10 Cybersecurity Predictions for 2021: Trends in Protecting Remote Workforces, Part 1

Mark Wojtasiak, VP, Portfolio Strategy and Product Marketing at Code42 put it best: “With 71% of cyber professionals reporting increased threats since the COVID-19 pandemic started — all while undertaking a massive shift to cloud, collaboration, and remote working — 2020 has tested the very foundation of security.” It’s been a year of changing work styles and rapid adoption of new technologies and processes, with the pandemic forcing IT and security teams to quickly support a surge in remote work and all the security and infrastructure needs that come with it. Against the backdrop of increasingly remote workforces creating more opportunity and attack vectors for malicious cyber actors, here are our cybersecurity predictions for 2021. We’ve compiled this list of predictions from experts across the Exabeam team, our partners and customers.

As with last year, we’ve structured the predictions by People, Processes and Technology — the familiar pillars of organizational transformation that underpin the globally used information security standard, ISO/IEC 27001. In this post, we present security predictions for People. 

Security predictions for People

Credential-based attacks will continue to rise in 2021 and beyond. We know login credentials still carry significant value because of how often they are stolen. Usernames and passwords remain critical to helping us get work done, or pursue personal interests like online shopping, banking or connecting with friends and family. In 2019, billions of credentials were exposed in data breaches. Unsurprisingly, this trend continued in 2020. These stolen credentials fuel the underground economy and enable credential-stuffing attacks.

A big issue of a large remote workforce is with login credentials for a myriad of applications and services — across public, private, and hybrid clouds — that are all accessible from outside of the corporate firewall. Hackers will take advantage of employees and contractors accessing these services to gain a foothold in an organization’s apps and data.

We know that hackers are not concerned about being detected on the network, and will ‘live off the land,’ or mimic typical user activity because it is extremely difficult for administrators to detect. What complicates this matter further and allows credential-based attacks to continue is that most organizations don’t have the staff, tools, or bandwidth to detect unusual activities among users. Lateral movement, combined with account switching (using a different account when targeting a different host), is even more challenging to sniff out. Additionally, the fact that accounts exist across clouds makes it hard to correlate identities.

Analysts will improve their ability to detect malicious behavior. Analysts will identify major gaps in their threat hunting tools and techniques and move to quickly modernize the security posture. Andy Skrei, VP of Worldwide Sales Engineering at Exabeam says, “Protecting businesses from security threats on an ongoing basis is essential, but many organizations have continued to use outdated threat hunting procedures that put them at greater risk. The key to steering toward a proactive security posture is to look at tactics, techniques, or procedures, also known as TTPs.”

Instead of waiting for an incident to happen and set off alerts or rely purely on IOCs, TTP monitoring looks for certain behaviors that are telltale signs of an impending attack. TTPs are all about attacker behavior, and the only way to move to a TTP-based approach is to leverage analytic capabilities. 

In 2021, Andy predicts. “We’ll see a steep rise in security analysts adopting this approach. By introducing analytics to the equation and pairing them with TTPs, security professionals will be able to filter out those everyday activities.” Instead of monitoring for specific risks, analytics watch for changes in patterns, which can help prevent the alert fatigue that comes from too many false positives. When a business is aware of the activities happening across its network, it’s better prepared to protect itself against security breaches.

Stay tuned. We’ll be back with the next article in our series on security predictions for 2021.