Exposed APIs, hacked software updates and complacent remote-workers are just some of the harbingers of cyberthreats to come: report.
Home networks, remote-working software and cloud systems will be at the center of a new wave of attacks in 2021, predicts a cybersecurity solutions vendor.
The forecast is that cybercriminals in 2021 will particularly look to home networks as a critical launch pad by which to compromise corporate IT and IoT networks. The report warns that end users that regularly access sensitive data will be at greatest risk.
Attacks will likely exploit known vulnerabilities in online collaboration and productivity software soon after they are disclosed, rather than zero-days.
According to Nilesh Jain, Vice President (Southeast Asia and India) Trend Micro, the firm making these predictions: “With businesses shifting to remote-working, cybercriminals went after tools used in these environments such as video conferencing apps. We predict more aggressive attacks to target corporate data and networks. To defend cyberspace at the outset, security teams will need to double down on user training, extended detection and response and adaptive access controls. This past year was all about surviving: now it’s time for businesses to thrive, with comprehensive cloud security as their foundation.”
Exposed APIs a preferred attack vector
The firm further predicts that ‘access-as-a-service’ business models of cybercrime will grow, targeting the home networks of high-value employees, corporate IT and IoT networks.
IT security teams will need to overhaul work from home policies and protections to tackle the complexity of hybrid environments where work and personal data comingle in a single machine.
Zero-trust approaches will increasingly be favored to empower and secure distributed workforces, said Jain. As third-party integrations reign, the firm also warned that exposed APIs will become a new preferred attack vector for cybercriminals, providing access to sensitive customer data, source code and back-end services.
Cloud systems are another area in which threats will continue to persist in 2021, from unwitting users, misconfigurations, and attackers attempting to take over cloud servers to deploy malicious container images.
According to Jain, cybercriminals will continue to go where the money is: seeking the greatest financial returns on their attacks. Organizations and security teams must remain nimble and vigilant to stay ahead of criminals, he said.
Four precautions against the forecasts
To mitigate these unsavory cyberthreats, readers can bear in mind these suggestions by the firm:
- Foster user education and training to extend corporate security best practices to the home, including advice against the use of personal devices for work purposes
- Maintain strict access controls for both corporate networks and the home office, including Zero Trust
- Double down on security and patch management programs while maintaining other cybersecurity vigilance best practices (Editor’s note: with the recent massive Sunburst attack, the security threats of software patches and related updates will need to be given fresh examination.)
- Augment threat detection with security expertise to protect cloud workloads, emails, endpoints, networks, and servers round-the-clock.