QOMPLX 2021: Our Cyber Predictions for the New Year

Between the global pandemic and the massive economic dislocation it caused, the past year also brought us political crises and - of course - a full plate of natural disasters including wildfires, floods and hurricanes. It's safe to say that few of us will be sad to see the back side of 2020. In fact, so bad was it that 2020 became a disaster meme all on its own.

But the past year hasn't just been a milestone for epidemiologists and meteorologists. In the information security field, it has been notable as well. The scourge of sophisticated, human-directed ransomware rose to new heights: crippling municipalities, hospitals and private firms alike. To cap it off: a massive compromise of U.S. government agencies, cyber security and software firms came to light. The attack, which began with a software supply chain compromise, was likely orchestrated by the government of Russia.

We should expect the spillover from those incidents to continue long after the clocks strike Midnight on December 31st. But maybe...just maybe...there will be some good news on tap in the New Year, also? To find out what the New Year may hold, we sat down with two of the sharpest minds we know to ask them about their predictions: QOMPLX CEO Jason Crabtree and CTO Andrew Sellers. Here are some of their thoughts on what 2021 has in store for us.

Jason Crabtree, CEO and Co-Founder at QOMPLX

Active Directory and authentication attacks will continue to drive ransomware and data breach incidents

In 2021, as attackers seek dominance in victim networks, attacks against Active Directory and authentication, like the SolarWinds attack, will continue to dominate major ransomware and breach events. In particular, healthcare and manufacturing attacks will continue to accelerate, given the large amount of legacy protocol use and gaps in visibility in critical infrastructure.

Ensuring visibility over Active Directory will be key for businesses and governments

Businesses and governments must prioritize gaining visibility over Active Directory and using Windows Event Logs as a high-quality and low-cost source of additional insight on their networks.  Organizations need to improve their visibility into the privilege attack surface as well as data capture and coverage for security teams. Assessing their external security posture should be a priority with both inside-out and outside-in cyber risk analysis.

Simulation modeling will support organizations in a post-COVID-19 world

Simulation modeling will become an even more important part of data-driven decision making post-COVID-19. Many organizations have seen that machine learning and deep learning approaches only retain relevance if the future experience is similar to the training data. Synthetic data and simulation can help explore other hypothetical scenarios  - moving from just extrapolation, which is what most people consider as predictive, to generative modeling.

Lessons learned: organizations will invest in cyber insurance

In 2020, we saw mature organizations start to move towards risk-based cybersecurity programs and away from "maturity model" or compliance-centered approaches. The latter lack context and are hard to tailor to the unique threat models and requirements of individual clients, regulators and partners. In the coming year, we will see the most cyber-secure organizations blend affirmative cyber insurance policies. Those policies will ensure adequate resources are available for incident response, remediation and communication in the event of breach or disrupting event.

Financial services, healthcare and retail will lead the way with modern security programs

In 2021 we will continue to see financial services, healthcare and retail industries all move aggressively towards identity-centric security models. We have noted that identity, and especially authentication, are at the center of all modern security programs and network architectures. The most cyber-secure organizations will ensure that their authentication and core control infrastructure is robust. Furthermore, they will improve their ability to observe, at scale, the security posture of that infrastructure and to derive context and insights from the telemetry generated from normal IT networks, OT networks and security controls.

Authentication attacks

In 2021, attackers will continue to use Kerberos- and SAML-based authentication forgeries, as demonstrated in Sunburst breach, to move laterally and persist surreptitiously inside target networks.  IT leaders will need to get serious about finally disabling the fundamentally insecure NTLM protocol and focus on stateful validation of Kerberos and SAML to reduce risk of more forged authentication events which give attackers the keys to the kingdom.

Andrew Sellers, Chief Technology Officer & Co-Founder, QOMPLX

Consumers' data confidentiality will be top priority

As we look ahead to 2021, society will continue to reason about the importance of consumer privacy and countering the "echo chamber" effect of social media. Current data privacy protections and regulations have not yet curbed the collection or use of personal data. With many Americans expressing initial concerns surrounding data collection, especially with the new tracking tools used for COVID-19, there will be continued conversations surrounding the government's role in protecting consumers' personal data. We will see more and more firms investing in solutions that include end-to-end encryption and user-controlled encryption to ensure consumers' data confidentiality.

State, national data privacy laws take center stage

GDPR, CCPA, and similar state regulations (in the U.S.) are iterative frameworks for new privacy legislation. These regulations will continue to evolve in 2021. Other national governments will undoubtedly follow the example set by GDPR and CCPA to address perceived shortcomings in current consumer protection laws. Complying with this thicket of rules will require agility on the part of organizations when it comes to data organization. We will see more companies investing in SaaS product offerings that support compliance initiatives across many different regulatory regimes and to maintain standard operations globally.

Securing remote work continues to be a pressing concern for IT departments

Almost a year after the emergence of COVID-19, companies are still struggling to set up adequate processes and security protocols to foster a seamless work from home experience. In 2021, there will be a continued focus on providing greater security to remote employees. With work no longer tied to a physical space, IT departments need to rethink their organization's security beyond the physical perimeter. We will see IT departments implement new processes and procedures in 2021 to support work-from-anywhere environments. Unfortunately, attackers will continue to target remote workers and find increasingly sophisticated ways to exploit the circumstances of this new work environment. With this sudden shift in the business process, commensurate investment in cybersecurity is needed.