FB pixel

5 cybersecurity predictions as uncertain threat environment persists

Categories Industry Insights
 

cybersecurity online authentication

By Flint Brenton, CEO, Centrify

Obviously, 2020 was not a typical year. Both our personal and professional lives were defined by uncertainty, and the ability to be flexible and adapt to new circumstances was critical for success during the pandemic.

That uncertainty is likely to continue. While on the one hand that does make predicting what’s to come for cybersecurity murkier than usual, one thing that is clear is that threat actors have been taking advantage and will continue to ramp up their efforts this year.

Below are five trends and predictions I believe will dominate headlines and be top of mind for every organization (and hacker) for the remainder of 2021.

With the exponential increase in machine identities, DevOps pipelines and machine identities will become the attack surfaces of choice

As companies look to adopt new technologies, tools, and methodologies to enhance the DevOps process, applications, virtual machines, microservices, and workloads represent exponentially-growing machine identities that now need to be protected.

Add in the challenge of development, operations, and security teams working remotely, and organizations are much more likely to experience a cyber-attack in the DevOps pipeline.

With remote working expected to be a reality for some time and credential-based attacks on the rise, organizations need to adopt a centralized privileged access management (PAM) strategy to minimize attack surfaces. PAM solutions that evolve modern password management approaches with federation, ephemeral tokens, and delegated machine credentials can help DevOps teams secure all identities, even in distributed environments.

Messaging and video conferencing platforms will become catalysts for the next wave of phishing attacks

Without in-person interactions, we are more reliant upon digital communication methods than ever. Furthermore, we’re using more of them and in ways we didn’t prior to the pandemic, such as turning on video during conference calling.

As organizations continue to work remotely and rely on video conferencing and messaging platforms for daily correspondence among team members, cybercriminals will creatively leverage the range of ways we connect in a remote world.

From video conferencing platforms to messaging apps, these channels keep us virtually connected to our colleagues but leave substantial room for cyberattacks. As we grow accustomed to communicating digitally in real time, we will see a rise in cybercriminals utilizing employee accounts to conduct phishing attacks, potentially even including spear phishing by video (e.g. using “deep fake” technology) and spear phishing on third-party messaging platforms.

Prevention for this new, opportunistic wave of phishing goes beyond training and vigilance. Organizations should plan ahead by requiring multi-factor authentication (MFA) wherever possible to create more certainty that the person using the username and password is who they claim to be.

Intellectual property will be hackers’ next golden ticket

In 2020, we saw a rise in healthcare breaches, likely because patient records often fetch up to $1,000 each. Compared to credit card data, which goes for just $12-20, and email addresses, which average around $100 in bulk, it makes complete financial sense.

But during the COVID-19 pandemic, an alarming trend emerged of cyber adversaries targeting intellectual property such as vaccine research, including Russia’s APT29 going after research centers in the U.K., U.S., and Canada. With countries and companies around the world competing to quickly distribute their vaccines, we believe hackers and possibly even insiders will begin releasing the fruits of their malicious efforts on the Dark Web in 2021 — for a premium fee of tens, if not hundreds of thousands of dollars.

What will be more concerning is if cyber-attackers seek to disrupt the vaccine supply chain. From R&D and testing, to production, transportation and storage, and finally to distribution and documentation, any break in that process could have disastrous local, national, and global effects.

Nearly every business will be cloud reliant, leveraging multiple cloud providers

When COVID-19 hit, many organizations moved their workloads into the cloud for better resource availability and business continuity, often accelerating their cloud transformation plans.

For those who were not cloud-first, the pandemic revealed a glaring reality: businesses must embrace the cloud as a necessity in the modern tech landscape rather than view it as an option.

Looking to 2021 and beyond, almost all businesses will rely on cloud storage, infrastructure, and workloads to survive. Mid-size, large, and global enterprises will look to leverage multiple cloud providers to meet a range of requirements for both centralized and per-business-unit priorities. Utilizing an approach centered around increased efficiency, agility, and security, businesses can be better-equipped for this inevitably multi-cloud focused future.

Ransomware incidents will triple — and data exfiltration will overtake encryption as the attackers’ end game 

Since the beginning of 2020, research has shown U.S. ransomware attacks are rapidly increasing. In Q3 2020 alone, the daily average number of attacks essentially doubled in frequency. While ransomware variants also continue to evolve into more sophisticated threats, perhaps the most troubling datapoint is that the U.S. has become the most targeted country, with attacks jumping as much as 98% in the same timeframe.

These statistics illustrate a persistent onslaught of threat actors that could indicate 2021 will be our most challenging year yet in combating ransomware in the enterprise.

What’s important to understand is that the attacks don’t just attempt to execute a lockout or encryption of data anymore, but are increasingly aimed at extraction or stealing data from organizations. While some cybercriminals may sell the data on the Dark Web, others may threaten to leak the data for a higher payout on the ransom. We predict that this will become hackers’ ransomware end game – with many even seeking to “double dip” on their ransomware rewards, even if at a higher risk.

2021 has the potential to be even more challenging than 2020 when it comes to cyber-threats. With the right strategy, solutions, and risk awareness in place, organizations can stop hackers from taking advantage of new business realities and attack surfaces.

About the author

Flint Brenton is CEO at Centrify, where he leads the strategic direction and execution of the company’s vision drawing from an exceptional track record of accelerating growth through product innovation and sales execution. Most recently, he served as president and CEO of CollabNet VersionOne, which pioneered the Value Stream Management market. He previously held president and CEO positions at AccelOps and Tidal Software, and has successfully led engineering teams at NetIQ, Compaq, BMC Software, IBM, and more.

DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Fees for failed biometric verification enforced as Pakistan makes process mandatory

Easypaisa, a digital financial services platform in Pakistan, has begun charging users for failed biometric verification attempts. According to a…

 

Maldives outlines plan to upgrade digital ID system with $10M from World Bank

An influx of cash to support the development of digital identity and related technologies in the Maldives has arrived, and…

 

Deepfake financial fraud to surge over the next 12 months, Deloitte reveals

According to a recent Deloitte poll, more than half of C-suite executives and other senior leaders anticipate a rise in…

 

Philippines plans to complete universal digital ID registration in 2025

The Philippine Statistics Authority (PSA) is set to register the entire Filipino population in the Philippine Identification System (PhilSys) by…

 

Worldcoin pilots face biometrics, arrives in Poland

Worldcoin has launched its “humanness verification” with iris biometrics deduplication in Poland, and also introduced a set of new security…

 

IN Groupe begins exclusive negotiations to acquire Idemia Smart Identity

IN Groupe has emerged as the likely buyer of Idemia’s biometrics and identity verification business from Advent. An acquisition would…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events