2021 Cybersecurity Trends to Prepare For

Kathleen Moriarty, Chief Technology Officer (CTO)

While the next 5-10 years hold promise for positive change, we will see incremental improvements for built-in security, automated posture assessment, and attack surface space with reduced resource needs in the year to come:

• Zero Trust Architecture: Zero trust is becoming increasingly pervasive and granular, having vendors move toward built-in security models. Many vendors will continue to focus on their individual contributions toward a more pervasive architecture described in NIST SP 800-207, “Zero Trust Architecture” for 2021. Key technologies such as attestation are beginning to enable verification that systems and software are as expected. Automated verification is one of the key tenets of zero trust models enabling built-in security, provided by the originating vendor. All major hardware and hyperscaler vendors provide attestation from a root of trust for hardware and firmware verification today. In 2021, attestation and use of reporting through remote attestation will support container and workload verification if not more, such as operating system and application security. Attestations will be aligned to trusted controls, such as the CIS Controls and CIS Benchmarks for Kubernetes and Docker, similar to how firmware attestation policy and measurements align to NIST SP 800-193 for Firmware Resiliency. This built-in capability will better enable organizations with limited resources to deploy and manage more secure environments. Several large vendors have attestation capabilities in development or released for containers and workloads; this will become standardized and expected to enable automated, simplified posture assessment.

• Encryption: This shift of control verification to the endpoint is increasingly important as encryption use at the object and transport level rises. There are big thrusts at the moment to ensure systems are capable of maintaining data confidentiality via encryption, where data and executables are protected except at the point of execution, as can be seen in announcements such as Microsoft’s Pluton and the industry consortium work of the Linux Foundation’s Confidential Computing Consortium.Encryption in multi-tenant environments between protected container instances is already standard. Use of encryption will increase at the object level in cloud environments, accelerating the shift to security being managed at the endpoint. Shifts to strong transport encryption on internal networks will likely not happen in 2021, although technology shifts to support it will begin to take hold.I’ve outlined a vision for the next 5-10 years in “Transforming Information Security: Optimizing Five Concurrent Trends to Reduce Resource Drain” after much consideration.

Curtis Dukes, Executive Vice President

Being proactive will be one of the most important actions businesses and institutions can take in 2021. This year, the virtual landscape will only grow from remote workforces to new threats wanting to take advantage of vulnerabilities:

• Remote work: The disappearance of the security boundary will continue into 2021, with remote work becoming a permanent aspect of the employment model for many organizations.

• Ransomware: Ransomware and data theft will continue across all industrial sectors. The increase in payouts will attract new players and lead to innovation in how attacks are executed.

• Artificial Intelligence: AI will be used by criminal networks to further automate attacks, assisting with phishing and circumventing existing security measures.

• Cyber Insurance: Best practices such as multi-factor authentication (MFA), secure configuration, defined patch periods, and others will be mandated as a precursor to policy underwriting.

Adam Montville, Chief Product Architect

Measuring and managing risk will be an important factor when creating a cyber security plan for 2021:

• Ransomware: I do believe ransomware incidents will continue to increase and evolve as a cybersecurity trend in 2021. We have seen attackers pivot from the enterprise they were extorting to the clients of that enterprise, for example.

• Risk Management: I believe that a greater emphasis will be placed on risk management, because, as the recent SolarWinds breach demonstrates, there’s always a point that hasn’t been considered in a threat model, and is therefore left exposed. In other words, the soft underbelly of the system will eventually be found. My hope is that security automation ecosystems, in concert with incremental improvements for built-in security, mature throughout 2021 as a step closer to the automated ecosystem we all have envisioned. Part and parcel of that ecosystem vision is defining flexible and extensible models for computing resources and their configurations, and then to make intelligent, risk-based recommendations for them.

• Privacy: Privacy continues to be an increasing concern. Some companies have made privacy a cornerstone of their services (e.g. Apple), and others have not (e.g. Facebook).

Angelo Marcotullio, Chief Information Officer

Protecting your network from intruders should be top of the list in the coming year. A strong Identity and Access Management program will make discovering these situations more likely and in less time:

• Creating accounts with the least level of needed privileges and monitoring user activities is good cyber hygiene (CIS Controls 4 and 16)
• Another benefit of a robust Identity and Access Management practice is the possible discovery of dangerous intruders in your network. When a network is compromised, the intruders will often try to create new accounts or raise the privileges of existing accounts so they can move laterally around the network. You may see failed logins, logins at unusual times of the day, and new accounts being created that are signs that your network has been compromised.

Josh Moulin, Senior VP, Operations and Security Services

The remote workforce will not be going away in 2021. Ensuring that data is protected is not just about the office anymore but about protecting data on each individual employee workstation:

• Securing the Remote Workforce: The COVID-19 pandemic forced most organizations to rapidly shift their workforce to remote work. For many, this involved unplanned cloud migrations and procurement of IT products and services to support the distributed workforce. In the rush to keep organizations functioning, traditional security vetting may have been rushed or non-existent, creating new vulnerabilities and risks. Surveys consistently show that after the pandemic, around 50% of the workforce will remain distributed, requiring organizations to maintain and enhance their IT infrastructure to support a distributed workforce.In 2021, organizations will need to focus on the security of what was rapidly implemented by hardening systems, implementing security controls, mitigating vulnerabilities, documenting configurations, and ensuring proper monitoring. Simultaneously, organizations will also need to determine their long-term remote security strategy and consider implementing solutions such as Zero Trust Network Access (ZTNA) or Security Access Service Edge (SASE).

• Data Privacy Becomes its Own Discipline: As a result of numerous high-profile cyber-attacks which resulted in the exposure of millions of personally identifiable information (PII) records, data privacy is no longer a component of a security program, but a program all of its own. As civil litigation increases due to organizations failing to follow best practices with data privacy and the amount of regulatory compliance requirements increasing year over year, organizations will be required to focus on data privacy in 2021. Data privacy officers, record retention and destruction, role-based access control, multi-factor authentication, encryption in transit and at rest, network segmentation and monitoring of privacy-related records, and external assessments are all topics that organizations should be looking at to strengthen their data privacy.

Cyber Threat Intelligence (CTI) Team

2021 will be an interesting year from a threat perspective. The MS-ISAC CTI team assesses that many cybersecurity trends from the last two years will continue on an upward slope, especially an increase in living-off-the-land techniques, ransomware-as-a-service, and post-ransomware extortion. Living-off-the-land techniques are those that use capabilities and services inherent in systems, such as administrator tools and scheduled tasks, to obfuscate malicious actions.

• Ransomware: Ransomware-as-a-service allows cyber criminals to rent existing architecture and tools rather than build custom capabilities, thus increasing both the overall number of attacks and the variety of victims targeted. Post-ransom extortion, or double extortion, involves a second threat of leaked sensitive data exfiltrated from victim networks after an initial ransom is paid. We expect to see an increase in double extortion which will likely raise the overall number of ransoms paid, the total dollar amount paid to malicious cyber actors, and possibly the amount of sensitive information leaked.In addition, the MS-ISAC assesses there will be a significant increase in COVID-19 vaccine targeting, such as attacks against pharmaceutical companies and distributors for ransom, vaccine-based phishing lures, or misinformation campaigns about the vaccine. Finally, remote workers and virtual schools should expect to be targets of more attacks than ever before. The lowest hanging fruit for adversaries in a remote work or school environment tends to be the individual connecting-in from home, making individual users an enticing target.

Happily looking forward after the craziness of 2020, I see a couple of potential cybersecurity trends that could have impact for next year:

• Improvement of Location-agnostic Access: Businesses were forced to transition to remote operations for their employees in 2020. Now that these employees have seen the flexibility that remote work can provide, I believe there will be a rise in the demand for a partial remote work schedule. Even after the world returns to a more traditional workforce model, employees will be pushing their employers to allow for a more ‘hybrid’ model combining an in-building and remote work schedule.With this model comes challenges for businesses to provide secure access to network assets. Traditional technology can be difficult to configure and even more difficult to properly secure. The concept of access based on identity rather than location, and zero trust networks, will fuel the development of new methods for authenticating these remote employees and providing them with access to assets they need to do their jobs.

• Need for More Cybersecurity Professionals: With the shift to a more distributed workforce comes the need for more cybersecurity professionals to secure that workforce and the corporate networks they are accessing.Over the past few years it has been increasingly difficult to find well-trained cybersecurity professionals and subject matter experts (SMEs) to contribute to the CIS Benchmark communities. The demand for cybersecurity professionals to secure the fast-expanding digital world continues to increase, as does the necessity for innovative new ways to combat ever-growing cyber threats. There is a dire need to encourage students to explore all that the cybersecurity and information technology fields have to offer. Many leading cybersecurity training companies offer free or low-cost opportunities for students. We just need to get these tools into their hands.Without future cybersecurity warriors, the security and privacy of our smartphones, computers, and data will be in danger.

Learn more about becoming a CIS Benchmarks Community Volunteer

How to Prepare for 2021

In sum, many of the cybersecurity challenges in 2021 will already be familiar to experienced IT and cybersecurity professionals. The difference will be that these cyber threats will be more intense and challenging, perpetrated by more sophisticated threat actors leveraging new and devious techniques, with greater and more damaging consequences for the unprepared.

• Make a plan – you can start with the implementation of trusted guidelines like the CIS Controls and CIS Benchmarks
• Scan against a target system’s configuration settings and report the system’s compliance
• Utilize tools and resources that measure your security framework’s success over time
• Collaborate with team members and industry professionals for support and ideas

If you are curious as to how to get started or how to customize a plan for your specific needs, CIS is always here to help. Contact us with your questions today.