IT security was already top of mind for most organizations, but 2021 has brought it to the forefront of concerns for any business. With multiple major attacks occurring, such as the SolarWinds , the Colonial Pipeline attack, and now the JBS attack, it’s clear that hackers are not planning to slow down anytime soon. Read what NetGain’s Director of Security Scott Logan, and one of NetGain’s top Security Analysts, Stephen Garrison are predicting for IT security trends for the rest of 2021.
Colonial Pipeline Attack Effects
All energy organizations, not just those in the fuel sector, need to prepare their security strategy now, Logan says. This recent ransomware hack exposed many vulnerabilities within this vertical, and it is important to take stock of where your security is if you are part of this industry. In addition, the US Government is going to start creating cybersecurity standards for pipelines, which will then expand into the rest of the industry.
Remote Work – Still a Prevalent Part of IT Security
As businesses start to assess returning to the office, either in a hybrid approach or full time, security should be top of mind. While the initial shift to remote was emergent due to the pandemic, and focused on connectivity rather than security, returning to the office or making a new operating plan for the future means there is time to focus on security (and correct any vulnerabilities caused by the rapid initial shift).
A lot of systems that were taken home are going unpatched, Garrison said – it is important to have a series of steps for any and all devices when bringing them back into the office, so that a single infected device doesn’t spread to the corporate network.
Something many organizations may not have considered is t vulnerabilities of their VPN, Logan explained. There is not a lot of protection behind authentication of VPN like multi-factor authentication. MFA via an SMS message can be easily compromised, Logan said. He recommends using Microsoft or google authenticators which are encrypted, or one time passwords, to keep your VPN secure.
New Challenges with Ransomware
New types of ransomware attacks are occurring that are more damaging. Hackers are taking business data and either selling it or destroying it, or leaking it to the public in order to prove they have acquired it. The increasing popularity in cryptocurrency also means that ransomware will continue to be a prevalent threat for the future.
Supply Chain Attacks
Due to the SolarWinds hack, which was a supply chain attack, we are seeing more of those attack behaviors from other cyber criminals. Now, we are seeing even more attacks targeting government-associated companies.
Prediction – Cloud Attacks Will Increase
Logan explained that due to the major move to the cloud by many organizations, this is a prime area of concern for businesses. Many are performing a “lift and shift” to the cloud but not addressing vulnerabilities. It is important to note that the cloud is not inherently secure. Leveraging solutions like Microsoft 365 might be a great step for your business, but it is important to understand that these are not secure out of the box, and must be configured to protect your organization.
Miscellaneous, But Prevalent, Security Issues
COVID-19 phishing is on the rise again as CDC changes its guidelines and the country continues to get vaccinated. Phishing in general is hard to mitigate, and both Logan and Garrison agreed the best way to prevent it is to create awareness within your organization.
Businesses are suffering from a lack of cyber professional oversight, Logan says. No one is guiding them towards security frameworks or compliance structures to protect their business. Some are attempting to use their IT department for security, which is a burden to put on IT, and is not sufficient as your general IT department will not have the proper security background. As such, Logan says, there is a large need for cyber professionals. As SOC and as-a-service security businesses grow, smaller businesses will have less access to cyber professionals, which means leveraging solutions like a vCSO may be a good solution.
Implementing comprehensive set of security controls is the first step and main way to prevent the threats discussed above. As you assess your security strategy for the second half of 2021, keep these IT security trends in mind.