2020 has come to an end, but the challenges presented continue to impact our lives. While few of us could have accurately predicted the current state of cybersecurity, we did prove successful in our ability to adapt quickly during a crisis. Organizations swiftly modified IT budgets and risk management programs to respond to an entirely new set of regulations and uncertainties. A growing number of us discovered how to plan, execute, and expedite a digital transformation to the cloud. At the same time, others adopted the ability to provide support and critical IT services to the growing remote workforce.
We need to move past the “if we get attacked” mindset and adopt a “when we get attacked” level of preparedness. If history and relevant data are indicators, and we at CBI firmly believe they are, 2021 will show a steady increase in the quantity and complexity of attacks executed by external entities. Nearly all industry-leading threat reports presented shared like-minded interpretations and consistent statistics from 2020 data*:
While ransomware is certainly not the only threat to prioritize in a 2021 security program, it is among the most devastating and has shown signs of steadily increased frequency over the past six years. In 2021, it is imperative to implement proactive ransomware detection, prevention, and remediation capabilities with additional layers of security throughout an organization.
Email is one of the largest and most vulnerable pipelines for malicious actors to enter an organization and compromise its data. 2020 clearly showed that more than 20% of known threats routinely executed some form of an email-based phishing attack against industry networks. Of these email-based phishing attacks, nearly 70% involved the collection of credentials, while 50% involved the acquisition of personal data**. Advanced phishing attacks are growing in sophistication and routinely exploit vulnerabilities on unpatched and misconfigured systems enabling lateral movement within unprotected networks. Sensitive data gathering and subsequent ransomware attacks can significantly impact an organization’s ability to service its customers and maintain operational technologies that drive revenue.
2021 will show a rise in attacks that focus on bypassing two-factor authentication, and deepfakes and dis-information will take center stage. It is our recommendation that organizations develop a strong defensible position for IT security focused on preventing and responding to advanced phishing attacks and business email compromise (BEC) related events. Keep in mind this approach is only partially effective if not coupled with a layered and defensible security strategy.
Vulnerability and configuration management are two of the most effective mitigating controls an organization can implement. Together these controls can provide a proactive defense against malicious actors, significantly decrease the residual impact of a breach, and reduce the time needed to identify and eventually recover from a security event.
From 2014 to 2017, misconfiguration contributed to less than 10% of security breaches. In comparison, the number of successful security breaches involving misconfigurations from 2017 to the present-day increased by 20%***. This growth represents a 200%+ increase over the last four years.
Hacking attacks commonly take advantage of vulnerabilities on unpatched systems. As noted earlier, a successful phishing/BEC attack is the most common tactic for credential gathering. Once collected, credentials are often used as the fuel to power a hacking attack by targeting improperly patched systems.
Organizations should examine all existing capabilities to consistently scan critical systems and assets for vulnerabilities and misconfigurations. CBI strongly recommends enlisting the aid of a trusted 3rd party service provider to perform an annual vulnerability test designed to pinpoint, document, and identify recommendations needed to improve capabilities and secure the network.
Not all organizations require advanced adoption of a centralized threat model. For many with greater than 2,500 employees, CBI recommends a centralized knowledgebase like the MITRE ATT&CK Framework with which IT security personnel can coordinate security event analysis, identification, prioritization, mitigation, and forensics. It is estimated that more than 50% of medium and large-sized organizations**** have already successfully constructed a comprehensive matrix of tactics to classify attacks and assess risk by adopting the MITRE ATT&CK Framework.
Put simply, a MITRE ATT&CK Framework aids organizations in the efficient categorization of events associated with a potential or ongoing security breach. Integrating the framework provides an added advantage to an organization looking to leverage solutions with common security language already baked in. The framework provides organizations with:
Time is the most proficient opponent in the IT security industry. Anything we can do to reduce the amount of time needed to identify, categorize, escalate, isolate, and prevent breaches will translate directly to an organization’s ability to deliver products and services. Adopting a framework like MITRE ATT&CK is a vital risk mitigation component in an organization’s comprehensive security program.
Secure Access Service Edge consists of several products whose combined goal is to allow users to access applications with the best possible user experience and the highest security level, all depending on the user’s identity. The SASE model includes elements from the following high-level IT security domains:
Think of SASE as a form of transportation infrastructure or road used to get users (travelers) safely and expeditiously from one point to another. As we build intersecting roads, we must also install checkpoints to travel from one region to another. Simultaneously, we construct on and off-ramps for accessibility and to connect internal networks to the cloud.
The year 2020 illustrated the power, scalability, and reliability of the cloud. 2021 will provide organizations with exponential growth opportunities that require adopting a services-based infrastructure and reliance on SASE components.
CBI strongly recommends enlisting the aid of an IT security-focused organization to assess an organization’s current environment, align IT recommendations with future growth goals, and assist in the prioritized rollout of a SASE model.
If SASE is the road, then Zero Trust is represented by periodic security checks along an organization’s pathway to a more secure environment. Traditional networks enable users to attach devices and access their data, systems, applications, and services. With ZT, verification includes confirming an end user’s identity during multiple critical security queries such as:
Traditional networks only challenge one of the many possible queries during the connection process. Once a connection has been established and verified, the threat actor may be able to maneuver unchallenged. With a Zero Trust cybersecurity model, the script of traditional network security is flipped. ZT operates under a single rule: “anything connecting to the network should not be trusted by default.” Once connected, ZT principles continue to challenge and verify the connection to ensure a least-privilege model is maintained.
Some of the primary principles and strategies needed to implement a successful ZT model include:
Zero Trust will become a potent weapon in many IT security arsenals. 2020 has already illustrated a high level of interest in ZT principles, and it will continue to dominate conversations well into 2021.
For more information on ZT Principles, download our whitepaper.
Operational Technology comprises hardware and software that detects or triggers a change through the direct monitoring of physical devices, processes, and events. In 2021, more and more organizations will realize that the responsibility of protecting their valuable IT assets should include the operational side of their business. Achieving this varies significantly by industry. Healthcare operations include both the systems and processes involved in delivering patient care. Manufacturing operations encompass the equipment involved in the creation and delivery of their product. For the financial industry, operations involve bank teller systems, ATM’s, lending centers, etc. Regardless of the sector, the overall security landscape is increasing.
OT is not a new term. Gartner first coined it in 2006. Since then, OT’s scope has grown to include new acronyms and phrases such as IoT, IIOT, ICS, embedded systems, etc. These terms have quickly become ingrained in standard security vernacular. In 2021, CISO’s, IT Directors, and Managers will be tasked to combine IT and OT into their overall security program.
A recent SANS ICS Survey***** illustrates the increased importance of OT in a mature cybersecurity program:
One of the most critical aspects of an effective IT security program starts with creating a persistently accurate view of all assets.
The SANS ICS Survey identified the following gaps in asset inventory:
The SANS ICS Survey also included an examination of security budgets. It revealed that many budgets shared between IT and OT have migrated:
Examining an organization’s spending habits is a key indicator of concept adoption. CBI predicts that in 2021, organizations will allocate additional resources and budget towards OT security.
Some may argue that the primary directive for an IT security team is to “protect the data.” While CBI does not disagree, we expand on the definition of “data” in this context. Data should represent the things that an organization prizes above all else. It includes an organization’s brand, reputation, market competitiveness, delivery performance, customer satisfaction, and yes, the actual documentation (a.k.a. data) created to support crucial metrics.
The “data” in Data Risk Management significantly changes when you substitute our expanded definition.
Consider the following:
All data breaches, by definition, involve data and nearly all threat reports indicate data breaches are increasing exponentially year after year. Not only is the frequency increasing, but the amount of data stolen is rising as well. 2020 was branded the worst year thus far for data breaches. This trajectory will continue far into 2021, cementing an organization’s need to treat “data” as the most critical commodity they own and prioritize the time, money, and effort spent to establish proactive data risk management.
There’s an old saying in IT security, “This would be a lot easier if we took the end-user out of the equation.” Humans can be forgetful and can develop bad cyber habits. On top of that, we seem to pass our bad habits onto our co-workers.
No other single control impacts IT security as much as security awareness training. Done effectively and consistently, a security awareness training program can positively impact every cyber priority outlined in this article and nearly every other aspect of IT and OT security.
Verizon’s 2020 Data Breach Investigations Report noted that security awareness training has a positive impact on the following security safeguards:
Training employees and stakeholders to identify, prevent, or reduce breaches can positively impact an organization’s overall IT security capabilities. Think of prioritizing an investment in security awareness training as installing a human firewall.
Every list of priorities requires a wildcard, and this is ours. Security Orchestration, Automation and Response aids in the validation, prioritization, and response to the hundred and thousands of security events/alarms that IT teams receive every day. Some SOAR platforms have the ability to combine data with case management, standardization, workflow, and analytics to provide competent defense-in-depth capabilities.
SOAR solutions work by:
At this point, you might ask why SOAR is on CBI’s list of security priorities for 2021? We stated earlier that time is our biggest enemy in the IT security industry. Anything we can do to reduce the amount of time needed to identify, categorize, escalate, isolate, and prevent a breach will translate directly to an organization’s ability to deliver products and services. SOAR solutions provide a significant advantage in these areas.
The cybersecurity priorities mentioned here rely on organizations becoming more proactive in the battle against threats that can compromise their networks and result in data loss. The fundamental goal is to prevent breaches and develop a stronger position to mitigate those that do occur. As new threats emerge and new technologies are built-in response, the overarching priority in 2021 will be positioning the significance of cybersecurity as a whole at the executive level. To accomplish this, you will need a lock-tight business case based on industry trends, peer reviews, and competitive research to take you from what to prioritize to how to do it – CBI can help.
Working with a like-minded partner like CBI can help you keep pace with, even exceed, the speed with which attackers innovate. We deliver flexible, customizable, and continuously evolving solutions, proven over a 3-decade history of successfully helping clients secure their data, IP, and brands. Not only are we continually planning for future threats, but we are also blocking and tackling with more tried-and-true methods for day-to-day cybersecurity needs. Cybersecurity isn’t just something we do—it’s all we do—with a keen focus on preparing your organization from today’s threats, as well as tomorrow’s.
Check out our infographic on this topic!
*2020 Data Breach Investigations Report – Verizon
**Proofpoint Latest in Phishing – January 2020
**FBI 2019 Internet Crime Report
**Verizon Cyber Espionage Report
***Verizon Cyber Espionage Report
***IBM Global Security Report – 2020
****Verizon Cyber Espionage Report