Expect 2021 to Be Fraught with Cybersecurity Threats
Ransomware, insider threats, VPNs, weak APIs. Here's what MSPs/MSSPs need to know for 2021.
![2021 - The Year of Extortion 2021 - The Year of Extortion](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt6f55504317486645/652456f9372d320d2692167f/2021-The-Year-of-Extortion.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Starting in just a couple months, the risk of employees leaking data, on purpose or not, will rise from 25% to 33%. That’s what Forrester wrote in its recent report, Predictions 2021. No surprise, that increase stems from the global shift to remote work because of COVID-19. But it won’t just be external bad actors prowling for corporate data who try to put MSSPs and their clients in a bind. More than anything, that problem will come from staff.
Forrester cites three main reasons for the uptick in insider cybersecurity threats. The first, of course, comes from the increase in remote work due to the pandemic. The second results from widespread COVID-19 shutdowns and their subsequent economic fallout. So many jobs are on the line that employees may act out. Third, people can move company data more easily than ever.
“Combined, these will produce an increase of 8 percentage points in insider incidents, from 25% today to 33% in 2021,” Forrester analysts wrote. “The overall number of insider threats will also be pushed higher as firms get better at identifying and attributing incidents to insider activity.”
The attacks don’t have to be malicious to qualify as problematic, however. As Guru Pai, CEO of Privafy, says, “the human being will continue to be the most vulnerable part of cybersecurity. Either consciously or unconsciously, that’s going to be the place where compromise happens.”
In its 2020 Cyber Threats Report, Netwrix also pointed to the troubling trend toward insider cybersecurity threats. In fact, the vendor found those the number of those breaches will outpace those of their external counterparts. Ever since organizations went remote in response to COVID-19, four of the top six types of cybersecurity incidents continue to come from staff. The reasons vary: accidental mistakes by admins (suffered by 27% of respondents), accidental improper sharing of data by employees (26%), misconfiguration of cloud services (16%) and data theft by employees (14%). Almost 80% of CIOs see users as more likely to ignore IT policies in the coming year and pose greater security risks than ever before.
“MSSPs need to offer dedicated work-from-home and back-to-office services that will target data security protection against insider threat, and help organizations to assess their current security posture to identify security gaps,” Ken Tripp, Netwrix channel chief, says.
Managed service providers are tasked with protecting their clients from cyber harm. Indeed, in many cases, they also must shore up their own operations to ensure this. As a result, tech association CompTIA predicts more MSPs will add security expertise. The MSSP category will get even stronger in 2021 as more MSPs take on the security mantle – and as they, too, attract the hackers’ attention, CompTIA said.
“Cybersecurity, especially during this wave of remote working, is a discipline that is table stakes for all kinds of channel partners,” CompTIA wrote in its Industry Outlook 2021 report. “It’s not a nice-to-have, but a need-to-have. Not having security expertise is a deal breaker for many customers considering whom to work with as a technology provider.”
One MSP taking insider threats to heart is MSP 501 Digital Innovator Integritek. The Austin, Texas-based partner is developing a solution that targets a specific group.
“Overprivileged users are the biggest threat, and they can be malicious or not,” says CEO Brett Paulson says.
“I can’t talk exactly about what we’re doing there because there’s some secret sauce,” he says. But, he adds, “my current thought is that I’m not doing the industry any good by having secret sauce.”
Because of that, Integritek may add its insider threat platform to its roster of services.
“We’re trying to help SMBs become better, more efficient,” Paulson says.
But back to remote work in particular. Cyber criminals have an especial affinity for this setup, and that will remain the case in 2021. In fact, says WatchGuard, malicious hackers “will exploit under-protected home networks as an avenue to access valuable corporate endpoint devices.”
Much of this will happen via worm functionality modules in the malware.
“We expect to see malware that not only spreads across networks but looks for signs that an infected device is for corporate use (such as evidence of VPN usage),” the company says.
To that parenthetical point, WatchGuard notes that it predicts attackers to “significantly” ramp up their assaults on VPN, remote desktop protocol and other remote access services.
“Using stolen credentials, exploits and good old-fashioned brute-forcing, we believe attacks against RDP, VPN and remote connection servers will double in 2021,” WatchGuard says.
Oh, yes, there’s more.
Insider threats, due in part to remote work, do not pose the full extent of the looming cybersecurity danger. Vendor Acronis is calling 2021 “the year of extortion,” primarily due to ransomware.
Malwarebytes agrees.
“Criminal groups are favoring this kind of attack to extort large amounts of money,” the company tells Channel Futures. “We are talking millions of dollars being asked for each ransom victim.”
To that end, ransomware will look for new quarry and become more automated. Rather than continuing to cast a wide net, attackers will focus on targets that provide a bigger return on their efforts. Breaking into one network to steal data from several companies is more profitable than attacking individual organizations.
In other words, MSPs and MSSPs, look out for clients (and yourselves) housing data on multiple customers, and in cloud environments.
COVID-19 put organizations in a crunch. Throughout early- to mid-2020, they rushed to support remote work via cloud services and applications. That trend will keep enterprises at risk in 2021.
“The cloud is a new opportunity for attackers,” says Moritz Mann, CSO at Open Systems. “Cloud-based data and services are critical to business operations, and cloud services aggregate large populations of potential hacking victims.”
It’s not just outsiders, though.
“We predict that data breaches and exponential compromise in cloud infrastructures will be caused not by cloud providers but by misconfigurations and missteps of unwitting users,” says Trend Micro in its 2021 security predictions report, Turning the Tide.
Of course, to Open Systems’ observation, that doesn’t mean bad actors won’t have their heads in the cloud. Trend Micro concurs.
“Other concerns for cloud adopters are hackers attempting to take over cloud servers and deploy malicious container images,” Trend Micro notes. “We expect a sprawl of vulnerable images running in various architectures as users put unfettered trust in container services and depositories. These images will be aimed at hijacking repositories and poisoning resources. Exposed data will be a common pitfall that leads to cloud-based breaches and attacks in organizations.”
2021’s ransomware efforts will be all too well described with some form of the word “aggressive.”
“We predict that the coming year will see ransomware gangs become increasingly aggressive in finding more ways to tighten the screws on victims.”
That comes from Symantec. More hackers will team up, creating a new and worrisome trend: “[S]ome of the biggest actors in cyber crime [are] coming closer and closer together, in particular some of the biggest botnet operators and ransomware authors,” Symantec’s Dick O’Brien notes in the company’s 2021 Cyber Security Predictions blog.
“For the past number of years, Emotet (and until very recently Trickbot) have been among the most powerful botnets, stealing credentials from infected users and selling their services to malware authors looking for a distribution channel,” O’Brien says. “Meanwhile, targeted ransomware (ransomware attacks where most, if not all of the computers at the victim’s organization are encrypted) is among the most lucrative cyber crime niches, sometimes earning attackers millions of dollars from a single attack.”
MSPs and MSSPs: Stay alert.
But it’s not just the number of ransomware attacks that will pelt organizations in 2021, it’s the variety and frequency. That’s the view from FireEye, which ranks among the cybersecurity companies seeing more hackers embrace ransomware as a service. This opens the door for less skilled actors to jump on the ransomware bandwagon – and it facilitates the rapid growth of these threats.
Regardless of the approach, FireEye warns that hackers are on the hunt for organizations’ most critical assets.
“Through post-intrusion reconnaissance and the deep enumeration of networks, we currently see threat actors locking up the most relied on and sensitive data and architectures, which leads to much higher ransom amounts,” the firm writes in its report, “A Global Reset: Cyber Security Predictions 2021.”
Indeed, these so-called ransomware operators are turning up the heat on their prey. That’s going to create big problems in the coming year, FireEye says.
“We expect to see attackers use retained data in other ways as they digest the content. This could include returning with more demands or publicly embarrassing an organization.”
Many an MSP/MSSP deploys APIs for customers. Those interfaces will prove a weak spot in 2021.
“As APIs become more prominent in the enterprise space, so will their attack surface,” according to Trend Micro’s 2021 security report. “APIs will become a preferred target as they also act as conduits for third-party integration, and we predict that API security will be a new focus area for adversaries in 2021.
Channel partners must make sure these APIs aren’t easy to discover, as usually is the case. They also must ratchet up the security on APIs. Otherwise, Trend Micro says, APIs “introduce several weaknesses that could be vectors for data breaches in enterprise applications. Some recent cases have reported gaining access to users’ personal information and finding exposed source code and access to backend services.”
Traditional defense mechanisms – think Captchas, JavaScript, etc. – aren’t enough. They still leave APIs only somewhat protected, if at all, Trend Micro says.
“We recommend configuring access control and authentication mechanisms with a defense-in-depth approach and regularly monitoring access logs.”
Cybersecurity represents “a perpetual arms race,” as CompTIA’s Tim Herbert put it earlier this year. 2021 won’t be an easy year for partners intent on protecting their clients from threats. MSPs, MSSPs and other channel players offering cybersecurity services and platforms must work to stay ahead of hackers – and, yes, internal users. Do this through extensive education, effective training, staffing, and exploration of the latest tools and capabilities. Along the way, keep customers informed.
Partners “need to act as trusted advisers and be able to demonstrate and communicate risk posture enhancement over time,” Netwrix’s Ken Tripp recently told Channel Futures. “This not only will help to stand out from the competition, but also build trustful relations with customers. … Most organizations will be happy to get incident statistics, vulnerability statistics, some kind of state of cybersecurity score. Service providers that will be able to connect service to the risk reduction that can be estimated in dollars will be more successful.”
Cybersecurity represents “a perpetual arms race,” as CompTIA’s Tim Herbert put it earlier this year. 2021 won’t be an easy year for partners intent on protecting their clients from threats. MSPs, MSSPs and other channel players offering cybersecurity services and platforms must work to stay ahead of hackers – and, yes, internal users. Do this through extensive education, effective training, staffing, and exploration of the latest tools and capabilities. Along the way, keep customers informed.
Partners “need to act as trusted advisers and be able to demonstrate and communicate risk posture enhancement over time,” Netwrix’s Ken Tripp recently told Channel Futures. “This not only will help to stand out from the competition, but also build trustful relations with customers. … Most organizations will be happy to get incident statistics, vulnerability statistics, some kind of state of cybersecurity score. Service providers that will be able to connect service to the risk reduction that can be estimated in dollars will be more successful.”
If managed service providers and managed security service providers thought 2020 was busy, just wait. In 2021, cybersecurity threats will only ramp up.
The catalyst? COVID-19, of course. The shift toward remote work this past year will continue, and hackers are loving the increased risk for organizations. The onus falls on MSPs and MSSPs to try to prevent problems in the first place, and mitigate them if they do blow up. But what are some of the biggest cybersecurity threats lying in wait?
Scroll through the slideshow above. We’ve compiled a comprehensive take on several of the most imperative 2021 cybersecurity threats partners need to know about — and added some actionable insight along the way.
Read more about:
MSPsAbout the Author(s)
You May Also Like