Here we are in the first full weekend of November and here in Chi Town, it feels like summer all over again. Wish it were that way. With this kind of weather, it is hard to believe that Thanksgiving is just a mere few weeks away. But seeing that we are getting closer to the end of the year, there is one trend at about this time that starts up here in the Cybersecurity Industry. You may be wondering what that is?
Well, ‘tis the time for the pundits to predict what 2021 holds, based upon what we have seen so far this year. But keep in mind, this year has been like no other, and if you asked any of them, nobody could have predicted this. Sure, COVID19 was starting to make the news headlines, but nobody ever thought that it would leave the ramifications that it has upon the entire world.
Now in this blog, we won’t be predicting what is going to happen yet in 2021. I have my views on this, but I will wait probably more until Thanksgiving time to let you know this. It is also during this timeframe; that much more specific predictions are made for the coming year.
So except for Zoombombing, Phishing campaigns, the heisting of domain names, and the Remote Workforce, what else have we learned this year, in terms of Cybersecurity?
Here is a sampling:
*IT Security Teams need a better flow of communications:
This has been an issue even before COVID19 hit but has proliferated by at least 100X ever since the pandemic hit. The primary reason for this is that everybody is working from home, even those IT Security Team members that work in what are known as “Security Operation Centers”, or “SOCs” for short. In fact, according to a recent study that that was conducted by a Cybersecurity firm known as Exabeam, here is what was discovered:
*35% of the respondents claimed that a lack of real time communications was a huge obstacle in combatting the threat variants;
*34% could not properly investigate security breaches as they happened;
*30% of the respondents claimed that they could not properly deploy the needed software patches and upgrades because of the intermingling of the home and corporate networks;
*Incredibly enough, 47% of them could not properly use or even access Cloud based (SaaS) applications or deployments.
Further details on this survey can be found here at this link, in which a total of 1,005 respondents participated in:
*The Evolution of “CYOIT”:
One trend that COVID19 has brought upon the world of IT in general has been the huge adoption rate of the Cloud, especially when it comes to moving an entire On Premises Infrastructure into either the AWS or Microsoft Azure or the AWS. Many CIOs and CISOs have started to realize that it is much easier to mobilize and deploy a Remote Workforce with a Cloud based Infrastructure. But the problem now is that there is no central control as to the apps that can be deployed onto the Virtual Machines (VMs) and the Virtual Desktops (VDs), without the prior approval of the IT Security Team. This new trend is now called the “Choose Your Own IT”, as the acronym in the subheading indicates. This is very similar to the “Bring Your Own Device” (“BYOD”) phenomenon in which an employee can use their own personal device to conduct their daily job functions. Truthfully, I have never heard of this one before, so it will be quite interesting how this shakes out in 2021. First, the fear was employees in using their own Smartphone, now the fear will be what kinds of apps they will use to keep their productivity levels.
*The Cloud Will Become The Next Target:
The Cloud has been around with us for quite some time, so it is not a new concept. But what the change this year has been is that it has now become a prime target for the Cyberattacker. In the past, they would go after the larger scale businesses, and try to get all of the Personal Identifiable Information (PII) datasets possible, which were primarily credit card numbers and the names of the card holders. But as just mentioned, since everything is now in the Cloud, the Cyberattacker can just hit this and get what they want. But they are not launching the traditional “Smash and Grab” campaigns of the past, but rather, they are taking their own sweet time to very carefully study each and every target, and find at least one covert entry point in. From there, they are then trying to find various backdoors in which they can move in a lateral fashion. In fact, many IT Security Teams have struggled this year to try to keep up with the security for their respective Cloud based Infrastructures. This has been further substantiated by a survey that was conducted by a Cybersecurity firm known as AppOmni. Over 200+ IT Security Teams were polled in this study, and an overwhelming 68% feel that they do not have enough time or resources from which they can manage their Cloud based platforms. More information about this study can be seen at this link:
Keep in mind two important items here:
*Many organizations are now adopting what is known as the “Zero Trust Framework”. This is where nobody is trusted, and everybody has to go through at least three or more layers of authentication before they can gain access to shared resources. This methodology has started to pay off for those companies that have started to use it, at least according to another survey conducted by a Cybersecurity firm known as Pulse Secure. In their findings, they discovered that:
40% of the respondents claimed to have achieved a greater level of Cyber Resiliency;
Over a third of them (35%) claimed that they have also gained a greater level of compliance and governance from their employees.
More details on this survey can also be found at this link:
*Many of the larger Cloud providers, such as that of the AWS and Microsoft Azure, already offer a very rich set of security features that you can deploy for your Cloud based Infrastructure. Make sure that you make use of them, in addition to deploying your own levels and protocols for maintaining a high level of security.
Also, the survey found that the use of the Zero Trust Framework, the respondents were better able to contain security breaches, and even reduce the attack surface.
*Ransomware is getting nastier:
This is a form of Malware in which the Cyberattacker deploys a malicious payload onto your device, locks it up, and holds all of your files for ransom until you make a payment, via Virtual Currency (such as that of Bitcoin). But this year has seen an even nastier form of this taking place. Not only can this happen, but the Cyberattacker can also make the target a victim of extortion as well. For example, if a company does not pay up, the Cyberattacker will also threaten to release any confidential information and data, as well as Intellectual Property (IP) to the public. But what is making this worse is that there could very well be more than one Cyberattack group that is involved with this, thus making attribution an almost impossible task to achieve.
My Thoughts On This:
Well there you have it, some key Cybersecurity events that have forever changed the threat landscape. Here are two key takeaways from this:
*Communications will become even more important than ever before. The CIO and/or CISO need to fully understand this, and quickly need to deploy a communications channel in which their respective teams can respond to quickly. In this regard, watch for the use of Security Incident & Event Management (aka “SIEMSs”) software packages to greatly uptick in terms of usage by 2021.
*While it is crucial to keep an eye out for what is transpiring in the Cyber Threat Landscape, it is also very important for the CIO and CISO to keep on eye out for those events transpiring that are not security related. For example, who ever thought that COVID19 would have such a tremendous impact upon Cybersecurity???