January 15, 2021 By BlueAlly
Life-saving vaccines may be on the way, but for many of us 2021 will be a lot like the past 12 months, at least until the latter part of the year. That means remote working in large numbers. It means growing use of online services and applications to reach socially distancing and locked-down customers. And it means heavy investments in SaaS and IaaS cloud services to streamline processes and enhance business agility as we begin to exit the pandemic.
On the plus side, there is light at the end of the tunnel, and IT security teams should be better resourced and more capable of supporting the business during this crucial year. But cyber-criminals won’t make life easy. Here’s what to look out for in 2021.
A long tail of COVID threats
Malicious COVID-themed email activity may have died down from a peak in early 2020 when Barracuda Networks detected a 667% spike. But it is still a threat, comprising scams designed to trick users into handing over money and/or financial details; phishing attempts to harvest personal info; extortion; BEC and more. COVID-19 will be the gift that keeps on giving for cyber-criminals over the coming year. Localised news events and breaking stories such as the availability of new vaccines will continue to be hijacked and used in malicious email campaigns.
For IT security leaders, layered email security including AI-powered tools and behavioural analytics to spot sophisticated threats will become increasingly important. As will cloud-based deployment to protect the remote workers targeted by these threats. Enhanced phishing training will also go a long way.
Humans continue to make mistakes
The success of phishing attacks ultimately rests on whether the end user decides to click or not. But human error can expose organisations to cyber risk in more ways than that. In 2021, we can expect to see many more cases of misconfiguration, especially in the public cloud, where investments will grow the global market by a predicted 35%. The sheer complexity of multiple hybrid cloud environments running side-by-side will outpace the in-house skills needed to adequately secure and manage them. Exposed storage buckets and credentials are particularly dangerous, as cyber-criminals get better at scanning for potentially unlocked doors.
Organisations will need smarter tools to automatically scan cloud environments for such mistakes and seamlessly remediate any instances of policy non-compliance.
APIs represent a new attack vector
The application programming interface (API) has been with us for years. But the digital-first businesses of 2021 will increasingly come to rely on APIs to connect to third-party services and enhance application-centric customer experiences. The challenge is that this will further increase the corporate attack surface and provide cyber-criminals with a potentially useful vector to access customer data and back-end services.
As APIs are intrinsically insecure, organisations will need to do a better job of layering up security via next-gen web app firewalls (WAFs).
Cloud apps under attack
As mentioned, cloud-based applications have become increasingly important to businesses during the COVID-19 crisis. Adoption of SaaS collaboration tools rocketed in 2020, while many organisations—from restaurants to banks—also developed their own apps to reach customers more effectively. This digital push will continue apace in 2021, especially if vaccine roll-outs drag and/or social distancing continues. The problem is that many apps are being delivered with coding errors that could leave organisations exposed to simple but devastating attacks, like cross-site scripting and SQL injection.
According to one report, 23% of exploits are published within a week after a patch is released and 50% are published within a month. IT security teams must therefore continuously scan their systems for vulnerabilities and act quickly to patch where a fix is available. More holistically, they should also look to WAFs to protect their applications.
Ransomware targets the mid-market
Ransomware attacks on big-name brands tend to grab the headlines. But according to one recent report, the majority of threats target smaller organisations. In fact, in Q3 2020, organisations with up to 100 employees accounted for 32% of attacks, and those with up to 1000 workers accounted for 73%. The trend will continue into 2021 as attackers go after the low-hanging fruit. If your business is singled out as rich enough, they may use multi-stage targeted attacks more reminiscent of APT groups than ransomware.
It goes without saying that prevention should be the focus here, especially as many ransomware groups now exfiltrate data alongside malware deployment. That means deploying cyber-defences across email, network and application layers. But don’t forget the basics either: easy-to-use cloud back-up tools are crucial to enabling a swift recovery from any incident. Look out for offerings with unlimited storage and retention.
In many ways, the threats targeting organisations over the coming year will look pretty familiar to IT security leaders. That should be of some comfort. However, with so much at stake there’s no room for complacency as we all look forward to a more prosperous 2021.