A tale of threats and SecOps – Jonathan Couch, Senior Vice President Strategy, ThreatQuotient
Ransomware: Adversaries always go for what’s easy. Even so, I anticipate some advancement in their tactics. We have seen this happen over the past year as ransomware can now exfiltrate data, so if you have backups that they didn’t encrypt, they will threaten to release all of your data publicly. I expect further ‘improvements’ to adapt to network segmentation and other security practices put into place to limit the effectiveness of ransomware.
Modular malware: Malware itself is becoming more specialised and modular. BlackEnergy and Emotet are two great examples. Both started as banking malware and both have evolved into more modular malware where the code has one or two basic functions (usually initial infection and then propagation to other users/hosts). The malware can then be instructed to download other modules depending on the target and the end goals of the adversary. If you want to deploy ransomware, download that module; if you want to search for and exfiltrate data, download a different module. It is plug and play hacking at its best.
Agility: Security operations (SecOps) teams need to be more proactive and less reactive and adapt faster than the threats they are facing. This is one of those things that may never happen. But teams can make improvements in 2021 by understanding the threats that are out there and defining how they conduct operations to offer flexibility to adapt better. You have to know the threat, know what you’re trying to fight, and you have to be able to adapt. Even if it is slower than the adversary, any improvement helps.
Data, Systems, People: An alternative approach to ‘people, process and technology’ is to look at SecOps as data, systems and people. Two ‘systems’ markets that can help SecOps teams with their agility are SOAR and XDR. Both markets are still being defined but at their core they bring in automation (SOAR), so organisations can adapt quicker, and they talk about systems and data awareness (XDR), so everyone knows what threats you are trying to fight. I see SOAR and XDR technologies evolving and maturing in 2021 so that teams can make sure their data, systems and people are aligned.
Work from home heralds rise in data breaches
Dave Waterson, CEO, SentryBay
Working From Home (WFH) policies have exposed smaller enterprises to a level of sophisticated cyber-attack ordinarily reserved for multinationals, and 2021 could see as much as a 40% rise in attacks primarily targeting vulnerable endpoint devices, leading to a further sharp rise in data breaches.
The pandemic has been widely exploited by malicious cyber actors and advanced persistent threat groups using COVID-19 themes, putting individuals, SMEs and large organisations at risk of scams and phishing attacks.
WFH is exacerbating the risk, as sensitive company data has a broader physical footprint and organisations have less control over how it is accessed by employees outside the corporate perimeter. Where previously smaller, often less well protected enterprises were able to fly under the radar and avoid cyber-attacks, this is no longer the case, and they are increasingly being hit with insidious, damaging breaches.
In 2021, the greatest danger to organisations will come from key logging and screen-grabbing malware, primarily because they are the attack vector through which sensitive data is most often, and most easily, stolen. Both use endpoint devices to gain access and, despite a rise in their use, anti-virus and two-factor authentication will not guard against such attacks.
The risk of a breach is heightened by a general rise in online activity and SentryBay predicts that malicious actors will target children or other members of the household to gain access to a parent’s corporate network, which organisations will need to think about when it comes to protecting employees and their data.
Stronger focus on ROI
Dave Woodcock, VP EMEA, Gigamon
Businesses have faced belt-tightening and budget cuts this year due to the economic climate, pushing ROI up the corporate agenda. Technology investments are being scrutinised more than ever. Finance teams are currently focusing on investments made pre-COVID that haven’t been fully deployed yet, such as Network Detection and Response (NDR) and SIEM tools, and want to make sure they are active and fully optimised before any additional purchases are signed off.
With everyone chasing the same budgets, the focus will be on business need; new investments that supplement existing tools and applications and make them more effective and valuable will be a priority. One such technology is network visibility and analytics, which is key to optimising all tools on a corporate network. With visibility of all data, IT and security teams can ensure only relevant traffic is sent to each tool to maximise capacity and extend their lifespan. Network visibility capabilities can also enhance security measures to help protect an organisation from a cyber-attack.
Beware insider threats in 2021 – Ryan Weeks, CISO, Datto
As employees continue to work from home, we’ll see an increase in insider threats, defined as employees, contractors and visitors who have access and knowledge of an organisation’s digital and physical systems. There are two types of insider threat: malicious insiders who, acting alone, deliberately exploit systems within an organisation for monetary compensation; and colluding insiders who are potentially being forced to, or paid to, share information or execute illegal acts. In 2021, we will see an increase in insider threats, specifically the colluding insider, because it’s easier for employees to get away with suspicious activity. An employee on a salary of £34,000 could be lured by a cybercriminal to install software or provide access to information for a promised pay-out of £200,0000. This is a pretty low risk for a large pay-out.
Article continued tomorrow….