Helping CISOs prepare for the 2021 Threat Landscape
Alain Penel, Regional Vice President – Middle East, Fortinet sums up the various evolving scenarios of threat vectors as we move into the new year
In an era of constant innovation, it is important to be constantly aware of the impact that new technology has on the threat landscape. While IoT devices and multi-cloud environments have proven beneficial, especially in times of increased remote work, CISOs must also understand the risks that such solutions pose to their employees and to their organization.
Over the past 20 years, Fortinet’s team of security researchers has found that while certain aspects of cyberattacks continue to evolve, such as new malware or targeting new elements of the network, the underlying attack patterns, criminal behaviors, and end goals have typically remained the same. In recent years, the team’s predictions have addressed issues such as the evolution of ransomware, attacks targeting converged technologies, and the weaponization of machine learning (ML) and artificial intelligence (AI). However, while some of these threats have already come and gone, others are only just starting to make an impact.
Cybercriminals Will Continue to Target Edge Environments
As digital innovation, the expansion of the network, evolving corporate strategies, and the growing reliance on business applications continue to accelerate, the traditional network perimeter has been replaced by multiple edge environments—each with their own unique set of risks. Cybercriminals are fully aware of these vulnerabilities, as well as the fact that for far too many organizations, a full security strategy often lags behind network expansion. They also know that organizations often sacrifice security to maximize agility and enhance performance between these interconnected edges. This lack of adequate security measures has led threat actors to allocate significant resources towards targeting and exploiting new edge environments, especially the home office branch and remote workers. Through the weaponization of 5G and edge computing—and the subsequent deployment of swarm-based attacks—cybercriminals are able to easily target victims while fending off most of the lackluster solutions attempting to fight their attacks.
Combining AI and Playbooks to Anticipate Threats
As cyberattacks grow more advanced, CISOs should understand the role AI can play in helping their organizations stay a step ahead of their cyber adversaries. In addition to enabling an automated system that can detect threats and attacks before they occur, AI can also be used to document the behaviors of cyber-criminal activity in detail, resulting playbooks that can help identify an attack, anticipate an attacker’s next moves, and circumvent their threat before they can complete their mission or achieve their objectives. As AI and ML systems gain a greater foothold in networks, their ability to build out such playbooks is not far from reality. In fact, basic playbooks using schemes like the MITRE ATT&CK framework to standardize behaviors and methodologies are already being used by various threat research organizations, including FortiGuard Labs.
The Increasing Sophistication of Ransomware
One of the most likely outcomes of this will be the continued evolution of ransomware, making it one of the most dangerous and damaging threats facing organizations today. In addition to encrypting data and systems, cybercriminals are now posting data on public servers and threatening to expose organizational leaders unless a ransom is paid, moving extortion and defacement to the digital realm. And while there are now organizations appearing on the darknet with a business model of negotiating ransoms to save victims money, the benefits of this are short-term. And at the end of the day, the bad guy will almost always get a payday, which will only reinforce their criminal behavior.
The Continued Development of Swarm Intelligence
Inspired by the collective behavior of biological systems such as ants, bees, or flocks of birds, swarm intelligence is being developed by industry to tackle such tasks as efficiently exploring a new environment by collecting, aggregating, and correlating data in real time, rapidly assembling complex devices, optimizing complex problems such as vehicle routing, or tightly coordinating flight maneuvers of a squadron of military jets. As this technology matures, the opportunities for malicious use are endless. The cyber wars of the future will occur in milliseconds, meaning the primary role of humans will be to ensure that their security systems have been fed enough intelligence to not only counter attacks in real-time but also anticipate such attacks so that they do not happen in the first place. To defend their networks against these increasingly sophisticated, and eventually, AI-enabled attacks, security teams must look to adopt AI-enhanced technologies of their own designed to see, anticipate, and counter such threats.
Satellite-Based Systems Present New Opportunities for Threat Actors
Security implemented after the fact is never as effective as if it were to be interwoven in the fabric of a new network or solution right from the start. This is especially important to remember as our reliance on data and internet links enabled through advanced satellite-based systems continues to grow. And while satellite security concerns have traditionally been nominal because they are extremely remote, this may no longer be enough as satellite-based networks proliferate. By compromising satellite base stations and spreading malware through these networks, attackers potentially gain the ability to potentially target millions of users. Such attacks will likely start with such tactics distributed denial-of-service (DDoS) attacks, but as communication through satellite systems becomes more common, CISOs should expect more advanced attacks to follow.
Looking Ahead to the Role of Quantum Computing
The 2020 FortiGuard Labs Threat Predictions report highlights several important concerns, but perhaps the most forward-looking involves quantum computing. While access to quantum computers is beyond the scope of traditional cyber criminals, one of the biggest concerns is the use of such systems by nation-states to break cryptographic keys and algorithms. Experts now expect quantum computers to break elliptical curve cryptography by 2027, and governments everywhere are developing cyber strategies to address such a threat. With this in mind, organizations, like their government counterparts, will need to adopt quantum-resistant computing algorithms wherever cryptography is used to “sign” and protect the integrity of information as soon as they become available.
What’s Next for CISOs?
The threat landscape will only grow more advanced as time goes by, meaning that it is no longer a matter of if an organization will be a target of a cyberattack, but instead a matter of when. Which is why, in addition to establishing a proactive and forward-looking defense strategy, CISOs also need to solidify their plans for effective incident response and business continuity. The use of an integrated AI system will enable a security team to defend their networks and respond to attacks before they can leave a mark.
But even with the right technology in place, organizations cannot be expected to fend off the full range of modern attacks on their own. To effectively protect their networks, they will also need to:
- Subscribe to threat intelligence feeds
- Join relevant consortiums
- Proactively share data and strategies with others in their region or industry
In addition, organizations must also work with vendors who have established partnerships with public sector institutions, including education and law enforcement. Such public-private sector alliances help raise the bar for the detection, response, and prosecution of criminal behavior. And organizations must also play an active role in educating their employees and others to not only engage in safe cyber behaviors, but possibly even consider a career in cybersecurity, helping to close the skills gap while protecting others along the way.
Because cybercriminals do not respect political borders, law enforcement organizations have built global command centers closely tied to the public sector, helping them see and respond to cybercrime in real-time. By weaving similar threat intelligence into their security resources and enabling team members to stay abreast of the latest updates, CISOs can build and deploy more effective playbooks that will not only help their own organizations, but by being a good neighbor, also help protect others that could be affected by certain threats.
Final Thoughts on Cyberthreat Predictions for 2021
What this latest round of predictions highlights is the fact that cybercriminals will only grow more advanced in their attack methods. During such a time of rapid evolution, it is up to CISOs to stay up to date on the latest threat intelligence as well as understand how the new technologies and network operations their organizations adopt to improve efficiency could have a lasting impact on cybersecurity. By monitoring the threat landscape, partnering with the right vendors, and establishing valuable alliances, these security leaders can better protect their employees while also helping the industry as a whole stay ahead of modern threats.