Cybersecurity has become increasingly complex as the technology ecosystem convergences and adds more and more connected devices that need to be protected. "It is not a question of 'if', but rather 'when' a disaster will strike. Responding to an incident in crisis mode without the benefit of planning, coordination, and testing can result in more downtime, higher recovery costs and times, a potential negative impact on brand and reputation, and business loss.
"In 2021, with the continued impact of COVID, we are likely to see even more interest from businesses, customers and investors regarding operational risk management, business continuity, and resiliency," forecast Anne Hardy, CISO, Talend.
 |
| Source: Acronis infographic. 2021 predictions from Acronis include that attackers will rely on automating malware; remote workers, small businesses, managed service providers and cloud platforms will be attacked; while data exfiltration will surpass data encryption for the first time in history as the key cybercrime activity. |
A sampling of the challenges that the industry sees for 2021 include:
Vulnerabilities: APIs
"There will be a reckoning within the growing API security market as API data breaches rise. Earlier this year, Facebook pledged to improve its security as it worked to resolve a lawsuit blaming the company for a 2018 data breach where bad actors leveraged Facebook’s developer APIs to obtain sensitive user information. This is not a threat that is unique to Facebook or any one industry. In fact, this is a rising threat, as APIs are one of the largest attack surfaces for organisations," James Carder, Chief Security Officer & VP of LogRhythm Labs said.
"More and more businesses across industries are building out microservices that leverage APIs, but very few companies know how to build them securely, and the growing API security market is beginning to falter. This will result in a high-level breach and data loss that will be directly traced back to unsecured APIs."
Vulnerabilities: the IT and operational technology (OT) convergence
"When the COVID-19 pandemic imposed lockdowns and forced most employees to work remotely, this happenstance accelerated the requirement to converge IT and OT, and made the application of OT security an imperative. Claroty’s survey of IT and OT security professionals who support critical infrastructure in large enterprises found that 67% of respondents’ IT and OT networks have become increasingly interconnected since the pandemic began. Additionally, 75% of respondents expect IT and OT to become even more interconnected as a result of the pandemic," noted Eddie Stefanescu, GM - Asia Pacific & Japan, Claroty.
"Yet a rush to connect IT and OT networks could be detrimental, as cyberthreats can spill from one to another. It’s not just businesses that should be concerned either, as even governments are finding themselves at risk. In June 2020, the Australian government reported cyberattacks targeting its critical national infrastructure, for example.
"As organisations become cognisant of what’s at stake, we have seen a rise in demand in the Asia Pacific region for OT security solutions, and especially for secure remote access."
"As more organisations converge IT and OT systems, these conditions are also going to expand the attack surface available to threat actors. When you look at this dynamic through a ransomware and extortion lens, the view is worrisome," added Jumbo Preminger, VP Research, Claroty.
Preminger explained that attackers are intent on not only gaining a foothold inside corporate networks, and moving laterally until they control critical systems and have access to sensitive information. "In the not-too-distant past, the likely next move was dropping ransomware, encrypting key systems, and waiting for frazzled victims to pay. As more and more organisations become hardened to ransomware, practice better security hygiene and have reliable, available backups, recovery is possible without paying ransoms," Preminger said.
"Attackers adapted with a new business model whereby they are more likely to extract information and extort victims for cash with threats of selling the data on the underground, or leaking it publicly, putting the victim at a competitive disadvantage should their intellectual property, corporate secrets, or customer data become public.
"With OT systems less hardened and much more challenging to update and patch, converged IT/OT networks are likely to be the next fertile hunting ground for attackers fuelled by extortion. Often, industrial control systems and OT devices oversee critical processes, and cannot be replaced or powered down for updates without severe interruption of services. OT networks that suffer ransomware or extortion-related attacks won’t be able to recover as quickly as traditional IT systems might."
Vulnerabilities: protecting mainframes
"The continued use of the mainframe for business-critical applications and data, while a prudent strategy in the existing economic climate, comes with its own set of challenges, particularly around circumventing mounting digital risks and complying with the ever-evolving regulatory requirements," said Stephen McNulty, President Asia Pacific and Japan at Micro Focus.
"Most organisations have relevant security controls in place; however, where they struggle is utilising those same security measures on the mainframe. Extending enterprise-level security—access control, data privacy, and endpoint hardening—to the mainframe will be a key initiative for many organisations in 2021."
Vulnerabilities: robotic process automation (RPA)
 |
| Source: One Identity. Cetin. |
"2021 will be the birth of digital identities for the digital workforce. What many security professionals have failed to realise is that the user identities created for RPA technologies to connect to a company network in order to execute a task are just as vulnerable as their human counterparts. Throughout 2021, identity and security teams will begin to realise the unconsidered security challenges of RPA, such as how creating and destroying digital workers results in account orphaning and privileged creep," warned Serkan Cetin, Technical Director, APJ, One Identity.
"Like we’ve seen with other innovations this lack of awareness around the security implications of RPA will cause a significant RPA breach in 2021, causing security teams to recognise the need for the privileged management and governance of the digital workforce."
Solutions: data science as a new weapon
 |
| Source: Ensign InfoSecurity. Quek. |
On the bright side, new solutions are coming online in the fight against cybercrime. Han Yang Quek, Head of Data Science, Ensign InfoSecurity said that cybersecurity data science is an emerging technology frontier where AI techniques, processes and methodologies are applied to help organisations build up a proactive cybersecurity posture.
"The application of data science has the potential to level the playing field for cyberdefenders, and will have a profound impact on cyberdefence in 2021," he said, pointing out that data science empowers organisations to derive insights from the current threat landscape, and provides early warnings on future attacks.
"This is a far cry from the reactive stance that cyberdefenders usually find themselves in. Coupled with localised data and intelligence, organisations can dive deeper into their own digital environments and uncover unknown cyberthreats that are targetting their networks or sectors."
Additionally, cybersecurity data scientists can also leverage AI and machine learning methodologies to develop threat behavioural model and analytics tools such as user and entity behaviour analytics (UEBA), Quek said, as they can detect anomalous user and network traffic patterns and identify potential threats that might have already infiltrated organisations’ digital environments.
"By integrating cybersecurity data science into their existing tech stack, organisations will have better visibility into the cyberthreat horizon to uncover the next attack. This shifts an organisation’s cybersecurity posture from reactive to predictive, allowing cybersecurity teams to engage in pre-emptive planning of cybersecurity measures and controls, obtain timely or even early warnings of emerging threats, and execute faster incident response and disaster recovery in the event of a breach," Quek concluded.
Solutions: DevSecOps and single platforms
Anthony McMahon, Regional Director, APAC, GitLab said, "The APAC region will continue to see rising demand in 2021 from companies and public organisations for DevSecOps platforms that automate and accelerate software development lifecycles and increase organisations’ overall ability to innovate.
"Leading companies, looking to accelerate their digital transformation journey, will be quick to realise that multiple tools add complexity, due to their integration points, different security principles, and end-to-end cost of ownership and change management. Migrating to a single application fundamentally changes the way development, security, and operations teams collaborate and enables ideas, via secure software, to accelerate innovation."
Solutions: dynamic segmentation
"Network segmentation is critical to containing security breaches. To date, most enterprises have segmented traffic using VLANs and virtual routing and forwarding (VRF) technology. This enables them to separate guest Wi-Fi traffic from business application traffic from cash register transactions and IoT device traffic. With digital transformation driving a surge of IoT device deployment, and the potential for lateral movement from one class of compromised device to others, a new requirement for finer-grained segmentation by IoT device type is emerging," said David Hughes, founder of Silver Peak and Senior VP of the WAN business at Aruba.
"This will increase the number of segments required in a typical branch from single digits to fifty or more, multiplying the number VLANs, subnets and VRFs, in turn increasing complexity and administration overhead exponentially. In 2021, we will see a significant uptick in adoption of dynamic segmentation architectures that create virtual segments based on end-user role, device type and end-point security posture, allowing tens or even hundreds of segments to be created, as needs arise, without requiring VLAN or subnet allocation. This trend will start from the edge, in the branch and campus. This granular segmentation will be extended across the WAN by advanced SD-WAN and SD-Branch implementations, realising the true potential of fully orchestrated, edge-to-edge dynamic segmentation."
VLAN refers to virtual local area network, SD-WAN stands for software-defined wide-area network, and IoT for the Internet of Things.
Solutions: education
Ian Hall, Manager, Client Success, APAC, at Synopsys Software Integrity Group noted that there has been continued growth over the past year around ransomware, phishing and other scams. "My hope for 2021 is that organisations, schools and universities will have identified and implemented better ways to increase security awareness and training," he said.
"Social engineering scams such as these remain some of the most popular avenues for attackers to exploit and hence, user education is really critical to reducing the chances of an attack being successful. I don’t anticipate any reduction in these attacks in the near future, but my hope is that the general population will be able to better discern when something is potentially malicious."
"In the year ahead (2021), it’s imperative for businesses to extend the new cybersecurity perimeter outside the four walls of their physical offices. Rather than managing devices internally, tech teams will need to shift responsibilities to managing people to stay one step ahead of an evolving threat landscape.
"Teams will need to work on closing the skills gap by educating and training more tech pros (and employees) to understand and mitigate cybersecurity threats. But this will need to go beyond on-the-job training — tech pros should be looking to gain security skills when they’re studying at school and universities. Companies will want to ensure the security data scientists and/or third-party products deployed have a solid foundational understanding of the changing threats to business security," agreed Thomas LaRock, Head Geek, SolarWinds.
Solutions: relying on managed services
“With the growing attack surface and complexity of attack vectors, it will become increasingly harder to find skilled cybersecurity professionals with broad enough experience to address all manner of complexity in a given situation. Therefore In 2021, expect to see an increase in the adoption of managed services around threat detection and response, as more companies consider managed services alongside their purchasing decisions for cybersecurity products,” said Fernando Serto, Director, Security Technology and Strategy, Asia Pacific at Akamai.
Solutions: security baked into design
"Developers will address potential security issues, including security testing, much earlier in the design cycle. Greater emphasis will be placed on how products will be deployed, the use of touchless and contactless technology, removing human intervention, and fully automating networks that self-heal," predicted Keysight executives.
Richard Marr, GM, APAC, Auth0, said that frictionless customer identity and access management (CIAM) would become more critical than ever as more people move to online channels to obtain goods and services.
"Businesses need to ensure that their users can securely access the correct content at the correct time, while managing the complexity of the number of platforms, devices and user interfaces," he said.
"At the same time, consumers and businesses have increased expectations of a low-friction, personalised and seamless experience online. There will be an enhanced need for applications in architecture and greater investment in the digital experience to make it more human and reassuring, including login functionality such as single sign-on (SSO), and biometrics such as fingerprint scanning and facial recognition.
Rick McElroy, Principal Cybersecurity Strategist, VMware Carbon Black, made the point that cyberdefences have been effective. “In 2020, COVID-19 put organisations’ security posture to the test and exposed areas of weakness that can be attributed to the overnight digital transformation many organizations had to make. But while many are quick to point out the Doomsday scenarios some companies faced, there wasn’t enough emphasis on the fact that security tools and processes are working. Defender technology, whether geared towards endpoint, network or the application layer, is doing the job it is designed to do, and that’s no small feat," he said.
"In 2021, we’ll continue to see security teams being empowered and working closely with leaders in the organisation. As IT and security continue to work together to enable business continuity, we’ll see the negative and stereotypical narrative around the two teams working poorly together quickly fade into the background. More tools geared towards end-users will come to light, also contributing to less friction between security and IT departments.”
Purchasing in 2021
Akamai's Serto predicted that purchasing cycles would evolve in 2021. “When it comes to cybersecurity, tender processes and budget cycles have traditionally been large-scale, and slow. This has often left organisations vulnerable from a security perspective whilst waiting for procurement processes to play out," he explained.
"Additionally, more than ever before, security leaders like CISOs need to take into account the flexibility of their business situation and cybersecurity infrastructure into every aspect of their planning process. In 2021, expect to see more companies making smaller, but more frequent purchases to update their cybersecurity posture based on rapidly evolving needs.”
Guilad Regev, Senior VP of Global Customer Success at Claroty, said that more pharmaceutical and biotech companies would invest in cybersecurity in 1H21 to protect vaccine research and development. "However, in the latter part of 2021 as we move towards the mass production of a vaccine, I expect the security market to rise back and become even higher than 2020.
"I also expect that even during the first half of 2021, government organisations, water facilities, electric utilities and other critical infrastructure organisations, will be the ones investing more money in cybersecurity, as they will want to show that they are in control and that the economy is recovering. As a consequence, I predict we will see an uptick in projects around cybersecurity and IT that were postponed this year," he said.
*Security issues around remote work are covered in a separate 2021 predictions post. There is a separate post on cyberattack vectors for 2021.
No comments:
Post a Comment