CISO Cyber Talks offers key Cyber Security insights from Check Point Software CISO, Jony Fischbein.
In my previous discussion, I highlighted important cyber security lessons learned from 2020. For the first time, organizations were forced to enable millions of employees to work remotely, which presented a variety of tough cyber security challenges. Organizations had to adapt quickly.
In this article, I’ll focus on major cyber security trends for 2021 that everyone in the industry should anticipate.
Moving forward, I foresee the threat landscape getting worse, not better. We’re tracking a sharp rise in the volume and sophistication of cyber attacks. Organizations are challenged to keep up because opportunistic cybercriminals change their strategies based on the perceived weak spots in the cyber environment.
One thing is clear: Organizations must stay one step ahead of the bad guys. Companies must have a clear understanding of where the future of cyber security is headed and adopt a more proactive approach that prepares for future threats and roadblocks.
As you develop your cyber security strategies, be aware of these key trends for 2021:
Ransomware on the rise
As long as there are vulnerabilities in systems and money is available, ransomware will continue to be a booming business for cyber criminals. Recently we’ve seen a 50% increase in the number of daily average ransomware attacks, and this trend is expected to continue. Because organizations that are already struggling during the pandemic are even less equipped to tolerate having their systems or data offline, threat actors will not hesitate to take advantage of this.
Furthermore, in 2020, we saw a rise in double extortion ransomware attacks, which is expected to continue in 2021. In a double extortion attack, threat actors maximize the chance they’ll receive payment by threatening to sell or publicize the data on top of encrypting it. With ransomware attacks becoming so disruptive, the FBI has softened its stance on paying the ransom, stating that it’s sometimes okay to pay to protect the stakeholders, employees, and users.
You don’t want to be in a position where you have to debate whether you’re going to make a ransomware payment. Instead, you want to prevent ransomware attacks before they even happen. Deploying best practices upfront such as protection of employee credentials, multi-factor authentication, network segmentation, and least-privilege access will help put your organization in the category of being free from ransomware attacks.
Finally, return back to the basics with your backup best practices. Backup often and regularly, and store copies of your data across multiple storage locations. Test your recovery process by performing frequent restoration exercises; data backups are no good if you can’t use them to restore operations.
Supply chain attacks
As we saw recently with Sunburst, the consequences of a supply chain hack can be devastating. There are systemically important enterprise software service product companies out there that play an outsized role in how the digital ecosystem works right now.
In the cyber security community, we must ask ourselves: what other technology companies are exposed? What other companies out there possess keystone technologies that ensure enterprises can continue functioning? This third-party, supply chain risk is something that we have to continue to invest our understanding in. We need to work on an identification methodology and understand who has elevated privileges, and put the appropriate security checks and controls around that.
While we identify these keystone technologies, there are steps your organization can take that can reduce the future risk of a supply chain attack moving forward.
Your IoT security solution should be able to detect if there’s any problematic or weak manufacturing deployed in your systems, as well as the devices’ firmware. IoT devices are vulnerable because many manufacturers don’t outfit them with strong security. Nation states and hacking groups knows this and exploit the fact that companies are essentially expanding their attack surfaces by using IoT devices.
Endpoints are often the first entry point to any organization, especially during the pandemic when your users are accessing the network through a secure tunneling protocol from home. Endpoint security should be prioritized and viewed within the context of Zero Trust Network Access (ZTNA). Your solution should also search for suspicious DLLs or power shells that shouldn’t be in your environment.
Finally, align your security programs to a zero-trust model, which enables network segmentation to block lateral malware movement. Utilize advanced threat prevention techniques with deep packet inspection technologies and next generation firewall capabilities. Secure your workloads that move across different cloud environments.
Embracing the cloud
“Should you invest in on-premise servers or the cloud?” When faced with this question, many executives decided to move to the cloud.
Cloud data centers managed by Amazon, Microsoft, and Google offer advantages over your on-premise data center. Cloud computing is cost-efficient and extremely scalable, allowing you to increase or reduce capacity as needed. Because the cloud doesn’t require a large upfront investment in on-premise hardware, it greatly reduces your total cost of ownership. Finally, a cloud-based setup allows you to deploy services with the click of a button and leverage unique solutions to resolve complex challenges.
Since companies will continue the work-from-home model, cloud adoption will increase, as well as a rise in misconfigured cloud resources. Many companies assume their cloud provider is entirely responsible for security, which can lead to data breaches and other security incidents. While cloud providers are responsible for securing the infrastructure stack, organizations are responsible for securing applications and configuring the cloud.
The rise in cloud adoption will be a key driver for Cloud Security Posture Management (CSPM) solutions. CSPM automates cloud security management while assessing data risk, performing risk identification, managing incident response, checking for cloud policy violations, and more.
The growing importance of SOCs
Security Operation Centers SOCs) are taking on a more critical role in dismantling complex threats. The market for managed SOC services is expected to grow to $1.1 billion by 2024 . SOC analysts play an important role in monitoring to protect the organization’s assets. Their duties include incident response, advanced triaging, isolating endpoints, threat prevention, and more.
I believe that SOCs will face significant challenges in the coming years. While the threat landscape is rapidly evolving, the shortage of cybersecurity professionals could threaten an organization’s ability to staff SOCs. According to one survey, this skill shortage as 53 percent of SOCs report having difficulties hiring skilled team members.
The role of the SOC analyst has grown. Digital transformation initiatives, cloud migration, and IoT devices have all added a layer of complexity to the threat landscape and introduced new cyber threats. As a result, SOCs have become more important than ever in maintaining a strong security posture for the organization.
The next level of SOC is already here with security orchestration, automation and response (SOAR) technologies. Incidents from Check Point and other devices fed into SOAR can generate new threat indicators for malware, threat behavior and network addresses associated with each identified attack. Each organization chooses which playbooks to implement around incident response, automating helpdesk service requests and resolutions, and much more
Expect larger budgets
In the midst of an uncertain economy and a continued health crisis, I’ve seen budgets become an issue for many organizations. However, if there’s one area that will always needs funding, it’s cyber security. To maintain strong cyber defenses in 2021, and beyond, organizations should appropriate increases across their cyber security budgets.
The attack surface has expanded in this new environment, and the bad actors are looking to take advantage by launching targeted phishing, ransomware, and a variety of other cyber attacks. You’re obviously aware of how costly a data breach or other cyber exploit can be for your organization. As organizations plan their security spending for the new year, CISOs should highlight the cost savings that investing in cyber security provides from a risk management perspective.
A proactive approach is needed. When a threat actor breaches a network, and your organization starts scrambling to manage the aftermath of the cyber attack, a business that’s strapped for cash may not be able to get critical cyber security projects approved. In contrast, a forward-thinking strategy allocates budget in case a successful breach or attack occurs.
Consider adopting a risk-based approach that categorizes risks in multiple categories, and then allocates funds depending on how much it costs to mitigate the risks in each category. The NIST (National Institute of Standards and Technology) Cybersecurity Framework consists of five functions: identify, protect, detect, respond, and recover. This framework can help you identify risks and decide which are the most impactful and require the highest priority.
In communicating with leadership, finance leaders need to understand the risk. Therefore, as a security leader, you must address them in their language. Pitch the price of risk mitigation as a way to obtain the green light for new and significant cyber security projects.
Threats to watch out for in 2021
We continue to see a slew of zero-day attacks; thus, threat prevention will continue to be critical. Ransomware threats show little sign of slowing in 2021. Phishing attacks have shown the most significant increase in volume and sophistication. We’ve seen a 350 percent increase in phishing attacks during COVID-19 alone.
Typically, phishing attacks are done through e-mail. However, I have seen hackers use phone calls to take advantage and steal sensitive information from organizations. In several cases, I have seen threat actors actually ask the individual from the organization to install remote admin software, giving up remote control access on their desktop.
We’ve seen SMS phishing techniques in which the victims receive a TinyURL link, obfuscating the real URL. Phishers also carry out their attacks on social media and instant messaging apps such as WhatsApp and Slack.
In short, threat actors are always thinking up creative ways to exploit unaware individuals.
Improving your human firewall
Humans are weakest link in cyber security. It is estimated that over 90% of all attempted cyber attacks involve phishing activity, hence the importance of training employees on various cyber threats and best practices to counter them.
With millions of employees working remotely, cyber criminals have not hesitated to take advantage as the number of phishing attacks doubled in 2020. Phishing scams involving COVID-19 vaccines have also become problematic.
Traditionally, in regards to employee training, companies send out a broadcast email alerting their employees of potential phishing campaigns or other threats. However, sending out an email isn’t an effective strategy for increasing security awareness. Unfortunately, I’m all too well aware of the fact that many people don’t have the time to read through all of their emails.
Companies should invest in building a comprehensive training platform that consists of videos and engaging materials, such as quizzes. Make it mandatory that employees complete the training in order to stay compliant with the organizations’ security posture.
As we enter a more complex threat landscape in 2021, we must take the time to anticipate future threats and incorporate the necessary defenses into our cyber security strategies. Cyber security professionals cannot win this fight alone, especially in the constantly evolving cyber landscape. Every employee in modern organizations has to be a cyber protector.