Few would have predicted at the turn of the century that the internet and the world wide web would influence every strand of modern life to the extent that it does. It would barely be an overstatement if one were to conclude that in the current day, life would be unimaginable without the internet.
Apart from transforming how businesses operate and interface with customers and clients, the internet has become intrinsic to our personal lives as well. In addition, the social media explosion has taken our engagement with the internet to an all-new level.
In retrospect, it is perhaps naive that collectively, even as individuals and organisations grew more and more dependent on the internet, barely any provisions were made to deal with the fault lines of this dependency. Inevitably, over a period of time, a plethora of problems have arisen.
One of the largest and most profound issues that have come up in recent times is the issue of cybercrime. Generally defined as any crime that involves a computer and/or a network, cybercrime is an unfortunate reality that threatens millions of people across the world and endangers millions of dollars of personal and public funds. Hence, developing robust mechanisms of cybersecurity has never been more important than it currently is. It is imperative that we develop a safety net that encompasses everything from protecting our sensitive data, personally identifiable information (PII), protected health information (PHI) and personal information.
In addition to personal data, businesses and governments must also strive to safeguard intellectual property, data, and governmental & industry information systems that are vulnerable to cybercrime.
Just as cybercrime has gotten increasingly sophisticated with time, cybersecurity is also an ever-growing industry with constant developments.
One of the most significant changes in recent years has been the fact that today, more and more businesses move services and data to clouds while AI (artificial intelligence) and machine learning models are soon becoming the norm. While it is important for governments to mandate new regulations concerning these changes, businesses also will soon start developing their own safety nets. As experts forecast cybersecurity trends for the year and decade in front of us, several interesting trends emerge.
1. More Direct Attacks Against Cloud Services
There's been a rapid increase in the adoption of cloud-based infrastructure when it comes to running business systems with sensitive data. These services often reduce operating costs and increase an organisation's speed to bring new services to the market.
As it is getting increasingly common to see news stories of attacks on cloud services, one can only expect that greater measures are taken to prevent these.
2. APT Threat Actors Buying Initial Network Access
Another potentially dangerous trend that researchers anticipate is the change in threat actors’ approach to the execution of attacks. As targeted ransomware attacks are reaching a new high, they often use generic malware as a means to get an initial foothold in targeted networks. Over time, as APT (advanced persistent threat) actors will get more sophisticated, organisations should pay increased attention to generic malware and perform basic incident response activities on each compromised computer to ensure that generic malware has not been used as a means of deploying greater threats.
3. Targeted Ransomware Attacks
We have already witnessed the rise of ransomware attacks in 2020. In 2021 this trend will continue to grow along with a rise in the number of targeted ransomware attacks. We see ransomware actors like Maze, Cl0p, Nefilmi and Netwalker targeting different industries in India and experts expect this to continue in 2021.
Also, changes in ransomware gangs’ strategy is leading to the consolidation of a still diverse but rather tight ransomware ecosystem. Following the success of previous targeted attacks, gangs might now invest large funds in procuring advanced tools larger with budgets.
4. New Implementations of Multifactor Authentication Techniques
While passwords remain the first line of defence for protecting sensitive data, they are just one aspect of authentication and are far from a foolproof solution. In addition to passwords, companies are turning to separate and distinct channels, including two-factor authentication. One example is having a unique, one-time passcode sent to a smartphone, and the user has to input that code after entering the password. This forces people to use more than one device or process to confirm their identities. Going forward, this could become not just a precaution, but a necessity.
5. Endpoint Security Trends
As traditional approaches such as firewall systems and antivirus software are becoming increasingly less effective, new approaches have emerged. Hence, endpoint security is crucial as it goes beyond securing the individual machines and provides consistent protection to all devices. Everything from desktop and laptop computers, tablets, phones and point-of-sale devices are expected to be included.
Over the next year and beyond, vis-a-vis endpoint security, experts believe that artificial intelligence will largely be employed to look for suspicious behavioural patterns instead of byte sequences. This is particularly beneficial when it comes to dealing with zero-day threats. In addition, cloud-based protection systems are expected to be favoured as they use analytics to quickly identify new dangers, and can immediately update itself. What is also to be noted is the practice of sanitizing documents as systems are designed to closely monitor incoming documents for threats.
6. Greater Server Security
Server security is also expected to soon become a priority as they usually store valuable data and assets that could be under attack. Considering the nature of the information servers hold, it is no surprise that they are frequently targeted by cybercriminals looking to exploit weaknesses.
Organisations can be expected to mandate server protection policies as they apply a combination of basic and advanced security measures to address vulnerabilities. Elementary protocols like using strong passwords, making sure that communication is data-encrypted, organising regular backups could go a long way. Also, removing unnecessary third-party software and installing firewalls could also be non-negotiable.
7. Focus on Building Threat Intelligence
In addition to adding more layers of security, developing threat intelligence is of paramount importance as data that is collected and analyzed to understand a threat actor’s motives and attack behaviours could go a long way in preventing future attacks. Furthermore, having access to robust threat intelligence helps empower stakeholders by guiding them about the TTPs (Tactics, Techniques, and Procedures) of aggressors. Security professionals could rely on this intel to streamline their course of action in response to the threat actor’s decision-making process. Lastly, in combination with threat intelligence, developing OT (operational technology) is also crucial as it may be used to control hotspots like power stations or public transportation grids.
If there is one thing that is certain, it is that cybersecurity will be forced to evolve rapidly and widely as it is the primary means to safeguard us from untold damage and loss.
Dipesh Kaura is the general manager at Kaspersky (South Asia). The views in this article are his own.