CYDEF’s cybersecurity predictions for 2021, including ransomware expectations, cloud-based software risks, and budget impacts on cyber protection.
CYDEF’s Cybersecurity Predictions 2021
Around the new year, it seems blogs either are reviewing the year that’s ending or predicting the events of the coming year. I decided to try my hand at predicting the future. The following post details three predictions – including my reasoning for each of them.
Cybersecurity Prediction #1: Everybody Gets a Ransomware!
In the latter part of 2020, the media revealed wave upon wave of ransomware details. Just prior to the U.S. elections in November, the waves slowed. This is largely due to concerted efforts by Microsoft and the U.S. government to prevent interference in a hotly contested election.
CYDEF’s cybersecurity predictions 2021: I expect the massive wave of ransomware attacks to increase in frequency and intensity.
Ransomware is Cyclical
After years of observation, I learned that ransomware is cyclical. It lags slightly behind a cycle of vulnerability development.
Attack groups spend a cycle developing vulnerability access. Then, they spend another cycle monetizing the access.
The latest generation of ransomware attacks (Ryuk/conti, REvil, Bitpaymer, etc.) that Microsoft dubbed human operated ransomware requires attack groups to invest significant time developing access. This includes moving across a network, carefully accessing and storing data, monitoring backups, etc.
This means that the observable ransomware payload is a lagging indicator of the attack. Today’s ransomware might just be a symptom of the attack that breached a network over a month ago!
The Effects of Social Isolation
The social isolation required in 2020 fueled the attacker’s capacity to attack. Throughout the year we experienced a significantly large number of critical vulnerabilities. Some of which quietly arrived without much notice. Some of which weren’t caught for months. That’s because attack groups (aka exploit developers) were also cooped up in their houses (I mean… even more than usual).
2020 was also a year of heightened social anxiety. Not just about the pandemic, but also about the outcome of the U.S. Presidential election. The general strife created an environment rife for social engineering lures. These lures gave attackers lots of tools to develop fraudulent access.
Since ransomware remains to be one of the most reliable methods of attack monetization, expect even more in attacks in 2021.
Actionable Advice
Given the prevalence of attacks in 2020, and the anticipated attacks in 2021, it would be wise to spend the first few weeks of January patching systems and checking for traces of precursor attacks (e.g. Emotet, Trickbot, etc.).
Cybersecurity Prediction #2: Cloud-Based Innovation
In this instance, we’re not talking about positive innovation with great societal benefits.
2020 was the year of the work from home (WFH) paradigm shift. March and April saw big increases in cloud services adoption, especially VPNs and collaboration tools. Many companies found themselves scrambling with only limited access to VPN licenses. In other instances, they had restricted performance on the VPN gateway hardware. Meaning: the entire staff couldn’t securely use the VPN at the same time. We also saw an increase in individual VPN adoption in an effort to secure home networks.
However, this came at a price. Many of the VPNs listed in app marketplaces were fraudulent. The attackers moved to where the money was.
Anticipate attackers to continue their assault on cloud services in 2021.
Cloud Challenges Cybersecurity
At CYDEF, we’ve witnessed a good number of phishing attacks on our client’s cloud-based Office 365 accounts. The SolariGate attackers leveraged Azure access to expand compromises. Other types of innovative attacks change web-based email forwarding rules to support business email compromise type attacks.
This cloud-based innovation on attack vectors presents a challenge for traditional security infrastructures. When users are working from home, they access most of their cloud resources without passing through the company perimeter. So, a lot of the network surveillance tools might not see all of the traffic.
Furthermore, all of these dispersed laptops have now valuable tokens for cloud access (e.g. application password to bypass 2FA, credentials to access virtualized desktop, etc.). Those tokens aren’t protected by the enterprise-grade perimeter defense anymore either.
So long as the WFH reality exists, attackers will see cloud-based credentials as the ultimate prize. As a result, attacks will focus on stealing credentials – so that attackers can legitimately access networks and do damage without detection.
Expect an increase in phishing attacks in 2021, including endpoint compromises leveraged to steal cloud tokens. As attackers find new and novel ways to monetize cloud access, the volume of attacks will increase.
Actionable Advice
Security teams should spend time researching who accessed their networks, and where their data went in 2020. New preventative measures should be designed and implemented to safeguard networks while employees WFH.
Cybersecurity Prediction #3: Businesses Face an IT Budget Crunch
Global economies experienced significant downturns in 2020. COVID-19 both contributed to and overshadowed economic trends, including the biggest slump since the Great Depression. (At the same time, the pandemic created some winners [e.g. Zoom].)
Some businesses are truly suffering. Many will start 2021 looking for opportunities to cut costs.
Whenever companies start looking for savings, cybersecurity budgets are always on the chopping block. After all, cybersecurity doesn’t drum up new business. It’s only there to manage risks.
Cybersecurity Prediction 2021: Business Risk vs Cyber Risk
For those businesses intent on survival, accepting cyber risk in exchange for financial solvency is a no brainer.
In my opinion, cybersecurity budgets are currently too low. When measured in relation to the risk of attack, cybersecurity budgets are crucial to survival. If your enterprise is breached, the recovery efforts alone can bankrupt an operation. Your business is far more likely to experience a cyber attack than a fire. However, it’s more likely you’ll invest in fire insurance than cyber insurance. The size of the budget relative to the risk is not always proportionate.
Actionable Advice
If your enterprise anticipates a budget review in 2021, it’s also an ideal opportunity to review your cybersecurity practices. Instead of nixing the cybersecurity budget outright, consider the following:
- Is the business experiencing the expected outcomes from the cybersecurity investments?
- Are there any steps that could be taken to make more efficient investments in cybersecurity?
Finding process efficiencies in your cybersecurity plan could save money, allowing your business to invest in more productive endeavors budgets return to normal.