Regardless of changes in technological trends, security has always been the focus of an organization's IT department. Industry experts believe that predicting security trends will never become obsolete. No matter how the development trend changes, security is an eternal topic and has no end.
Security trends are often a mixture of "old" events (such as phishing scams and malware) and "new" events (such as the widespread impact of the coronavirus epidemic on organizations and individuals). This is the case in 2020 and it will be the same in 2021.
Many IT and security leaders shared their insights and expectations for the development of the industry in the coming year. The following are their concerns and issues that IT leaders should pay attention to.
1. Security architects will face a new normal
People may see organizations redefine their security priorities, because cyber security is not necessarily the top priority in 2020. In particular, organizations consciously began to adjust their security operations manuals to reflect lasting changes in how they operate, including remote workers.
EG Nadhan, chief architect and strategist for Red Hat North America, said, “Due to the outbreak of the coronavirus in 2020, people are paying more attention to business operations and work efficiency than to safety. With the gradual transition to the new normal, safety Will regain attention and restore the ability to proactively implement security policies."
Even if the epidemic subsides in 2021, these strategies will need to address the reality of remote work and the lasting changes in other business operations. Even if the new normal has been redefined, security procedures will need to be adjusted accordingly.
Shawn Burke, Chief Security Officer of Sungard AS, said: “Ensuring security in the next normal state will be the top priority in 2021. As enterprise business shifts to remote work, we will continue to see more and more focus on Protection of perimeter security and cloud computing deployment."
Nadhan expects that with the proliferation of hybrid cloud and multi-cloud strategies and the spread of employee and IT product portfolios, the role of security architects will become more important and more popular.
Nadhan said: "The role of security architects will become more critical among various platforms and cloud computing providers, thereby driving the adoption of a'security first' architectural approach."
This is not just a problem for remote workers. Fundamentally speaking, this is an architectural issue, especially as cloud-native applications and infrastructure applications become more common.
2. Automation will help support a safety-first architectural approach
Chris Wyspoal, founder and chief technology officer of Veracode, said: "I think the key areas of cybersecurity in the next few years are related to the organization's search for ways to innovate and build software at a faster rate. The need for speed has led to a comprehensive development team. The application is decomposed into the smallest reusable modules (microservices), so they can be combined in multiple areas of the business. Although it helps to increase the speed, but for the development and security teams, ensure that these are based on microservices The security of the technology will be a challenge."
Automation has not only become very practical, but also necessary, which has promoted the rise of Kubernetes and enterprise Kubernetes platforms in organizations that use microservices and containers on a large scale. This usually happens at the same time as DevOps or agile ways of working.
In order to ensure faster completion of work, IT organizations will work on the integration, automation, and coordination of network security system workflows. Red Hat’s chief technology strategist and Canadian solution architecture director Michael Cardy said: “Various functional cyber security tools will be combined to form a coordinated system to handle vulnerability identification, attack vectors, and automated repair workflows.”
3. Phishing and ransomware are still ubiquitous, and remote work will also be attacked
Many security experts predict that the number of phishing scams, ransomware and other attacks will increase in 2021. These threats exist because they are effective, and this will not change in 2021.
Mitchell Kavalsky, director of security governance, risk and compliance at Sungard AS, said, "Phishing and ransomware will continue to be the main means of malicious activity."
In 2021, these widely spread security threats will increasingly target large numbers of people who continue to work from home.
Kavalsky said: "In the coming year, cyber attacks on personal email and systems will increase. There are now more people working from home than ever before, and this trend will not change anytime soon. Cyber attackers Will attack people’s remote working systems. Because their laptops are running on the home network, hackers will use this channel to access and attack remote working laptops. It is important for employees to complete their work at home and ensure the security of the home network system It will also be crucial."
Remote work from home has been widely implemented in 2020, and employees can also work in corporate offices under the condition that safety is guaranteed. Sharon Wagner, CEO of Sixgill, said that companies and individuals have responded well to the rapid transition. However, the impact of widespread remote work on security (and the employee's home will become an important entry point for the enterprise system) has not yet been realized.
Wagner said: "Although the impact of global epidemic changes on network security has not yet been apparent, we may see a surge in data breaches and endpoint vulnerabilities in 2021. The shift to remote work has brought about damage to home networks, personal devices and other endpoints. Attack risk, these terminals are now more vulnerable to attacks than ever before."
A virtual network that is poorly secured or unpatched may become a potential weak link again. Brian Wilson, chief information security officer of SAS, believes that more and more organizations will turn to edge-based authorization tools, thereby weakening the role of virtual networks as the main protector of network security. He also hopes that the "zero trust" security model can regain the good reputation of its early applications, because user access and privileges have become carriers of cyber threats as before. Wilson is one of the leaders in the IT and security departments, and they hope that the remote work setting can continue forever, even if some people start to return to corporate offices to work when the epidemic subsides.
Wilson said: "Educating employees on how to keep the home environment safe is more important than ever."
4. Even if the epidemic is contained, threats related to it will still exist
Even if the epidemic will be contained in 2021, the security threats associated with the epidemic may continue for a long time after that. Bad actors will try to use a wealth of information about vaccines, government and private sector responses, and other long-term effects of the epidemic. Jerry Gamblin, security and compliance manager at Kenna Security, believes that many of these bad actors will have ties to government agencies.
Gamblin said: "We are likely to see an increase in cyberattacks from government-sponsored organizations, and ransomware organizations linked to the country have stepped up their attacks and used the uncertainty during the epidemic to profit."
People will eventually return to "normal life", of course this will also bring new risks. For example, conferences held on site can become attractive targets for cyber attackers.
Gamblin said: "Organizations may require employees to be vaccinated against coronavirus before they can travel or participate in on-site meetings. Collecting participant and customer data will become the target of malicious actors."
It is almost certain that cybercriminals will continue to use the epidemic to strengthen phishing, ransomware and other attacks.
On December 3, the IBM Security X-Force team announced that it had discovered a global phishing campaign targeting organizations related to the coronavirus vaccine cold chain.
5. Cloud computing configuration errors are still a major problem
Like ransomware and phishing, incorrectly configured or monitored cloud accounts will also be a constant threat.
Gamblin said, "By 2021, we will continue to see organizations leak large amounts of customer data through misconfigured cloud storage services. But we will not see a viable solution to this problem."
This shows the disconnection of cloud security: the world's major cloud computing providers have invested a lot of money in security, but they are not directly responsible for users' internal policies and processes. Even platforms and tools with robust native security features need to be set up and adjusted appropriately for the specific environment of the organization.
Burke, Sungard's chief security officer, predicts that cloud hijacking (a practice that uses compromised credentials to take over an organization's cloud accounts) will become as serious as a ransomware threat. Overall, this reminds people that continuous due diligence and monitoring is the key to a layered approach to cloud security.
Burke said: "Organizations need to have a clear understanding of their cloud computing footprint, assets, and supplier relationships. Cloud computing providers are the key because although they are responsible for protecting the cloud computing environment, their customers must still perform access management, data protection, etc. Policies and procedures to ensure safety."
6. Compliance requirements fuel cloud decisions
Data privacy and protection are both security issues and compliance issues. This will continue to be an important factor in cloud computing architecture and strategy in 2021, especially for large organizations or any organizations with global influence.
Wilson, SAS’ Chief Information Security Officer, said: “Consumer data privacy pressures continue to increase. This is a special challenge for U.S. companies with European operations. They must comply with stricter GDPR regulations. This is a driving force for the development of cloud computing. Important factor. Keeping data in the region can simplify control and data management strategies, but it also emphasizes the need for global unification and resources in terms of laws and compliance."
This is one of the attractions of hybrid cloud and multi-cloud architecture.
Asher de Metz, senior manager of security consulting at Sungard AS, predicts that more cyber security and data privacy regulations will be introduced in the coming year. They said: "I expect that the development of network security and privacy requirements will be strengthened, and various countries and regions will comply with data privacy regulations."
7. MITER ATT&CK framework is widely used in the business world
Companies need to obtain the best information about potential cyber attackers and threats to improve their security posture. Thanks to the MITER ATT&CK framework, the information that was once a confidential government document is now more accessible than ever. Given the increasing globalization and complexity of corporate security, this knowledge base is becoming increasingly important.
Jonathan Reiber, Senior Director of AttackIQ’s Cybersecurity Strategy and Policy, said: “The MITRE ATT&CK framework will continue to be the backbone of public and private sector cybersecurity programs and threat intelligence defenses.” Reiber served as chief cyber policy strategy for the Office of the Secretary of Defense during the Obama administration. official.
Reiber explained, “Historically, only well-resourced organizations like Fortune 100 companies and U.S. government agencies have the resources and personnel needed to develop real-world threat intelligence and adversary simulations. With the help of analysis resources provided by MITER ATT&CK, Organizations around the world can focus on known threats and improve their security."
The MITRE ATT&CK framework means that organizations no longer need to be large banks or technology companies to compete fairly with rivals. A famous phrase in "The Art of War" is "know oneself and the enemy, never end in a hundred battles", which applies to the field of network security.
MITRE ATT&CK was first released in 2015, essentially to ensure that cyber attackers are known, so organizations should use it more actively.
Reiber said, “The ATT&CK framework has become an important driving force for the public and private sectors, and it has become a global censored and comprehensive database of cyber attackers’ behavior. The US Government’s Cybersecurity and Infrastructure Security Agency and recently the Australian Government regularly quote the Database. When used with an automated adversary simulation platform, ATT&CK allows organizations to test their cyber defense measures against known cyber attacker behavior securely, on a large scale, and in production."
Reiber also pointed out that MITRE Engenuity's Threat Intelligence Defense Center has begun to develop a free adversary simulation plan. It released its first plan earlier this year for security teams to mimic the defense measures against the cybercriminal organization FIN6.