. Companies will need to maintain investments in service resilience and data usability, whilst being smarter regarding their rapid recovery capabilities. The ability to provide a disaster recovery posture of IT services to lines of business will become mandatory. Cyber threats aren’t going to go away – it’s not a case of if, but when, a company will be impacted; I would expect to see intrusion detection systems becoming highly sought after.”
“Ransomware will remain the most prominent cyber threat to all organisations,” agrees Thomas Cartlidge, Head of Threat Intelligence at Six Degrees. Furthermore, “the tactics of ransomware operators will evolve to ensure they continue to evade defences and pressure victims to pay.
“There will be an increased emphasis on leaking data online to extort victims, with an increased use of social media to amplify the pressure on victims. Other tactics could include increased use of distributed denial of service (DDoS) to attack victims and further pressure them to pay. Ransomware group SunCrypt conducted a DDoS attack against a victim in late-2020 as they were negotiating a possible ransom payment.”
Financial organisations must stay alert
Financial services organisations and other firms that are responsible for the security of consumer financial data must remain especially vigilant in their cybersecurity efforts throughout 2021 since the high value of financial data makes it a lucrative target for cybercriminals. Anurag Kahol, CTO and co-founder at Bitglass, warns, “financial organisations beware, more attacks are coming.”
Moreover, “with the projected rise of new technologies–like 5G–throughout the new year, the sophistication of cybercriminals’ attacks will likely be enhanced. Consequently, it is imperative that financial organisations (and all companies in heavily regulated industries) take a proactive approach to data protection.”
Evolving security strategies
In 2019, billions of credentials were exposed in data breaches, and this trend continued well into 2020. “These stolen credentials fuel the underground economy and enable credential stuffing attacks. People around the world have come to just accept this as a way of life,” explains Trevor Daughney, VP, product marketing at Exabeam, who believes that we will see credential-based attacks continue to rise in 2021 and beyond.
He suggests: “Organisations across industries can invest in machine learning-based user and entity behaviour analytics (UEBA) to ensure that malicious activity by attackers is not overlooked. Further, UEBA can identify when a legitimate user account is exhibiting anomalous behaviour, providing greater insights into both compromised and malicious users to SOC analysts.”
Tim Bandos, CISO at Digital Guardian believes that we’ll see a significant increase in the adoption of a Zero Trust-as-a-Service model being used in security strategies beyond 2021:
“We’ve learned over the years that relying heavily on network security such as firewalls does almost nothing for you when faced with determined adversaries. Also, as organisations move more of their workloads to the cloud, it only becomes more imperative to protect and restrict those whom have access and ensure you have the right level of visibility. This approach will require more granular perimeter enforcements based on who the user is, where they are located, and other elements of data to determine the level of trust that’s granted. Implementing this type of strategy is not something that’ll occur overnight.
“My recommendation to organisations looking to embrace the Zero Trust model is to first design it and try to avoid the incorporation of legacy systems that aren’t fully capable of taking this journey.”
Business agility is key
In 2021, we will continue to see heavy investment in and expansion of remote work tools like Zoom and Microsoft Teams. However, “while these technologies will continue to evolve, bad actors will constantly try to take advantage of the remote situation,” explains Steve Cochran, CTO at ConnectWise.
“It will be more important than ever to maintain your team’s security training and awareness and factor in security from the beginning, as most security breaches come from within the application.
“There will be many opportunities for growth for companies willing to take the time to understand their customers. For example, businesses around the world are reinforcing their remote work strategies and need a trusted advisor to strengthen their advanced security solutions and ensure that employee’s devices are protected. There is also a huge opportunity for the channel to educate SMBs about regulation, compliance and best practices.”
“I think if 2020 has taught us anything from a business perspective it is that you never know what is around the corner,” concludes Terry Storrar, Managing Director at Leaseweb UK.
“Over the next 12 months, I strongly believe that disaster recovery and likewise business continuity will play a huge part in how organisations prepare their IT systems going forward. Never has data been more vital for survival than it is today and its importance will only continue to increase, especially with more organisations turning to the remote working set up on a more permanent basis. Across industries, this means we will all need to look at the best ways to balance our appetite for risk whilst ensuring we are agile enough to adapt to instant changes of circumstance.”