2020 has been a year of unprecedented global change. Organizations around the world were forced to adopt a modern, mobile, and remote workforce overnight when the world went into lockdown at the start of the pandemic. This has led to unforeseen and unplanned cybersecurity challenges and complexities in securing organizations across data, people, and devices.
In this blog, we will wrap up this year by highlighting the key trends that occurred in the world of cybersecurity. Including the methods and topics that cybercriminals utilized, how security providers adapted to the global technology change, and the cybersecurity trends you can expect in 2021.
Let’s begin by taking a look at the new and evolved methods that attackers have been employing this year to breach company security environments in more sophisticated ways.
Every year, phishing is one of the leading attack vectors that cybercriminals use to gather personal information from end users. This trend has continued in 2020, with a continued rise in sophistication of these types of attacks.
Additionally, we have seen a rise in more advanced persistent threats and an increase in “living off the land” attacks. Living off the land is a type of attack that once the attacker is into a network environment, they leverage the tools and processes that are already present in the environment, rather than introducing new tools that may be more easily identified or discovered as part of the attack. The benefit is that these applications are already present and would not be abnormal to see their presence or activity within the network or on its’ hosts. For example, an attacker may leverage PowerShell, setting up covert policies and mass mail forwarding rules that could go completely undetected.
In 2020, there have been two common themes used to incite action in users and manipulate them into interacting with their phishing emails: the US elections and the global coronavirus pandemic.
Cybercriminals leveraged the 2020 elections by capitalizing on emotions, fears, and activity associated with the elections to give legitimacy to phishing attempts. These types of attempts have included emails requesting donations from fake accounts that mimic popular political campaigns. These emails were sent with language evoking an emotion capitalizing on the raw nature of politics today, urging users to click a link and go somewhere, making way for whatever malicious tool or process the attacker chose to employ.
The COVID-19 pandemic has also been a main topic used by cybercriminals in 2020. It has been used similarly to the elections: appealing to emotions and fear. Some have sent out a phony notice to users from “HR”, alerting users of infections in the workplace, with a link to get more information and next steps.
Additionally, due to the COVID lockdowns, there is a large portion of the workforce that is now working remotely. This has resulted in a mass increase in remote workforces and the use of tools such as Virtual Private Networks (VPN) to support that activity. Cybercriminals have identified this fact and are exploiting organizations who have poor authentication policies. Due to the increased noise and activity, many security admins are ignoring some of the logs and unusual activity that their monitoring systems detect. They lack effective ways to monitor abnormal behavior in remote users and may have, in some cases, even turned off certain notifications given the number of people working remotely.
The broader security services market continues to grow at a rapid pace, year-over-year. There has been an emergence of many new security solutions and providers into the market trying to capitalize on the continued growth in the security sector. Customers continue to have options as a result, but there is also significant confusion in the market and increased challenges of integrating disparate tools into a cohesive security solution.
Providers like Microsoft have risen to the challenge brought on by the continued and accelerated adoption of cloud services and the increased complexity of the modern (and remote) workforce. Key improvements throughout their security portfolio including endpoints, advanced threat protection, and cloud security have helped firms better prepare for the challenges they face.
Microsoft has had a major focus on integration and automation; bringing together more signals across identities, endpoints, cloud apps, email, and documents into a single platform, leveraging Microsoft 365 Defender which allows users to correlate data across their environment to improve threat detection. Additionally, Microsoft offers Azure Sentinel with integrated SOAR (Security Operation Automated Response) capabilities.
Recognizing this specific market need, Apex developed Aegis, our managed security services capabilities that helps organizations better leverage their investment in Microsoft’s security capabilities. We have also emphasized the need to continue to adopt and mature an organization’s operational maturity when it comes to their security strategy and look to support and enable that growth with our Vantage Maturity Model.
In 2021, expect the threat landscape to continue growing across the board for companies of all shapes and sizes. Phishing, ransomware, and advanced threats that we have seen in 2020 will continue to be a major factor in terms of risk to organizations.
Due to the exponential increase in cloud use, expect threats targeted toward cloud environments or cloud-delivered services (SaaS). Attackers will also be working diligently to identify organizations who have not matured their security strategy. Many organizations still lack integrated security tools across their cloud platforms; combined with a lack of cloud security expertise, attackers will more easily exploit these systems and services.
Additionally, expect to see significant focus on automation as security solution providers attempt to better leverage Artificial Intelligence (AI). We will see a continued focus on growth in platforms that provide broader visibility for security administrators for both on-premises and cloud platforms.
The threat landscape continues to evolve and change rapidly. As we look forward to what to expect, it is important to always remember; “If you fail to plan, you plan to fail.”
There is no shortcut to a successful cybersecurity strategy – you must do the work and continuously assess and re-assess your security strategy over time. To know where you are within your organizational and capability maturity, and to ensure you are keeping pace with how technology and your workforce is being transformed. Ask yourself these questions:
- Have you taken the time to assess how you are securing your organization and its data no matter where it sits (cloud or on-prem)?
- Are you prepared for the threats that are targeted toward a modern (and remote) workforce?
- Do you have the required resources to effectively monitor and respond to these advanced threats as they happen?
By developing, implementing, and continuously evolving a mature cybersecurity strategy, you can ensure that your organization is always protected.
Vantage, Apex Digital Solutions’ proprietary capability and operational maturity model, is designed to help organizations monitor and measure their current maturity based on key questions and traits. Vantage helps identify and prioritize critical areas that organizations can improve over time through continuous assessment and re-assessment across core functional areas, including security. Learn More >>
Get started with Aegis.
Secure your modern workforce by managing your security environment, detecting and responding to advanced threats, and improving your security maturity over time.