Cloud Security, Malware, Phishing, Ransomware

How security pros can effectively manage a challenging 2021

Continued attacks from nation-states, new strains of ransomware and the reality that it will take several months for the COVID-19 pandemic to resolve will make it a challenging year for security pros. Today’s columnist, Mick Baccio of Splunk, offers some insights to how to manage these many challenges.

The threat landscape as we knew it was one of the many casualties of the COVID-19 pandemic. Digital transformation has accelerated rapidly across the board – bringing with it a myriad of new technologies and new processes to support the shift to a distributed, work-from-home environment.

Yes, 2020 was a year that put immense pressure on cybersecurity teams, but in 2021, following the SolarWinds hack, increased ransomware threats, domestic political turmoil, and months before enough people are vaccinated and people go back to work – it will only get worse.

As workforces continue in a remote or hybrid state, bad actors will shift their strategies to match. Whether adapting tactics or creating new ones to match behavior from private industry, here’s what security pros need to keep an eye on as we take on 2021.

  • Vishing and phishing will increase.

With more employees working remotely, attackers will increasingly use voice, or vishing and email phishing to obtain account credentials from workers who would normally work in offices. Last August, the FBI and CISA issued a joint warning about the recent rise in vishing attacks, as remote work carried on. The advisory said actors first began using unattributed Voice over Internet Protocol (VoIP) numbers to call targeted employees on their personal cell phones, and later began incorporating spoofed numbers of other offices and employees in the victim company. Throughout this year, as remote work at scale continues and the personalization of phishing attacks becomes easier and more common, we can only expect vishing – and phishing – to get worse. Email still remains the top attack vector, and that won’t change anytime soon.

  • Supply chain attacks will get personal.

Expect threat actors to increase their efforts to take advantage of weaknesses/vulnerabilities in consumer products, such as the home router from an ISP, phone apps, or even webcams. Think of webcams. Right now, everyone needs a webcam – whether it's for work or for school. Say someone ends up buying a knockoff, something cheap. That becomes a new or more prominent vector for attackers. We need to take supply chain vulnerability seriously. Attackers won’t just attack people, they’ll attack stuff - the devices people use regularly and rely on. There’s a lot of diligence required to make sure supply chains aren’t  compromised. It starts with knowing that vendors take cybersecurity as seriously as their customers and business partners do.

  • MFA adoption will skyrocket.

As a way to keep more personal and business devices secure in a remote environment, we’ll see an uptick in the adoption of Zero Trust tools like MFA. In fact, we’ll see an uptick in the adoption of most Zero Trust tools – as the pandemic’s effects on workforce disruption continue, ensuring the company’s digital assets are secure becomes even more of a priority.

In years past, the holy grail for IT security has been defense-in-depth. The SOC protects the data within the network by protecting the network perimeter. But Zero Trust doesn’t rely on network protection to keep data secure. Instead, if companies secure endpoints and backend applications, the safety of the network becomes a secondary, rather than primary, line of defense. This idea has already made sense in 2019, but with the COVID-19 era’s sudden spike in remote work, it will become an even smarter approach in the years ahead.

  • New threats will lurk in the cloud.

Organizations rushed to the cloud in 2020. Now that the dust has settled, new cloud threats have emerged, and they’re giving already maxed out security teams a run for their money.

From an IT operations and IT security perspective, security teams will need cloud-related skills in 2021 and beyond – cloud isn’t going away any time soon. In fact, we can expect the robust tool sets of cloud providers to lead to a contraction in the market for cloud security tools. Cloud providers will instead offer different tiers of security access to various personnel, meaning that cloud skills will count more (and pay more) than ever.

  • SOC teams will continue to struggle with visibility.

As the world and the workforce continues to change, visibility will remain a top issue. Network maps and multi-tenant models are becoming more complex with cloud adoption, and a growing interconnected ecosystem of devices and services only further complicates internal visibility. By creating visibility and then mitigating threats in real-time, organizations will survive their attacks and potentially thrive in the midst of them. 

As 2021 evolves, it’s clear that security pros will face some of their most vicious foes yet. Expect much more of the same from nation-state actors, malware attackers, ransomware threats, or kids who just clicked on the wrong link on their mom’s work laptop. But there are steps CISOs can take to alleviate those future strains on the business. It starts with the basics: prioritizing people, process and technology. They are all interconnected and deliver necessary feedback loops to help adjust and rectify an organization's security posture. In a world where even tomorrow seems uncertain, it’s how we protect our world today against any future threats.

Mick Baccio, cybersecurity advisor, Splunk

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.