Placing no trust in anything may be the big thing next year.
As 2020 comes to a close, identity and access management firm One Identity has put together a list of predictions that may define cybersecurity in 2021. Without further ado, here are four major trends our data portends:
- Eliminating privileged attacks through Zero Trust Architecture
With some 80% of data breaches that still involve compromised or weak credentials, the industry-wide adoption of zero-trust architecture will make it even more challenging for cybercriminals in 2021.
The final publishing of NIST SP 800-207 will enable more enterprises and government agencies to adopt the concept of zero-trust architecture. This shift will move enterprises away from the basic ideas of persistent permissions and the uncontrolled access of both humans and computers.
Privileged access will no longer need to be persistent or permanent, but assigned and access granted on a per-session basis, taking the old idea of ‘least privilege’ a step further to protect sensitive data. Through zero-trust architecture, the coveted privileged accounts, that are commonly targeted, are more effectively managed, making them simply not valuable to the attack process.
- The year of the remote-work data breach
At the start of 2021, there will be an increasing number of companies that will begin to acknowledge data breaches that occurred in 2020.
In response, there will be a drastic number of regulatory audits, making it appear that data breaches are on the rise. However, the vast majority of breaches being publicized will not be new. Instead, the breaches that make headlines will be opportunities that were taken during the chaos and lack of management in the shift to remote work.
This will cause many companies to begin doing quick security fixes and focus on privileged account management to address the problem. However, government agencies will already have recognized how slow companies are to identify a breach, resulting in the implementation of stricter auditing practices.
- The birth of RPA’s digital identity
This will be the birth year of digital identities for the digital workforce. What many security professionals have failed to realize is that the user identities created for robotic process automation (RPA) technologies to connect to a company network in order to execute a task, are just as vulnerable as their human counterparts.
Throughout 2021, identity and security teams will begin to realize the unconsidered security challenges of RPA, such as how creating and destroying digital workers results in account orphaning and ‘privileged creep’.
Like we have seen with other innovations this lack of awareness around the security implications of RPA will cause a significant RPA breach in 2021, causing security teams to recognize the need for the privileged management and governance of the digital workforce.
- Ransomware-as-a-Service escalates
We are going to see an increase in less-technical criminals leveraging ransomware. The drastic increase in ransomware attacks and evolution of new and more sophisticated strains of ransomware in 2020 will continue. However, there will be a new surge in ransomware-as-a-service as the less technical hackers realize its potency.
This surge will be fueled by the ongoing remote workforce as less-secure networks and devices being used in the home allow ransomware to travel from personal devices onto the corporate networks. As more companies get hit, companies will start secretly paying the ransomware to avoid having to publicly announce the attack. As a result, stricter and larger fines from regulatory groups will be enforced as a way to encourage companies to proactively fight ransomware.