Cyber criminals have certainly enjoyed watching droves of people transition to a stay-at-home lifestyle on a global scale, finding ways to exploit the movement to an online digital-first world drove most cyber security trends in 2020. Typical security boundaries dissolved as businesses, schools, and more hastily jumped into a remote environment without the time necessary to consider appropriate processes and tools for collaboration as well as a sound security posture. This created a unique and unprecedented threat landscape for security teams, making detection and response challenging when dealing with untested and unanticipated security weaknesses.
In a time of uncertainty and high-stress for a remote workforce, user behavior also changed, adding an extra layer to the cyber security trends we witnessed. This shift compounded challenges that already existed even in the best of times, and human error became an even greater “weak link” for adequate cyber security. In an environment where security practices cannot adapt quickly enough and overwhelmed users experience an inundation of phishing scams and other cyber threats, mistakes are inevitable. It’s only a matter of time before there is another successful cyber attack.
We spoke with Joe Baum, Director of Threat Management at Motorola Solutions, to gather his insights on cyber security trends and predictions as we move further into 2021. Joe is an “organically” developed cyber security professional, operating a Threat Intelligence and Penetration team for Motorola Solutions. His organization collects and refines intelligence on threats against customers and products and helps developers validate their products to meet the cybersecurity integrity necessary. Joe holds CISSP®, CSSLP®, and CCSP® certifications from (ISC)2 and is also a Certified Cyber Intelligence Tradecraft Analyst. In this post, we spoke with Joe about cyber security trends that defined 2020, his predictions on how cyber security will change in 2021, as well as critical considerations for IT Blue Teams.
What Cybersecurity Trend Defined 2020?
- Externalization of Business Applications with the Shift to Remote Work: Something we saw defining 2020, as we’ve heard quite a bit by now, is part of the workforce shifting from the workplace into their homes last March. We saw that externalization of business place applications, which used to be protected by the enterprise network controls, had to be migrated to the internet during VPN scaling issues. Many “last-minute security accommodations” were made for the home workplace due to the lack of enough business-owned laptops to distribute to the already deployed remote workforce.
- Accelerated Patching: We also witnessed accelerated patching, a need for increased external monitoring, and a constant review of security controls. This was an unprecedented challenge for the IT Blue Team’s working with externalized applications, everywhere, in a very short period of time.
- Increases in Financial Fraud and PII Data Breaches: We also saw financial fraud coupled with PII data breach information that gave businesses a new headache. There was a steep increase in fraudulent unemployment claims that had to be addressed quickly, particularly for workers who were still employed with them at the time.
How will Cyber Security Change in 2021?
- Need for Increased Supply Chain Security: The SolarWinds, Petya, CCleaner, Kingslayer, and WIZ-VERA Vera-Port events mean we need to step up efforts behind our supply chain security more effectively. As the first line of defense, we need to team up with procurement to go beyond traditional boilerplate contract language.
- Strained Cyber Security Budgets Due to Economic Crisis: Year two of an economic crisis is when the crows come to roost. We’ll need to keep an eye on the squeeze pressures on profit margins due to anything from declining sales to foreign exchange headwinds. These variables could impact cyber security budgets while businesses reorganize to address shortfalls.
- Post-VPN Networking World and the Need for Secure Ongoing Remote Work: Moving to a “live where you want” situation, with impacts to remote work, is going to give IT Blue Teams pause for several reasons:
- Securely onboarding new hires working remotely, from business locations, and possibly with privately-owned endpoint equipment.
- Managing security stacks and equipment that might not be owned by the company or located globally.
- Shifting to living in a post-VPN networking world, leveraging: distributed network security application access points, user and device authentication, and zero trust models. Along with this shift, there is also an increased need for continuous monitoring and reporting.
- Handling employee’s shifting work schedules. This means making policy configurations for access points and anomalous behavior protection surrounding critical business applications, all of which are a bit more complex.
As we have seen every year, the balance between defenders and threat actors continues to change. Often the trends we observe are directly linked to the move, counter-move nature of the struggle, and 2020 was no different. Threat actors essentially doubled down on existing capabilities and challenged defenders to stop them. In 2021, security teams must once again rise to meet new challenges posed by these threat actors.
To learn more about the top threat trends from 2020, including new ransomware tricks, as well as predictions on the tactics and techniques expected to increase in 2021, download the free ZeroFox report on The Future of Digital Threats.