Alsid Cybersecurity Predictions for 2021
January 2021 by ALSID
Identity is the new security focus: Between the public cloud adoption trend, remote work explosion, and corporate data dissemination, the need to focus on user identities is essential. Companies should be asking who these users are, what their access is and whether they should have access at all. Some may wish to adopt Zero Trust strategies in order to secure their hybrid cloud journey but there is no one-size-fits-all strategy. Whatever they decide, identifying user account identities will be a key trend in 2021.
Hybrid and public clouds will see an uptick in attacks: Despite the ubiquity of cloud application use across enterprises – an average of 200 SaaS applications are used in companies with 1000+ employees – cyber attacks aimed at the cloud are still relatively rare. Heading into 2021 we expect this to change with hackers using cloud API paths to move laterally across organisations. Expect to see much more of these types of attacks in 2021.
Malware will expand its use of UEFI/BIOS ROM: At the end of 2020, the Trickbot botnet paved the way for a new malware generation using UEFI/BIOS ROM to store malicious code and evade local security defences. In 2021, the next development will be to use UEFI/BIOS to execute command & control directly from the ROM. CISOs who based their security posture on AV or EDR might need to reconsider their approach in the coming months.