Israel Barak, CISO, Cybereason, tells us why SMBs are facing a rise in cyber threats facing SMBs in 2021.
2020 became a four-letter word in itself and the subject of many memes. However, we did mobilise the largest remote workforce…ever. We have catalysed how we do business and even managed to burn less fossil fuels. The question now is what will 2021 hold for us all in a globalised, connected and perhaps new-normal world?
Small and medium sized enterprises (SMBs) are very often ‘victims of opportunity’ – a combination of untargeted attack campaigns that happen to include enterprise assets like email or IP addresses.
A vulnerable enterprise security perimeter often leading to a breach that can escalate into causing business impacts, like ransomware or denial of service.
SMBs are often targeted by cybercriminals for the value of the data or services that they provide (e.g. credit card information), when attackers assume that the value of the compromised data will justify the effort in breaching what appears to be an inadequately protected target (‘low value for a low effort’).
SMBs that offer managed or professional services for larger organisations are often ‘staging targets’ – they are targeted to serve as a jump off point to provide the attacker with access to their customers’ data or into their customers’ systems.
For SMBs, the biggest security risks in 2021 will involve:
- Mobile devices
- Accelerated cloud services adoptions
- Increases in attacks on managed/professional service providers
Mobile technologies, bring your own device and remote work challenge businesses by amplifying risk and require re-thinking of security architecture and technology. Business executives and network operation personnel will represent higher risk, since their access to business critical systems is not commonly restricted by the same higher degree of protections and limits that is imposed on other employees
- Mitigation: Adoption of endpoint and mobile endpoint management and protection and response (EPP) solutions will expand in medium and small enterprises, with many enterprises consuming this capability through managed security service providers. Enterprises that are at higher risk due to the type of data they process or services they deliver will likely increase their adoption of managed detection and response (MDR) services to further reduce risk from advanced threats.
Accelerated adoption of Cloud Services to host systems and data will amplify the risk of data breaches and service disruptions in poorly managed enterprise cloud environments. The COVID-19 crisis has accelerated Digital Transformation initiatives and cloud adoption and we’ll see continued acceleration in 2021, but most small and medium enterprises still lack the security controls, processes and skill-set to ensure visibility into their cloud assets and adequately secure their cloud footprint.
- Mitigation: SMBs will seek to increase the maturity of their security programme around cloud asset protection, which will include a higher focus on authentication and access controls, cloud native configuration management and vulnerability management. Also, the growing number of security controls and tools in the medium to small enterprise environment and the challenge to manually orchestrate protection, detection and response processes will require medium and small enterprises to better leverage XDR analytics technologies to more easily and efficiently orchestrate and manage security events and incidents across the security stack.
Managed and professional services providers are going to be increasingly targeted because of the type of data they process, services they deliver or systems that they have access to.
- Mitigation: This risk will include faster adoption of endpoint and mobile endpoint management and protection and response (EPP) solutions in the SMBs managed service providers’ networks, with many enterprises consuming this capability through specialised security service providers. Managed service providers or professional service providers that are at higher risk due to the type of data they process, services they deliver or systems that they have access to, will likely increase their adoption of managed detection and response (MDR) services to further reduce risk from advanced threats propagating from their networks into their customers environments or impacting their customers’ data.
High level takeaways
We banned IoT from the enterprise. Who knew that the enterprise would come to IoT. The new enterprise address space is consumer ISPs and the bad guys know it. 2021 will contain a resurfacing of old exploits that target out of data printers and routers, repurposing of DLP techniques for the dark purpose of exploring the world around compromised endpoints and bots. Worst of all, the ubiquity of IoT, starting with poorly protected home automation will begin.
The dark side has not been idle and can use commodity voice-to-text capacity to compromise IP stacks in homes to mine for intelligence and spy with the very best cameras, microphones, storage and access. The time is now for someone to create a new business to bring IT-level support, maintenance, security and maybe even privacy services to the home.
If enterprises will pay tens of thousands for employees to sit in an office, will they perhaps subsidise and protect employee homes one day through outsource contracts at a fraction of the cost to keep us all safe and productive?
2021 will be about ‘work from anywhere’ and it is very much a moving target for security and privacy professionals. We must understand the adversary is moving into a new normal as well. They may not yet have found ways to exploit all weaknesses or even any given weakness. They too are pursuing the lowest hanging fruit while investing in some longer term R&D as they continue to develop new attacks specifically for the home environment.
Threat actors may be purchasing tools from cybercriminals, mining existing botnets to see what IP is on those already-compromised machines or targeting home automation, printers and routers after triangulating IP addresses and digital locations for targets. In the year ahead, targeting new dimensions of technical diversity and innovating to develop new attack vectors will be the name of the game for the bad guys.
Once upon a time, hackers fell in neat behavioural buckets that made their motivations and goals discernible. Or at least they appeared to do and for the most conformed cleanly. However, over time they have become less clear: nation states like North Korea hack for profit to deal with economic sanctions, cybercrime rent out their services to any and all takers, and ransomware has become a tool of the state too.
To further complicate matters, nation states like Iran publish tools to seed back doors in the criminal world and to provide healthy background noise, and government employees for offensive agencies from China to Russia moonlight or go private, without even taking into account the possibility of false flag operations.
While clear modus operandi are still possible to help guide investigations and make them more efficient, the net result is that neat categorisation schema generally and attribution specifically serve less and less use. This trend will continue, so it’s important to prepare for all potential attackers and to some extent to avoid blindspots produced by a false sense of certainty in who the enemy is.
Click below to share this article