Only a number of weeks into 2021, a string of occasions ensured that cybersecurity would change into one in all the yr’s hottest tech matters, with implications for everybody from particular person IT employees and builders to safety professionals.
In January, the federal authorities was nonetheless reeling from the cyberespionage marketing campaign that focused SolarWinds and the firm’s Orion community monitoring platform. This provide chain assault focused 100 personal corporations and 9 federal businesses, and seems to have been the work of Russia’s Foreign Intelligence Service (or SVR).
Not lengthy after that, Microsoft and different safety researchers found {that a} sequence of zero-day vulnerabilities inside the on-premises variations of the software program big’s Exchange email server had been being exploited by a Chinese-linked hacking group. Later, different attackers appeared to exploit these bugs in unpatched techniques, as nicely.
If this wasn’t sufficient, a sequence of ransomware assaults beginning in May involving corporations resembling Colonial Pipeline Co., JBS and others raised further issues not solely about the fragile safety state of networks that these organizations use, but in addition how the U.S. authorities protects the nation’s vital infrastructure, together with the U.S. energy grid, oil and fuel infrastructure and even the nation’s meals provide.
By June 16, cybersecurity issues grew to become a part of the agenda between President Joe Biden and Russian President Vladimir Putin throughout a gathering between the two leaders in Geneva. The U.S. has accused Russia of turning a blind eye to cybercriminals and ransomware gangs who seem to function inside its borders.
“This yr has been centered on ransomware and IoT and demanding infrastructure assaults which have been damaging in each operational capabilities in addition to to the monetary state of many companies. In addition to this as a prime pattern in the first half of the yr, we additionally noticed a continued improve in the variety of knowledge breaches ensuing from unknown and incorrectly configured datastores being focused,” Tyler Shields, CMO at safety agency JupiterOne, instructed Dice. “Fundamentally, enterprises and demanding infrastructure suppliers want to do a greater job of understanding what belongings exist in their community and the way they’re configured at any given level in time.”
With 2021 now at the midway level, safety consultants are already wanting forward to what the subsequent a number of months would possibly maintain, with points starting from massive teams of staff coming again to post-pandemic workplaces, to what federal orders would possibly herald for the way forward for cybersecurity.
Here’s a take a look at 4 cybersecurity traits to watch in the second half of the yr.
Workers Return and the Age of Hybrid Work
One of the nice unknowns for the second half of 2021 is the risk of enormous parts of the workforce, each in the U.S. and different elements of the world, returning to workplaces in both a full-time or part-time capability beginning after Labor Day. For many organizations, hybrid work is uncharted territory.
Some tech corporations resembling Microsoft and Amazon have already signaled that they need staff again—if not now, then later this yr. Other corporations, together with banks resembling JPMorgan and SaaS big Salesforce, are taking a way more versatile strategy.
As organizations look to set up a brand new regular, cybersecurity needs to be a significant factor in how they strategy hybrid work. For over a yr, work-from-home has expanded the assault floor, and lax safety practices and lack of coaching and sources to shield house networks implies that these points would possibly comply with staff again to company workplaces.
“As staff return to the workplace, you’ll be able to actually count on a right away uptick in help calls as contaminated units try to join immediately to the company community,” John Morgan, CEO at Confluera, instructed Dice. “What I believe you need to be careful for, although, will not be the instant uptick however reasonably the assault that simmers slowly and travels below the radar. It’s these assaults that may slip via your fingers.”
In many instances, hackers could be prepared to wait weeks and even months to start an assault, which suggests company safety would possibly seem regular at first—however this might imply a lull as risk actors map the community and plan for the subsequent step.
“Once an attacker positive aspects entry into a company machine or community, they’re in no hurry to navigate from servers to servers in search of their prize,” Morgan mentioned. “Such actions might alert the consideration of IT and safety analysts. Instead, they’ll take small benign-looking steps, mendacity dormant for weeks or months in between. IT and safety analysts usually would not have the instruments to correlate varied weak indicators to make sense of an assault in progress. Nor can they correlate occasions that happen weeks and even months aside. This hole in safety protection is what organizations needs to be involved about.”
Shadow IT Returns
After staff return to workplaces in some capability, they’re certain to convey the units they’ve come to depend on, or the apps they’ve used to conduct their work, which opens the door to a wave of shadow IT issues and safety points that include that.
Dirk Schrader, world vp for safety analysis at New Net Technologies, famous that safety and IT groups ought to make sure that any units used at house over the final 18 months are up to date and secured earlier than connecting to native space networks at company workplaces to keep away from attackers gaining a foothold via vulnerabilities.
“Companies ought to require their employees to use built-in replace mechanisms, resembling Windows Update, to get the techniques to the newest stage the day earlier than they arrive to the workplace, in addition, to run a safety examine, once more utilizing built-in options,” Schrader mentioned. “In addition, and much more so if the checks usually are not potential, a company ought to put incoming units right into a quarantine part of its community and do a system integrity and safety examine, checking for deviation from identified safe states and configuration and to restore them the place wanted. The purpose is to re-establish a safe state, and doing so wants correct planning and time allotted to the course of itself.”
Bert Kashyap, CEO and co-founder of safety agency SecureW2, says IT and safety groups will doubtless discover themselves tied up attempting to preserve observe of what apps and units at the moment are being hooked again into company networks.
“As staff transition again to the workplace, organizations discover themselves needing to get a greater deal with on apps, companies and networks that could possibly be accessed via private units,” Kashyap instructed Dice. “Implementing machine belief via digital certificates is at the core of zero belief tasks for the second half of the yr as organizations want assurances that machine safety requirements are being met.”
Zero Trust in Cybersecurity
While zero belief had been a rising pattern in some enterprises earlier than the pandemic, the final 18 months have accelerated its adoption as IT and safety groups look to transfer away from legacy applied sciences resembling VPNs, which have left some networks open to hacking.
Besides the rising pattern amongst companies, the Biden executive order on cybersecurity, which the president signed in May, put zero belief, together with encryption and multifactor authentication, at the prime of the safety precedence listing for the federal authorities.
With federal businesses now needing to undertake this idea, mixed with a few of the rethinking brought on by the pandemic, consultants see zero belief adoption skyrocketing in the second half of 2021.
“Organizations want to strongly contemplate a zero belief strategy to safety, which might guarantee harm is restricted even in the case that privileged accounts are compromised. Rationalizing the purposes, identities, entry and roles right into a manageable and comprehensible construction is the basis of a zero belief structure,” mentioned Kevin Dunne, president at safety agency Pathlock. “From there, organizations can implement extra investigative and preventative insurance policies to make sure that the entry that has been granted is getting used because it was meant to be.”
Attackers Diversify
While ransomware might need topped the agenda of the U.S. and Russia summit, cybersecurity consultants don’t count on assaults utilizing crypto-locking malware to cease anytime quickly.
One motive—the cash is just too good for cybercriminals to cease. In the first quarter of 2021, incident response agency Coverware reported that the common ransom fee topped $220,00, a 43 % improve from the earlier quarter.
Sherrod DeGrippo, senior director of risk analysis and detection at safety Proofpoint, nevertheless, factors out that attackers will doubtless proceed to range the strategies as the yr progresses and employees slowly return to workplaces. The firm’s current CISO report discovered executives are involved about a variety of threats from enterprise e mail compromise, to cloud account takeover assaults to inside threats.
“The huge vary of the assault floor will make it much more troublesome to cease anybody risk marketing campaign,” DiGrippo instructed Dice. “Through the final yr, now we have seen risk actors change into very adept at utilizing no matter’s in the information cycle as a lure in email-based phishing campaigns, from vaccine availability to the 2020 Presidential Election. The mass migration to distant work in 2020 was a major marketing campaign lure so we suspect the shift again to the workplace, and every other subject in the public zeitgeist, to be used as a phishing lure to solicit a click on and the opening for a breach.”
