2020 was anything but ordinary. Here’s a look at what the world was thinking about over the last 12 months, but we’re not going to dwell on the past right now. Instead, let’s take a look at what’s in store for 2021.
Ransomware – We Haven’t Seen Anything Yet
Not only will the ransomware epidemic continue, it will get worse. Attacks will become more sophisticated and attack frequency and associated ransom demands will increase for several reasons.
First, attackers have grown to understand the profile of an easy target, which has proved for now to be municipalities and local government organizations. These targets hold limited resources, are slow to patch, utilize legacy defense solutions and employ yesterday’s technology and best practices in an attempt to solve tomorrow’s problems.
The most effective way to combat a ransomware attack is not to get hit in the first place, which can only be achieved through closing the gap on attacker sophistication and modernizing defenses. Unfortunately, bureaucratic budgeting and procurement processes will make it impossible for government agencies and towns to keep up with today’s attackers. Public sector budgets for the following year are typically allocated by July 1st, which means that public sector organizations will firmly remain 18-24 months behind the security curve. Additional funding to replace outdated legacy systems will not be available in the short-term.
Second, ransomware is a profit-driven business and it’s a bull market. Following Baltimore, where a demand of $76,000 was not met resulting in damages of more than $18M, a trend of municipalities forgoing advice of the FBI to not pay attackers has emerged. This trend will likely continue as cyber insurance, which was once considered a nice-to-have, is now a necessity and paying attackers out under claims is far more appealing than damages totaling eight figures.
Attack Sophistication Will Become the New ‘Normal’
Anyone following the latest discoveries on the SolarWinds attacks understands that this kind of scale and sophistication is here to stay. While the line between nation state actors and financially motivated cybercrime organizations is getting blurry, the tactics being used these days have never been seen before.
Stealing a certificate to sign a malicious update for software widely used by federal and state entities to begin with, making a custom DLL for communications while using existing API calls and domains and remaining stealthy for months…these are TTPs that go beyond what most organizations and security software are currently built to resist.
That means all of us, as defenders, must reconsider how we protect. None of the above TTPs can be detected by traditional monitoring and security tools; to detect these one needs to establish a good baseline, to keep on looking for anomalies, to investigate each one and to make sure each and every endpoint has on-device detection mechanisms that are not dependent on traffic or network discovery. If one leaves an endpoint unprotected, it is likely to become an entry point to the rest of the network. In fact, one can find security solutions that rely on this aspect to detect incoming attempts, also known as the deception market.
The take-away for us as defenders is simple: “eat your vegetables” – meaning, start with the basics, ensure a good baseline and detect anomalies, put in layers of defense that can speak to one another and ensure your endpoints are protected with behavioral-based detection to catch it as it happens.
The Supply Chain Risk Becomes Real for Everyone
Any company that supplies any product or service to the DOD and all of those company’s subcontractors and suppliers must meet CMMC standards. Expect much more robust controls and focus on cyber security in the supply chain.
Here to Stay | May The Remote Workforce Be With You
The shift to a remote workforce in 2020 was one of the single biggest transformations in how people work in the past 100 years. As year compliance and certification audits and CMMC hit in 2021, cyber programs will have to change to really bake in processes in this remote work environment. Items like vulnerability management and visibility on remote internet-only machines will become a mandatory reality for many companies that have struggled to meet these requirements in 2020.
A Change in Perspective | Security As Essential Infrastructure
Another prediction for next year is that security will continue to move away from being considered a liability on the business and growth and instead move toward being viewed as essential infrastructure that can ensure the sustainability of the business.
As we move through this first quarter, know that TN Team is here to assist you in preparing for any cyber threat that may arise. For more information on how TN Team can partner with you, contact us today!