With threat actors motivated by uncertainty caused by the pandemic, 2020 saw more breaches than 2019. Experts estimate cybersecurity risks and threats will increase in 2021 as hackers continue to follow the path of least resistance: abusing privileged credentials to access sensitive systems and data.
Watch this webinar as Centrify CEO Flint Brenton shared his predictions about increasing cybersecurity risks, and top priorities for staying cyber-secure in 2021:
- Fragmented identities across multi-cloud environments
- Exponential growth of machine identities
- Where hackers might look to cash in on the Dark Web
- How we might see phishing evolve
- The ongoing rise in ransomware attacks
Flint Brenton, Former Chief Executive Officer, Centrify
Brad Shewmake, Director of Corporate Communications, Centrify
Brad Shewmake (00:10):
Hi, everybody. Thanks for joining us today for this new Centrify webinar about 5 security predictions for 2021. I'm Brad Shewmake. I'm the Director of Corporate Communications at Centrify and I'm joined today by Flint Brenton. He is the President and CEO of Centrify. Flint and I are going to just take about 30 minutes to go through some of the things that we see as trends coming up for the new year, and obviously, it has been an atypical year and that means that we've had to be flexible and adapt to new circumstances if we're going to be successful. And as we look at 2021, I think one thing that's very clear is that uncertainty is likely to continue and for an exercise like trying to create predictions for 2021, that certainly makes it a little bit murkier. But one thing that I think is clear is that threat actors are, have been, and are going to continue to try and take advantage of that uncertainty in the new year.
Brad Shewmake (01:18):
So, that will be a variety of cybersecurity threats that all organizations big and small will have to face in 2021. Excuse me. So, if you’ll look, high level at the kind of categories that we've carved out for the five predictions for the purposes of this webinar. So, the first one is going to be about multi-cloud. The second is about DevOps, for the third prediction. We're going to look at specifically IP theft, intellectual property theft. The fourth one is around phishing, and finally, the fifth prediction will be about ransomware. So, I'll go ahead and kick-off, the first prediction here, which is about multi-cloud and our prediction for 2021 is nearly every business will be cloud reliant, leveraging multiple cloud providers. Flint. Do you want to add some commentary here?
Flint Brenton (02:15):
You bet. Well, you know, Brad when COVID-19 hit many, many enterprises moved their workloads into the cloud for both better resource availability and business continuity. In fact, we did a survey here at Centrify recently that revealed that the remote work shift really accelerated many companies, almost 50% of the company's cloud transformation plans, and those who are not cloud-first, the pandemic really revealed a glaring, hard reality. That is, businesses must embrace the cloud as a necessity and modern technology landscape going forward. They can no longer view it as an option. So, really looking to 2021 and beyond, almost every single business will rely on cloud storage infrastructure, cloud workloads, to survive. That applies to midsize large global enterprises. And they're going to look to leverage multiple cloud providers to meet a wide range of requirements for both centralized and per business unit priorities. And those priorities will be both economic. There'll be technical, there'll be security, and they'll be, scalability. So, if you're going to use an approach to capitalize on this, you must really focus on increasing your efficiency, driving more agility, the security goes with it. So, the businesses can be better equipped for what's going to be a multi-cloud-focused future starting now.
Brad Shewmake (04:07):
Yeah, absolutely. Two things that you just mentioned there that really stood out to me. So, one is this whole idea that, the cloud is no longer nice to have. I mean, if this year has taught us anything, it's, the cloud is a must-have. If you're going to stay ahead of your competition if you're going to stay, relevant if you're going to stay online if you're going to be up and running as a business. It is no longer nice to have you. You've got to have a cloud strategy and the cloud infrastructure there in place, to be successful. The other thing that you touched on Flint was the survey that we conducted earlier this year, the research survey, there were some other key points that came across in that too, 60% don't understand what the shared responsibility model who's responsible for. These workloads are in the cloud. Now, 68% don't use PAM (Privileged Access Management) to control access to a cloud environment. And So, if you're thinking from a multi-cloud perspective, which most organizations are, well, you can't take the access control tools from AWS and use the same tools on Microsoft. It just doesn't work that way. So, having a consistent platform for access control and identity management is one of the things that's going to be crucial for these companies as they continue on their multi-cloud journeys.
Flint Brenton (05:31):
All right, totally agree. And, Brad, we do a lot of business here at Centrify with the federal government, and they are actually leaders in this multi-cloud model and they're creating all their workloads and the workflows that go with executing those workloads to exploit the different capabilities around what we mentioned earlier, efficiency, security, for delivering, workloads that meet all of their requirements. And every cloud provider is a little bit different. And therefore, depending on the workload, they may be selected dynamically to deliver those outcomes. And whether it's identity management or cloud security or security around DevOps in general suppliers and solution providers, like Centrify have to be prepared to deliver that type of kit, capability on-demand on the fly to drive workloads into different clouds.
Brad Shewmake (06:36):
Okay, great. Well, let's move on to the second prediction. And our second prediction stays about DevOps and the prediction is that with the exponential increase in non-human identities, DevOps pipelines and machine identities will become the attack surfaces of choice Flint. I know you've got a lengthy background in the DevOps space. Tell us a little bit more about this prediction for DevOps.
Flint Brenton (07:03):
Well, I'll tell you the day that DevOps is mainstream has already arrived. And, as companies look to adopt new technologies, new tools and methodologies to really enhance their CICD or DevOps process, the security measures they put in place are becoming really complex. So, now in the past, we only had to deal with human identities. Now we have to work with the identities of applications, virtual machines, microservices, and new workloads that need to be protected as well as the APIs within which they interface. So, the whole dynamic between identities related to humans, machines, applications, other services is increasing the complexity geometrically. So, now you add in the challenge of development and operations, DevOps, and security teams that are supporting that remotely; and many organizations because of this increase in complexity are much, much more likely to experience a cyberattack and what we've seen in the past.
Flint Brenton (08:25):
So, really with people working remotely, this is now a reality and some people predict it'll continue even after COVID-19 vaccines are readily available. We're going to see credential-based attacks on the rise and organizations that we all support; you really need to adopt a more centralized, privileged access management solution. It's architecting the cloud, built for the cloud to minimize the risk of attack and, PAM solutions that evolve these modern applications, password management approaches also, known as AAPM can really help by supporting the DevOps teams. They need to secure all the identities, even in very, very distributed environments. Methods, such as Federation, the ephemeral tokens, and delegated machine credentials can reduce the overall attack surface that we all have to cover and seamlessly incorporate PAM solutions into the DevOps pipeline. So, if you combine this with adopting a least privilege approach, these best practices that we are all developing and the very modern solutions we're implementing can improve an organization's security posture and position without really compromising the agility that DevOps solutions bring to the enterprise.
Brad Shewmake (10:02):
Yeah. I mean, I think that last point that you hit on it is a really important one. I mean, obviously, everyone knows that DevOps, is all about agility, right. And, they don't want to have to worry about security. They just want to be agile. They want to go, go, go, and not have to stop. And, So, the question becomes, okay, well, if we can't build it in, how do we automate it, right? How do we build it in a code? How do we make sure that it's an APIs being control, how is their privileged access being controlled? And I think, that is one of the key questions. One of the key challenges that are going to face a lot of enterprises in 2021 is how do you automate the building in that, access control and security into the DevOps pipeline into the process. So, that it's just, it just happens automatically. The developers don't have to think about it. The security guys are happy because they don't have to, be constantly staying up all night, thinking about it and having headaches about it focuses, not just specifically for DevOps teams, but I think for business leaders also,
Flint Brenton (11:24):
No doubt. I'll tell you companies that have been reluctant to drive DevOps into their development infrastructure. It really paid a price with the pandemic that's impacted people everywhere. So, really this is an area that I think requires a high degree of focus, the most advanced enterprises have been doing that for a while. But like with the adoption of any new technology, they're going to be different phases of adoption. And I just think this is one where if you haven’t really fully implemented a DevOps solution, really being very aware of security and identity solutions that can be put into place from the get-go will go a long way towards preventing you from being victimized by attacks and putting yourself in the position where you've got security. And you've got, some degree of peace for the long-term because you've done it right from the get-go.
Brad Shewmake (12:45):
Yeah. And I think they're on the bottom of the screen, kind of says it, all that, malware attacks using machine identities have doubled this in one year from 2018 to 2019 and increased eight x or last decade. So, machine identity is exponentially that the bad guys can get in. So, they're going to try and leverage any way they can. Let's move on to our…
Flint Brenton (13:08):
I was just gonna make a point. I would not be surprised if it's 4X in 2020 over what people experienced in 2019.
Brad Shewmake (13:18):
Okay, great. Well, let's move on to prediction Number three, and this prediction I'm really excited about this is about intellectual property theft and our specific prediction is that intellectual property or IP will be the hacker's next golden ticket. So, I'm picturing Willy Wonka here. So, Flint, this is going to be a meaty discussion. Let's go and get your thoughts on this prediction first.
Flint Brenton (13:45):
Well, I love this one. I mean intellectual property is something that creates tremendous value in virtually every enterprise. And, So, to me, its enterprises are target-rich environments when it comes to the exposure IP has, in the current hacker-driven environment. So, in 2020 this year, we saw a real rise in healthcare breaches, likely because patient records believe it or not often fetch up to $1,000 dollars each on the dark web. And you compare this to credit card data was goes for just somewhere between $12 and $25. And of course, email addresses, which average around $100 if they're acquired in bulk, it makes complete financial sense that this is really the next wave of exposure. Now, during the COVID 19 pandemic, we began to see this really alarming trend, cyber advertising, targeting intellectual property, such as vaccine research, including Russia's APT 29 organization going after research centers in the UK, U.S., and Canada.
Flint Brenton (15:08):
Now with countries and companies around the world, competing to be the first to distribute a viable vaccine. We believe hackers and possibly even insiders will begin releasing the fruits of their malicious efforts on the dark web next year, in 2021. And they're charging a premium fee of tens, if not hundreds of thousands of dollars. What's amazing is how the vaccine is just recently started to be distributed where, the first actual patient to receive the vaccine recently was a 90-year-old person in the United Kingdom, which I was very glad to see. Brad, what are your thoughts?
Brad Shewmake (15:55):
Yeah, absolutely. I mean, when I started to think about the vaccine and the vaccine process, So, obviously the whole R and D part is the one that everything everyone focuses on, right. How quickly are we going to have a vaccine developed, who's going to develop it, how much is it going to cost, right? There's So, much to that vaccine distribution chain that also, goes into this as well. And each one of those points in the distribution chain is a potential point in the process where things can be disrupted. And so, yes, the IP is potentially an area where next year we'll see that hackers will say, Hey, that's valuable information that I can go and steal, and I can ransom it back, or I can sell it on the dark web.
Brad Shewmake (16:48):
But also, one thing that kind of keeps me up at night is thinking about the vaccine distribution chain. So, you know, yes, R and D incredibly important: testing, approvals. But then, you know, you start thinking about production, how you actually transport the vaccine, how it gets stored. You know, some of these vaccines need to be stored at very, very low temperatures. And then finally application you actually just actually giving the vaccination injections to patients and each one of those points in the process. If at any point those get disrupted, then that obviously is going to push back the timeline for how we, as a, whatever you want to call it, state, nation, globe, humanity, how we get past this pandemic. So, but yes, the IP theft is a really interesting one because, if you look at it, that's where disruption is one thing, but making money off the disruption, that's another…
Flint Brenton (17:48):
Right, well, you know, I think that we're just beginning here. So, working closely with your own teams to make sure that you've got viable, we have a viable strategy and how to protect our intellectual property has always been important, but now it's even more important because of the increased risk, the workspace where we're supposed to, and this pandemic driven environment. So, we need, really, as a community, we need to get all over this.
Brad Shewmake (18:26):
Absolutely. Yeah. Resiliency will be key. Okay. Let's move on to prediction Number four. And this one is about Phishing, obviously, a topic that is near and dear to our hearts here at Centrify and our prediction for 2021 is that messaging and video conferencing platforms will become the catalyst for the next wave of phishing attacks, Flint. What are some of your thoughts on phishing and spear phishing?
Flint Brenton (18:54):
Well, it's amazing as you watched what's going on in the market in 2020 because spear-phishing attacks steadily on the rise as a result of COVID-19. According to Barracuda, they've increased as much as 600%. So, as organizations continue to both work remotely and therefore rely on video conferencing and messaging platforms for daily and routine correspondence, amongst members of their teams, cybercriminals are creatively leveraging a large range of ways that they can disrupt as we work to connect in a remote world. So, for video conferencing platforms, messaging apps, these channels keep us virtually connected to our colleagues, but at least substantial room for cyber attacks. So, as we grow accustomed to communicating in real-time, we'll see a rise in cybercriminals, and that's going to utilize employee accounts to conduct phishing attacks. I know we've been subject to this in our own company, just like every other company has, and what we're going to see as a potentially even higher use of spear-phishing by video, where they're going to be using deep fake technology.
Flint Brenton (20:25):
So, these spear-phishing attacks, on third-party messaging platforms, are just going to increase. And this often happens through hackers weaponizing, webhooks to get into the applications we're currently using today. So, if you want, prevention for this, it actually provides an opportunity upon this wave that goes phishing prevention that goes beyond training. So, organizations should plan ahead by requiring multi-factor authentication whenever possible, as well as ensuring they leave zero standard privileges. MFA is really designed to create more certainty that the person using the username and password is who they claim to be based on something they know about such as a password or pin or something they have such as smartphone or hardware key for something they are such as biometrics using face ID or fingerprint scans. So, if we eliminate standing privileges, it really reduces the ability for the attacker to cause damage and even to move laterally throughout the network, because they're not going to penetrate the network as frequently. Brad, what are your thoughts on this?
Brad Shewmake (21:51):
Yeah. So, two things that you, specifically touched on, one was this idea that, okay, well, in a work environment, face-to-face interaction for the most part is, is gone. It's out the window, right? So, now we're all being called on and relying on, using these digital communication technologies, video conferencing, Slack and other messaging platforms, obviously email, and even in your old fashion, just pick up the phone and call somebody, but, text messaging and what's interesting about this is, if you think about it from a hacker's perspective in the past, they may not have been as willing or aggressive in using these different messaging platforms, because there's a, there was a lesser degree of likelihood that the person they're targeting with the spear-phishing campaign uses that platform.
Brad Shewmake (22:52):
So, for example, um, before the pandemic hit, I never used Microsoft teams, or I never, I very, rarely used the video part of Zoom. And So, those were things where if I was getting a spearphishing attack, that would really stand out as something weird to me because I, I don't use that platform frequently. But now we're all kind of, it's all hands on deck. We're all using everything available to us to stay in touch, stay in communication with each other. And So, that's opening up a broader perspective or a broader, playing field if you will, of possibilities for these hackers to reach us through all these different communications methods.
Flint Brenton (23:36):
Yeah. Very interesting. Yeah. This is, I'm telling you, this is a challenge. This is going to increase in complexity and frequency, and we all have to closer together as a community to eliminate it.
Brad Shewmake (23:48):
Right. And then the other thing that you talked about was this idea about using deep, fake technology on video Zoom calls and, video conferencing like Zoom this is something I heard about earlier in the year. And I mean, that to me would just be fascinating. If I were to receive an invitation to a Zoom call, I go in and Hey, look, there's my CEO, there's Flint. And he may sound a little different, but the person I'm seeing on the screen is Flint. Why would I not believe that that's my CEO asking me to do something or asking me to, send money somewhere or whatever it is? It's interesting that seeing is believing is a very strong concept for us. And so, we are more likely to believe our eyes and we are gonna believe our ears. So, it will be really interesting in watching this space to see if in 2021 deep fake video technologies used for phishing. I think that's really interesting. I agree. Okay. Let's move on to prediction Number five, our final prediction for today. And this one is about ransomware, which is also, another topic near and dear to our hearts. And this prediction is that ransomware incidents will triple in 2021. And the second kind of prediction is that data exfiltration will overtake encryption as the attacker’s end game. So, let's go ahead and tackle both of these, and I'm interested to get your thoughts on both.
Flint Brenton (25:23):
Well, you know, ransomware is something quite frankly, that's always scared me to death. And I think data exfiltration is definitely the emerging end game in this segment of security. Since the beginning of 2020, we've known that research has shown that U.S. ransomware attacks are escalating and an alarming rate. So, in Q3 of 2020 alone, which ended here, a month, or I'd say a couple of months ago; the daily number of attacks has essentially doubled in frequency. So, while ransomware variants also, continue to evolve into more sophisticated threats that we face, perhaps it will travel data point as the USA has become the most targeted country, where attacks have almost doubled in the same timeframe, which really shouldn't be surprising. But I think part of the reason why our exposure is increasing is that our life has been So, disrupted by COVID-19, more So, than just about any other country in the world.
Flint Brenton (26:46):
So, these statistics really illustrate there's a persistent onslaught of bad actors who could indicate, that could really disrupt 2021. And I think this is going to be our most challenging year yet in dealing with ransomware in the enterprise. What's really important to understand is that these attacks just don't attempt to execute a lockout or encryption of data anymore, but they're increasingly aimed at extraction or stealing of data from organizations, which has high potential to really not only disrupt but destroy corporations. Now, some cybercriminals, sell the data on the dark web, others really threatened to leak the data to a broader audience So, they can get a higher payout on the ransom. So, we're predicting that Centrify, that will become a hacker's ransomware end game. The risk of detection rises along with the potential payday. So, these public exposures dramatically increase the return on investment for hackers time to perpetuate this kind of crime.
Flint Brenton (28:08):
So, we're granting least privilege, and we think this is essential in preventing unauthorized access to the business-critical systems and applications and sensitive data by both external actors, and unfortunately malicious insiders. So, we're really striving towards zero-standing privileges and only granting just enough just-in-time access to targeted systems and infrastructure. So, we can limit lateral movement that could lead to data exfiltration and additional damage that comes as a result. This is probably my most, sensitive area for heightened alert as we move into 2021. And suppose that any of the other four, Brad, what are your thoughts on this?
Brad Shewmake (29:05):
Yeah, absolutely. Uh, I mean, even just recently, we saw it within a two-week period, the city of Baltimore was hit really hard. They got a one, two punch. So, first, they got hit with a ransomware attack on their school system, and then they got hit with a ransomware attack on the Baltimore medical center. And, what's interesting about those two examples is the same geography. There's been an audit done recently that, I guess clearly kind of made them a high value or a high potential target. And, but yes, they went after, a highly profitable area in healthcare with the medical center, but then they also, went up to the school district, which, you wouldn't think of that as being a high profitability target, but again, one of the things that are a valuable tool for these attackers is disruption, it's uncertainty.
Brad Shewmake (29:56):
And So, being able to create more chaos, even if it's just through the school system, that's something that they can leverage their advantage. And I really think this whole concept of the evolution of ransomware to go just beyond, holding the data ransom or holding the network ransom, or hostage, that is, that's an uncertain kind of venture, right? They are hoping that the organization or the school district or whoever is going to pay that ransom. They don't have the tools in place to get around the network being held hostage, it's uncertain. But if you think about it, from them, from the mindset of the hacker, well, I've already got all this data, I've got access to it, why don't I exfiltrate that and go sell it in the dark web. I mean, for, a space like healthcare, as we already know, from, this webinar, it's a very profitable, high-value target. And So, they're basically, double-dipping, they're continuing with the uncertain one and then they're moving down the path of the more certain payout, which I think is really interesting. And to your point, Flint pretty terrifying.
Flint Brenton (31:08):
Yeah. Well, again, this is one that really concerns me the most, but I really believe that the community around the world, particularly as we lead here in the U.S. as we frequently do, we'll find a way to deal with this, but like every other hacker attack, this bar keeps going higher and higher. So, this is one where we constantly need to be cognizant of the risk, constantly looking to innovate, deal with the risk, and implement solutions quickly that mitigate the risk.
Brad Shewmake (31:50):
Yes, absolutely. So, some potentially scary times ahead, but as we know that, if we stay vigilant, stay resilient, strategically plan ahead, and follow some of the best practices to make sure that we're securing our organizations, including, having strict, least privilege access controls in place. I think that we can be set up for success, even despite all the uncertainty and the bad actors out there. So, well, that concludes our webinar for today. I'd like to thank everyone for joining Flint and I for this webinar. This is our last webinar for 2020, and we'll, bring you some new, fresh webinars in 2021, and we look forward to speaking to you in the new year and how we can help address your privilege access management needs in 2021.
Flint Brenton (32:49):
Thank you very much. Thanks to everyone who participated. Bye now.