Finally, hindsight is truly 2020. After the year that wasn’t, we have an opportunity to look ahead and forge new habits and patterns in the world we find ourselves living in. As we do that, I wanted to highlight some of the attack trends that I think will shape the cybersecurity landscape in 2021:
Hacked security tools
We are seeing alarming upticks in attacks on infrastructure and security tools. By attacking widely deployed platforms like Solar Winds and FireEye, sophisticated attackers are buying themselves access to dozens if not hundreds of targets through the very tools they deployed to protect themselves. In addition to Solar Winds & FireEye, Microsoft, Accellion, SonicWall, and others have reported breaches in the last querter and I suspect more are coming soon. Organizations large and small are asking tough questions about whether the leading platforms are still reliable or if moves into more diverse, less proven vendors are necessary. Take a holistic look at your security portfolio and decide where strategic bets might give you a hedge against these kinds of attacks.
While ransomware continues to be a devastating attack, extortionware carries it to the next level by providing the attacker with a copy of your data in addition to denying you access yourself. Decide not to pay because you have reliable backups? Great – except the attacker will still release your data unless you pay them. Recovery is no longer sufficient, prevention must again take center stage. Make sure you have the right defenses (both technical controls and user training) in addition to a robust backup strategy.
Attacking the Factory
Remote work has pushed more network connectivity to the factory floor. Unfortunately these expensive systems tend to be old, out of support, and vulnerable at a significantly higher rate than traditional IT systems. The resulting vulnerabilities can be exploited by attackers to wreak new kinds of havoc by disrupting or manipulating manufacturing, logistics, and regulated systems. Evaluate your network architecture and ensure you have appropriate segmentation, defenses, and access controls surrounding these critical assets to ensure continuity of operations in a connected world.
Developer toolkits and frameworks spring up like mushrooms – from nothing to fully entrenched seemingly overnight. And, like mushrooms, sometimes they vanish just as quickly. The result is that the framework your app relies on suddenly finds itself out of support, leaving you terribly exposed to security flaws that will never be patched. It’s critical that software developers address their dependencies, and critical for users to understand their risk exposure if and when these apps. Consider an enterprise code repository or scanning capability for the libraries and frameworks in your environment to track vulnerabilities, support, and updates on a regular basis.
Cloud account takeover
As organizations shift more workload to the cloud, the accounts that manage critical company assets no longer reside in the control of the enterprise. Rather, the cloud service providers are holding the keys to your kingdom. And unfortunately, several easy to abuse methods allow attackers to take over those accounts. From abusing password rests features to SIM swapping attacks, the threats against these cloud accounts have never been greater. Ensure you have a strong management and security plan for these accounts, leveraging strong two-factor (not SMS) and regularly monitor logs for unusual use or activity.
Remote work gaps
When we went home to work in 2020, organizations moved heaven and earth to enable the remote workforce to be productive. And they did it quickly. In many cases, the security stack that protected employees in the office didn’t move smoothly to the home and gaps were created in visibility and control of cyber threats. What’s more, while organizations are working to close the technical gaps, the process changes that happened have been overlooked. The way work was done changed, and verifying that your processes still meet your protection and control needs is essential. Take time in 2021 to identify and evaluate your critical business workflows and ensure they still have appropriate controls.
At Reveal Risk, we help our clients build and mature the BEST (Business Enabling, Strategic, and Thorough) information security programs. To learn more about our risk-driven, holistic approach, contact us at firstname.lastname@example.org today!
About the Author
Tim Sewell is a lifelong security and technology advocate. Over a 20-year career, he’s worked for some of the most respected organizations in the world building top-notch information security programs. He holds a variety of certifications including CISSP-ISSAP, OSCP, and CEH. Since jumping off the corporate ladder in 2018 to co-found Reveal Risk, he’s helped numerous organizations from Fortune 500 to small non-profits build and mature their information security and privacy programs in practical, sustainable ways.