Security teams in the organisations must remain nimble and vigilant to stay ahead of criminals
Cloud systems, remote working software and home networks will be at the center of a new wave of attacks in 2021, according to Trend Micro’s predictions report, Turning the Tide.
The report predicts that 2021 will see cybercriminals eye home networks as a critical launch pad to compromising corporate IT and IoT networks.
“As we begin to enter a post-pandemic world, the trend for remote working is likely going to stick for many organizations. We predict more aggressive attacks to target corporate data and networks,” said Jon Clay, director of global threat communications for Trend Micro.
He said that it becomes incumbent on “security teams to double down on user training, extended detection and response and adaptive access controls.”
“This past year was all about surviving: now it’s time for businesses to thrive, with comprehensive cloud security as their foundation, ” said said Jon Clay.
Access to sensitive data
The report warns that end users who regularly access sensitive data (e.g. HR professionals accessing employee data, sales managers working with sensitive customer information, or senior executives managing confidential company numbers) will be at greatest risk. Attacks will likely exploit known vulnerabilities in online collaboration and productivity software soon after they are disclosed, rather than zero-days.
The report further cautions that end-users who regularly access sensitive data will be at greatest risk. HR professionals accessing employee data, sales managers working with sensitive customer information, or senior executives managing confidential company numbers are in this list of high risk group.
The report says that access-as-a-service business models of cybercrime will grow, targeting the home networks of high-value employees, corporate IT and IoT networks.
IT security teams will need to overhaul work from home policies and protections to tackle the complexity of hybrid environments — where work and personal data comingle in a single machine.
Zero-trust approaches will increasingly be favored to empower and secure distributed workforces.
Vulnerable APIs
As third-party integrations reign, Trend Micro also warned that exposed APIs will become a new preferred attack vector for cybercriminals, providing access to sensitive customer data, source code and back-end services.
Cloud systems are another area in which threats will continue to persist in 2021, from unwitting users, misconfigurations, and attackers attempting to take over cloud servers to deploy malicious container images.
Trend Micro recommends the following steps to mitigate threats in 2021:
• Foster user education and training to extend corporate security best practices to the home, including advice against the use of personal devices
• Maintain strict access controls for both corporate networks and the home office, including zero trust
• Double down on best practice security and patch management programs
• Augment threat detection with security expertise to protect cloud workloads, emails, endpoints, networks, and servers round-the-clock
If not done right, digital transformation efforts as a double-edged sword
The business disruption has spurred industries to accelerate their digital transformation programs. This means that many organizations adopted new technologies to maintain business continuity. However, as the report says that companies that have hastily moved from the traditional on-premise world and have no solutions in place will struggle.
The renewed push for collaborating tools and cloud environments will be enticing to cyber attackers, says the report.
Cybercriminals will continue to seek the greatest financial returns on their attacks. Security teams in organizations must remain nimble and vigilant to stay ahead of criminals.