2020 was a hugely disruptive year across the globe. And while cybersecurity may have been background noise to a world tuned to health and financial issues, widespread cyberattacks have left reverberations that will be felt for years to come.
We asked expert speakers from the recent Hybrid Identity Protection (HIP) Conference to share a brief look back at what happened in 2020 and what they’re focusing on in the year ahead as they work to solve the complex identity and access management challenges that arise in today’s fast-moving business environments.
Mickey Bresman, CEO, Semperis:
“In 2020, cybersecurity programs put special focus on defending their identity infrastructures, particularly as COVID-19 accelerated the adoption of remote workers, cloud services, and devices. And it’s become clear just how opportunistic attackers are, compromising targeted networks several months before deploying the ransomware, waiting to monetize their attacks until they see the best financial gain. Bad actors even launched phishing, malware, and other attacks that exploited public concern over COVID-19. Nothing is off-limits, not even the most vulnerable.
The best way to predict the future is to study the past. The SolarWinds supply-chain attack recently took the world by storm, triggering flashbacks to the 2017 NotPetya attack. In 2021, we, unfortunately, expect to see more of the same. The good news is that organizations are waking up to the fact that identity is the first and last line of defense. “
Andy Greenberg, Senior Writer, WIRED and the author of the book Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
“After 2017, when we had three [ransomware worms] in a row – there was WannaCry in May, then NotPetya in June, then a few months later was Bad Rabbit – after that, I kind of fell into a mindset that these were just going to be regular events – that there will be worms. Ransomware worms around the world all the time...Maybe those events needed to happen for the nations and threat actors responsible to see that ‘Oh, I see this is going to get out of hand and will have unintended consequences, even for us, if we continue.
[Since then] we have certainly seen just an ongoing epidemic of targeted ransomware attacks. In terms of trying to respond at an organizational level as a victim, I think that even more than defense, I want to focus on resilience. You may not be able to prevent an attack, but perhaps you can be ready to respond to one and to bounce back from one.”
Chris Roberts, Hacker in Residence, Semperis:
“As disruptive as 2020 felt, in many ways, 2021 will bring more of the same. Ransomware will continue to run rampant. Infosec will continue to focus on fixing the same problems it itself created, while another buzzword will emerge providing new marketing fodder. Ignoring simple fixes will be at the heart of several new breaches, and when those incidents occur, there will be plenty of blame to pass around, but too little accountability. Everyone’s still going to buy tech rather than invest in people. IoT will be a top threat vector as the value of companies like Zoom continue to skyrocket thanks to the boom (and continued popularity) of remote meetings and work.
Rather than focusing on next and new, we need to sort out some of the challenges we have today – accountability, people (then process, then tech), apprenticeships before certificates, communication before sales, collaboration before blame, cooperation before lawyers…and the list goes on.”
Wim van den Heijkant, Co-Founder and Security Consultant, Fortigi:
“I think ‘work from home’ will be here to stay. I already have customers saying they will move to a policy to work at least 50% from home even after the pandemic. This will change the IT landscape for good. If zero trust is not already a buzzword it will definitely be the term for this transition.
Solutions like Citrix and VPN will not lead to employee satisfaction and eventually productivity. So, we will see more and more smart, identity–aware proxies. And Cloud adoption.
But this transition will be hard. We will see more high–impact Citrix and other border device bugs. And we will see more cloud adoption went wrong stories…understanding the pitfalls of zero trust setups is going to be key.”
Darren Mar-Elia, VP of Product, Semperis:
“We will begin to see more sophisticated attacks that leverage on-prem compromises to pivot to cloud identity systems and resources (so called ‘vertical movement attacks’). Ransomware attacks will also continue to get more sophisticated, and the trend towards data exfiltration and the threat of data release will likely continue.
Organizations looking to defend themselves from these ever-increasing attacks will need to up their game in terms of how to secure and administrate over their networks and systems. Many shops today assume ‘it won’t happen to me’ and don’t invest in the changes that are needed to really protect themselves. This will become increasingly untenable as attackers take advantage of new pathways to exploiting companies for profit.”
Sean Deuby, Director of Services, Semperis:
“When it comes to threat vectors, standard attacks (brute force, password spray, phishing) will get a bit more sophisticated, but they’re pretty successful as they are, so not a lot needs to change. Ransomware will continue to accelerate, even to the expense of other types of commercial (compared to nation-state espionage and cyberweapons) malware.
Because the forces are asymmetrical – it’s much easier for the attackers than the defenders – I frankly fear for the legitimate digital economy. More and more attackers are using increasingly sophisticated off-the-shelf tools, purchased from a marketplace just like any other, and feasting on organizations that can’t afford to staff up in defense. The dark digital economy will be booming, and this will continue to some kind of breakdown.
In terms of tools, businesses will slowly begin to migrate away from SMS for MFA in favor of authentication apps. Likewise, passwordless authentication will slowly gain adoption. WebAuthN adoption (passwordless for mobile devices) will grow.
Remote access and WFH are here to stay, in a big way. Many organizations will to back to the office, but COVID has proven that many of them function just fine without people in office chairs – and at a much lower cost. The reality is that the technology to remote work has been here for a while; it’s the culture that has lagged behind. Ask anyone that’s tried for years to get people to use video chat as a regular matter of business, and the other has resisted.
Finally, expect to see the U.S. retaliate against Russia for their SolarWinds penetration. This is a major attack that I don’t believe we can ignore.”
As you look to evaluate your organization’s security to protect critical assets and build resiliency in 2021, Semperis is here to help. Microsoft Active Directory (AD) is the gatekeeper to critical applications and data in 90% of organizations worldwide, making it a prime target for attackers attempting to steal credentials and deploy ransomware across the network. Semperis provides government agencies and Global 2000 enterprises with comprehensive threat monitoring, detection, and response capabilities for directory services on-premises and in the cloud. With Semperis, organizations can continuously scan their directories for security vulnerabilities, intercept cyberattacks in progress, and quickly recover from ransomware and other data integrity emergencies. If you’d like to chat with one of our identity experts, get in touch.
About Hybrid Identity Protection
Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric practitioners. Whatever industry sector or job function, HIP strives to provide its community the insights and relationships needed to enable and protect today’s digitally driven organizations.