Sourced from International IDEA
Business operations have changed beyond recognition with most employees working from home in a transition that happened almost overnight. Stretched security teams have been challenged to rapidly deploy robust remote working facilities to maintain productivity while others were writing the ‘pandemic playbook’ as they went along.
With this in mind, here are six trends to expect in 2021:
1. Remote-working focuses attacker attention on mobile compromise
As business becomes more mobile than ever and remote working persists, mobile devices and operating systems will be increasingly targeted. In 2021, more employees will use personal devices to review and share sensitive corporate information, these become an excellent point of ingress for attackers.
2. Continuing direct impacts on healthcare
Adaptations to maintain patient services will become a vulnerability. With the growing reliance on telemedicine for routine medical appointments, lucrative personally identifiable information (PII) is being accessed from remote locations and as a result is more easily intercepted by hackers.
That said, the strain on healthcare cybersecurity is not going unheeded; we will see increased IT and security budgets in the sector to combat the growth in external threats.
3. Emerging tactical trends: cloud-jacking and destructive ICS attacks
Cloud-jacking through public clouds will become the island-hopping strategy of choice for cybercriminals as opportunity proliferates due to the overreliance on public clouds by the newly distributed workforce.
It won’t be only the virtual environment under threat. Increasing cyber-physical integration will tempt nation state-sponsored groups into bolder, more destructive attacks against industrial control system (ICS) environments.
4. The ransomware economy pivots to extortion and collaboration
Another familiar tactic taking on a new twist is ransomware. Ransomware groups have evolved their approach to neutralise the defensive effect of back-ups and disaster recovery by making sure they’ve exfiltrated all the data they need before the victim knows they’re under attack.
Once the systems are locked attackers use the data in their possession to extort victims to pay to prevent the breach from becoming public. And if that fails, they can sell the data anyway, meaning the victim is doubly damaged.
5. AI utilised for defensive and offensive purposes
Technology innovation is as relevant to attackers as it is to defenders and, while artificial intelligence and machine learning have significant benefits in cybersecurity, we can expect to see adversaries continue to advance in the way AI/ML principles are used for post-exploitation activities.
They’ll leverage collected information to pivot to other systems, move laterally and spread efficiently – all through automation.
6. Defender confidence is justifiably on the rise
Defender technology is doing the job is it designed to do and that is no small feat.
By Tom Kellerman, Head of Cybersecurity Strategy at VMware