Cyberinc shared its insights into the key trends that will shape the cybersecurity industry in the coming year. With evolving tactics that increase the risk and impact of ransomware and phishing, combined with the new normal of remote workforces, Cyberinc CEO Samir Shah believes that remote browser isolation (RBI) will prove its value as a critical must-have enterprise technology in 2021.
“As mass-scale ransomware and other malware attacks continue to make headlines, companies and IT leaders are concerned about being the next victim,” said Shah.
“Security teams continue to face the hard truth that no matter how much training or what protective measures are in place, a percentage of employees will always inadvertently click on harmful links. This reality creates significant challenges for companies in knowing how best to protect employees, devices, and corporate assets.
“Isolation-based security technologies are gaining prominence as more companies realize the value they deliver in bolstering cyber defenses with minimal investment,” he continued.
“Additionally, with industry analysts increasingly recommending remote browser isolation as part of any corporate cybersecurity program, we expect to see more widespread adoption of these solutions in the coming months and beyond.”
Attackers will double down on double extortion
“Hack-and-leak” ransomware attacks, also referred to as double extortion attacks, will become the go-to method of ransomware in 2021. Double extortion refers to attackers now having two aims: stealing a company’s data and locking organizations out of their own systems or network.
While ransomware protection guidelines include data backups and a well thought out recovery process, that approach is no longer enough when data can fall into the hands of malicious actors. In the coming year, Cyberinc expects to see companies focusing on use of technologies for ransomware prevention in 2021.
Organizations will exit the ransomware arms race by preventing the initial stages of ransomware attacks (e.g., web and email phishing) using emerging technologies like remote browser isolation, which can stop a ransomware attack before it causes damage.
Companies will focus on securing the browser as a critical endpoint
Patching and updating software to reduce the attack surface will take precedence over connecting remote workers in 2021. While 2020 was about enabling and securing remote workers, in 2021 the focus will be on keeping employees and organizations safe in the work-anywhere environment.
As attackers continue to take advantage of new vulnerabilities and opportunities for social engineering, routine tasks such as remediation, patching, and incident response will continue to be more challenging for security teams.
Additionally, with a greater reliance on cloud applications as employees work from any location, the browser will become a more critical endpoint through which ransomware and other malware attacks are carried out. This means that security teams will need to make securing the browser a top priority in the coming year.
This also presents a new set of challenges. For example, companies may standardize all corporate devices on a particular browser for supported cloud apps, yet security teams find themselves needing to support additional browsers for compatibility with legacy apps and websites outside of their control.
Additionally, end users often install and use multiple browsers on their managed and unmanaged devices (referred to as shadow IT), presenting additional complexity and a wider attack surface.
Innovative organizations will move from trying to keep every browser on every device updated and secure to a single remote browser, which will isolate online activities to block or prevent attacks and transform all internet content into harmless visual streams delivered to the endpoint. This process also means that routine maintenance and emergency patching are provided by the remote browser isolation vendor in the process.
End users will continue to be the weakest link
Striking the right balance between security and usability is tricky. Users must click on links to do their work yet clicking on links puts organizations at risk. Even after one year of security awareness training, 3-5% of users will still inadvertently click on a phishing link, according to the KnowBe4 Phishing by Industry 2020 benchmark report.
The rise of technologies like RBI in 2021 will enable organizations to prevent bad things from happening when users click on dangerous links, without compromising user productivity for security.
The increasing cost of mitigating ransomware and phishing attacks will sharpen the focus on isolation-based technologies to protect the weakest link, because prevention beats remediation every time.