In this article, we offer our perspective on the top 10 cybersecurity trends.
Our team of IT security experts has spent hundreds of hours researching and analyzing the emerging threat landscape to bring forward these predictions.
The purpose is to explain how these threats impact businesses and individuals alike while delivering actionable steps you can take to be more secure.
Free Security Policy Templates
Get a step ahead of your cybersecurity goals with our comprehensive templates.
1. Lockdowns Permanently Change How We Conduct Business
As businesses have shifted their workforce to flex models or full-time work-from-home models, so has the attack surfaces. Threat actors take advantage of current events and changing circumstances to exploit those who are most susceptible.
By now you’ve likely come across an email, phone, or text message scam related to Covid-19. Or, charities that claim to be assisting front-line workers. Worse yet, those who pretend to sell protective equipment, hand sanitizer, or food.
Cybercrime as a whole has increased by 600% since the beginning of the global pandemic.
As the world continues to wait for the future of the virus and lockdowns there’s one certain thing – cybercrime will only continue to increase.
Lockdowns have permanently changed everything about how we conduct business.
The obvious benefits of reducing capital expenditures aside – productivity increased by 47% YoY despite work from home culture.
Further, states like Florida and Texas are attracting the largest companies and talent away from New York and California. The flexibility provided by working from home enables corporations to make these structural changes within their business operations.
One of the leading voices in this movement is the software giant, Salesforce. In a recent announcement, the company said they are looking to permanently reduce their office footprint.
Bottom line: Companies that do not require office space to be productive will never fully go back to an office setting. As a result, security needs to be a discussion when developing work-from-home policies.
While countermeasures exist to safeguard employees working from home – they’re not infallible.
After all, it only takes one click to compromise an entire network. Continued diligence from users and investments from key stakeholders to foster a truly secure environment will be a required part of doing business.
Gone are the days of checking off a box for the sake of compliance. Or, assuming that industry average risk ratings are good enough. This is exactly the type of mindset threat actors are searching for when selecting their next target.
Dive Deeper:
2. Patch Management Will Become A Top Priority For The C-Suite
One of the main points of entry used by threat actors is to exploit unpatched vulnerabilities within systems.
According to one survey from the Ponemon Institute, 60% of breaches in 2019 involved unpatched vulnerabilities.
As a result, patch management services have quickly become a topic of discussion in the C-Suite.
In short, patch management is a continuous process of identifying, prioritizing, remediating, and reporting security vulnerabilities in systems. This is particularly important if your organization has a need to burn down a backlog of vulnerable systems.
The goal of a patch management program is to ensure good patching policies are being implemented company-wide.
Businesses will be turning to managed security service providers as a cost-effective way to get a better handle on vulnerable systems to reduce risk.
Many vendors can provide this service without the need to install expensive third-party tools while also saving internal resources time.
In addition, look for a vendor who works with you to create standardization around your patch management program.
This ensures predictable and repeatable processes can be followed thereby minimizing the amount of time required to maintain the program.
Dive Deeper:
- How To Perform A Successful Network Security Vulnerability Assessment
- How Often Should You Perform A Network Vulnerability Scan?
- Internal VS External Vulnerability Scans: What’s The Main Difference?
- 14 Essential Network Security Policies Templates You Need
- Network Security Types: Expert Explains The Basics Of Cybersecurity
In a traditional IDS, traffic data is brought together and analyzed for suspicious activities in data. This is also referred to as signature-based monitoring, which detects attacks based on known attack signatures and patterns.
Another detection variant used by an IDS is heuristics/behavior more commonly referred to as anomaly-based. This type of monitoring detects attacks by first establishing a baseline of daily network traffic and its use.
The IDS compares day-to-day operations against the baseline. An alert is then sent to a security operations center, or security specialist when irregular or otherwise suspicious activity is detected.
3. Ransomware Will Continue To Be The #1 Threat
Ransomware is a type of malware that denies users and system administrators access to files or entire networks. Once the malware infects systems, threat actors will send a ransom note typically demanding payment in Bitcoin.
Learn More: How Ransomware Spreads In 2024: 5 Common Methods
Ransomware made history in 2020 contributing to the first reported death related to a cyber attack.
In this case, a hospital in Germany was locked out of their systems and unable to treat patients. A woman in need of urgent care was rerouted to a neighboring hospital 20 miles away but did not survive.
Unfortunately, industry trends don’t look hopeful.
In a survey of 582 information security professionals, 50% say they do not believe their organization is prepared to repel a ransomware attack.
Adding to this, 75% of companies infected with ransomware were running up-to-date endpoint protection.
This method of attack is extremely lucrative for threat actors as sophisticated ransomware kits are widely available on the dark web.
Healthcare providers are one of the hardest hit and most vulnerable industries for two reasons:
- Personal Health Information (PHI) can sell for hundreds of dollars per record and is often resold to multiple threat actors.
- The security of health systems is typically driven by compliance and not by proper security hygiene.
For example, running vulnerability scans will report on Critical, High, Medium, or Low vulnerabilities. While the Critical to High vulnerabilities are often prioritized it’s the Medium or Low vulnerabilities that can place you at risk.
Overlooking these vulnerabilities on say a printer, medical equipment, or other connected devices is what enables threat actors to gain entry into your network.
As we look forward we do not see any signs of ransomware slowing down.
We expect new targeted variants to be developed with the goal of infecting specific industries: Education, Mining, Transporation, and Energy, to name a few.
Dive Deeper:
4. Supply Chain Attacks Will Grow And Be More Targeted
The recent compromise of SolarWind’s Orion platform has brought global attention to the need for businesses to make cybersecurity a top priority.
In this case, a sophisticated supply chain attack impacted over 18,000 customers including Fortune 500 companies and government agencies.
We will explore this further in the article, but in short threat actors search for targets that can be easily compromised and that have a significant monetary value. Attacking a supplier to gain entry to larger organizations is one way to bypass their sophisticated security controls.
According to a report from VMWare, 50% of cyber attacks today are not only a network but also those connected via a supply chain. Further, in 2018, supply chain attacks increased by 78%.
A 2020 report conducted by Sonatype also found that supply chain attacks on open-source software surged by 430%.
With this type of attack, it doesn’t matter how robust your security program is if your vendor has been compromised.
Once threat actors have a foothold in your network, they will attempt to move laterally to escalate their privileges and gain control over your systems. Or, they’ll lie dormant for months to years at a time collecting and exfiltrating data.
As we look forward we see supply chain attacks continuing to pose a significant threat to organizations. One way to mitigate these attacks is by implementing Zero Trust Architecture.
Learn More: 10 Cybersecurity Tips For Small Businesses
5. CMMC Will Set The Tone For Enforcing Security Standards
The Cybersecurity Maturity Model Certification (CMMC) has been a compliance standard long in the making.
Built off DFARS and the NIST 800-171 framework, CMMC will require DoD suppliers to meet and maintain a number of security controls depending on the type of data they have access to or store.
The threat of losing government contracts is a surefire way to enforce compliance.
In recent months, new standards have been brought forward requiring organizations to also prove that they’re working towards CMMC.
This is because businesses were not being honest in their adoption of these security best practices.
From a business perspective who can blame them? In some industries, the margins are so thin as is that they can’t afford the investment even if they wanted.
States, like Maryland, are trying to help by providing a $2,500 reimbursement for a NIST 800-1717 Gap Analysis.
However, this figure doesn’t come close to covering the costs associated with performing the analysis let alone implementing and maintaining the required security controls.
While it is unfortunate that businesses have to be forced to meet certification standards, it does promote a more secure environment.
We predict that CMMC is only the stepping stone towards a more unified security standard in the United States.
6. Security Operations Center (SOC) Services Will Grow
Security Operation Centers (SOC) provide real-time monitoring, detection, and response in order to mitigate or prevent cyber attacks when they occur. The benefits gained from a SOC is what provide organizations with a holistic approach to security.
This is done by centralizing the display of assets, collaborating across departments and functions, and ultimately maximizing awareness to minimize costs
SOCs are more accessible today than they were in the past, partly due to the meteoric rise of cloud services. Another reason for its growth has been the constant drive to push security down to smaller business models.
Small and mid-sized organizations are investing in SOC as a service model because it’s less expensive to subscribe to a predictable monthly subscription than it is to hire and maintain an internal department.
In contrast, it often makes more sense for enterprises to build their own internal SOC.
As a result, the SOC as a service market is projected to grow to $1.6 billion by 2025 from $471 million in 2020.
We believe that the work-from-home and BYOD culture has accelerated this trend in 2020 and will continue to grow YoY.
In addition, security frameworks and compliance, such as CMMC, require the implementation of an SIEM and IDS/IPS.
As mentioned, the talent, toolsets, and program management required to run a successful SOC is simply out of reach for most small and mid-sized organizations.
Dive Deeper:
7. Multi-Factor Authentication Use Will Evolve
When it comes to authentication, multi-factor authentication (MFA) is often seen as the gold standard.
However, we’ve covered several stories this year in The Breach Report of how threat actors are bypassing the methods used to authenticate.
More specifically, any authentication is done through SMS or phone calls.
For example, in early November Microsoft urged users to stop using phone-based MFA and instead recommend using app-based authenticators and security keys.
While SMS does have some security built-in, the messages sent are not encrypted. This means threat actors can perform an automated man-in-the-middle attack to grab the one-time passcode in plain text.
Online banking is one of the most at-risk industries as authentication is typically done through SMS. In a recent report, a massive banking fraud operation was exposed which compromised 16,000 devices causing over $10 million in damages.
Given this risk, organizations will begin to turn towards application-based MFA wherever possible such as Google Authenticator. We also highly recommend using a hardware MFA like YubiKey.
8. The Cold War Of Cybersecurity Is Here And Will Heat Up
The massive data breach of the federal government and private sector that began as early as March 2020 is only the beginning. The Cold war of cybersecurity was already among us, however, this has set the stage for something far greater.
This recent compromise has widespread implications that, at this point in time, can only be speculated on. In truth, it will take years to uncover the true impact of this attack, who was responsible, what systems were compromised, and what data was accessed/exfiltrated.
What we do know is that US government agencies were targeted along with many fortunate 500 companies using the monitoring platform, SolarWinds. It’s likely that significant investments will be made into aging government IT systems and that some sort of retaliation will take place.
Countries such as China have begun to retrain their army in cybersecurity schools with plans to become the world’s leader by 2027. Meanwhile, the deficit of trained security professionals in the US has been noted by top officials at the Department of Homeland Security as a national security risk.
Recently, Great Britain’s Prime Minister Boris Johnson held a virtual event expressing the need to boost the country’s cyber attack capacity.
Key points of our infrastructure such as the electric grid and telecommunications are also highly susceptible to the threat of an attack. With a click of a button, an entire country could be sent to the Stone Age from thousands of miles away.
As cyber warfare continues to heat up it’s clear that training security professionals will become more valuable than building nuclear weapons.
9. Mining, Transportation, Construction, And Energy Are Prime Targets
Threat actors have much to consider when evaluating the targets they go after. They need to weigh the level of effort versus the reward.
A bank may be a valuable target, but the amount of resources required to breach their systems is out of reach for most.
However, targeting a small business that can’t afford a $1,000 ransom payment isn’t particularly lucrative either.
Instead, threat actors look for industries that are not as tightly regulated and have significant monetary value.
When we look at the current economic landscape, and industries poised to benefit greatly from the coming recession, we see 4 key targets for threat actors:
- Mining
- Transportation
- Construction
- Energy
Mining
The mining sector is a very misunderstood market by most investors. Prices of gold, silver, copper, nickel, uranium, lithium, and other industrial or precious metals have and will continue to increase.
We see this upward movement because supply chains are extremely constrained. This is due to increased YoY demand coupled with a lack of investments in the exploration of new reserves.
Mines are also notoriously expensive to operate and can take years to ramp up into full production.
Prices of commodities are also at an all-time low. As the adage goes, “The cure for low prices is low prices.”
Added to this is the fact that the dollar is on pace for its worst 4th-quarter performance in 17 years. Further, 35% of all US dollars were created in the last 10 months.
These are perfect conditions for prices of commodities to rise.
Transportation
Transportation is an obvious sector that has been under threat of cyber attacks in the past.
The pandemic has changed everything about how we operate and delivery services are not showing any signs of slowing down.
Amazon, Walmart, Costco, Chewy, and other large online retailers have seen stock prices soar since March as online shopping has risen with nearly $1 out of every $5 spent online.
Disruptions in these supply lines mean more than not getting your Amazon package delivered on time. For some, it’s the only way people can access fresh foods or life-saving medicines.
Construction
Construction projects in the US will increase under the new administration. The aim is to fix our deteriorating infrastructure and to provide higher-paying jobs with benefits that lower-level service sector jobs lack.
It’s estimated that $2 trillion will be invested by the federal government, which will require construction companies to comply with CMMC.
Energy
Energy sectors will also rebound as the world economy opens up. Oil and natural gas companies have already begun to consolidate in the market.
Exxon and Chevron recently discussed merging, which would make it one of the largest corporate mergers ever.
Eventually, demand will increase and those who manage to survive the downturn will benefit greatly.
While green energy initiatives do threaten to take over the energy sector, it’s not likely to happen anytime soon. In a best-case scenario, it will take years for the US to remove its dependency on oil, natural gas, or nuclear power.
In fact, the green movement will further increase energy usage.
10. Drive-By Wireless Attacks Will Impact Remote Workers
Work-from-home culture is here to stay making residential areas a valuable target for threat actors. Microsoft reports that the volume of IoT attacks in the first half of 2020 rose by 35% compared to the second half of 2019.
From a level of effort perspective, these types of attacks are relatively easy for threat actors to pull off. Yes, they do need to be within physical proximity (approximately 65 feet) of the target.
However, the equipment is less than $200 and the configuration of the device is something that could be learned on YouTube in a matter of hours.
For example, a deauthenication attack on unsecured wireless networks can ultimately provide threat actors with a hashed password of your network that can be brute-forced offline.
Once the password is cracked, the threat actor can use their access to your network to gain command and control over your connected devices.
We expect these attacks to continue to rise – especially in apartment complexes where a large number of users can be targeted at once.
Read More: How To Perform A Successful Wireless Penetration Test
Wrapping Up
We expect investments in cybersecurity to become a top priority for businesses. Looking further ahead we see security becoming a normal cost of doing business.
The Cybersecurity Maturity Model Certification (CMMC) will lay the groundwork for an enforceable and standardized security framework in the United States.
While the doom and gloom of recent data breaches sound disheartening – it doesn’t have to be. There are several proactive steps you can take to mitigate and prevent cyber attacks.
PurpleSec is here to help deliver a custom tailored plan to meet your organization’s needs. Contact us today and speak with a cybersecurity expert.
Article by