From data security automation solutions to advanced threat intelligence, zero-trust approach to simulated training campaigns, the landscape is constantly evolving to stay ahead of potential threats.
Cybersecurity has emerged as a pivotal arm for organisations worldwide. The fact that it defends billions of dollars of investment has only made it that much more vital.
The turn of the millennium brought on the age of digitalization. However, this came with its share of downsides. On the one hand, innovations in technology continue to make bold strides. On the other, this very advancement is also leading to the rise of the cybercriminals of tomorrow. Newer ways devised to attack systems and people are burning a hole in business image and monies.
Some of the key trends observed around cybersecurity in 2021 are:
- Working around remote work: With pandemic-induced work-from-home restrictions and evolving remote work and flexi-work models, cybersecurity experts have had to strategize in agile mode. Protecting data, systems and networks in the new normal continue to pose their fair share of challenges. From weakly-protected personal networks and devices, easy transfer and leakage of confidential information, unstructured data to lack of awareness about phishing and social engineering have emerged as high potential risks for companies.
- Uptick in cyber espionage: There has been an alarming spike in government-sponsored cyber espionage or back-door cyberwarfare. Popular target methods include hacks, spyware and other surveillance mechanisms against individuals and hostile countries. The recent Pegasus spyware attack is a good example. Other guerrilla warfare methods include injecting fake news affecting key results, introducing malicious code via third parties, among others, to serve strategic state goals.
- Rise in ransomware attacks: Ransomware has emerged as a lucrative business for cyber criminals, with attacks getting more sophisticated by the day. In fact, 2020 witnessed the largest ransom demandof $50 million to PC major Acer. The global cost of ransomware is expected to shoot up to $264 billion from $20 billion in the next 10 years. Top trends in ransomware are:
- Exploitation of IT outsourcing services by Managed Service Providers (MSPs) due to poorly secured remote access tools
- Focus on vulnerable sectors such as healthcare, education and energy
- Hardening of defences to combat evolving cybercrimes: Through advanced CTI with pattern & behavioural analysis and bait files
- Looking at cybersecurity as an investment rather than as a cost – taking a proactive rather than reactive approach
- Attack on the mobile: With the rising use of mobile devices, attackers are using malware to target and shut them down, demanding ransom to free them up.
- Ransomware as a Service (RaaS): Sophisticated tools are being created to carry out ransomware attacks, sold as a service to anyone willing to pay the right price.
- Strength of brute force: Brute force attacks continue to be a significant trend this year – eitherthrough social sites or by launching DDoS attacks at the enterprise level. In parallel, companies and MSPs have resorted to solid IAM strategy, randomized password encryption keys and strong, frequently-changed passwords to keep brute force attacks at bay.
- Targeting the supply chain: A recent trend by threat actors is to worm their way into the network by targeting a company’s supply chain – their vendors and partners. These third parties will also be servicing several other companies and may not have highly secure systems. Threat actors gather key information to infiltrate and compromise enterprise systems.
- AI, a boon and bane: Advanced cyber threat intelligence through AI and predictive analysis has become a reality. Organisations are being able to detect and prevent cyberattacks well in advance by employing intelligent tools and systems. Conversely, hackers can also develop more sophisticated and targeted attacks with the help of AI.
How organizations have been responding to cybersecurity challenges in 2021 are:
- Building a Zero Trust strategy: In 2020, organisations had to be flexible so that employee productivity didn’t suffer during the pandemic. However, this gave rise to numerous security issues. Hence, while VPN provided an easy gateway into the system for employees, it also increased the attack surface. In an age where hybrid working has quickly replaced traditional work models, many companies are adopting a Zero Trust security framework. This is built around the foundation of:
- Explicit verification of all users whether internal or external
- Least privileged access or allowing not more access than is necessary
- Assuming a breach or always keeping defensive and offensive systems on point through continual verification and analytics
Zero Trust Network Access or ZTNA solution gives authorized users access to given applications rather than to the entire network. This helps reduce the attack surface. According to Gartner, around 60 percent of companies will move to ZTNA from today’s VPN by 2023.
- The DevSecOps advantage: Progressively, more organisations are recognizing the importance of ‘security by design’ -considering the security aspect in the early stages of designing applications and products. Cloud security providers are also resorting to this model for their offerings so that with great cloud adoption and migration, inherent security risks are minimized.
- Automation of data security:There has been a steady increase inemploying automation solutions to enable better data security. By using these tools to perform routine tasks, internal security experts can be better utilized to address critical issues. Most cloud service providers offer integrated automation solutions with robust encryptions. This can help minimize downtime to a considerable extent.
- Targeted employee awareness campaigns: With new challenges arising from remote work, many companies are investing in period training and awareness creation among employees about the latest threats. Dynamic simulated phishing campaigns have become increasingly popular.
Entersoft: a trusted security partner
As a trusted security services firm, we offer custom solutions to protect your enterprise and improve your security posture. Our field of expertise includes:
- API penetration testing
- Cloud security reviews
- Consulting services in the areas of web application, mobile application and code-level reviews
- Threat intelligence, and
- Advisory services on DevSecOps, compliance management and application security quotient
Our certified security experts have enabled 300+ brands to strengthen their overall security standpoint. Reach out to us today to explore our services.