A10 Networks provides insights into the most pressing cybersecurity problems in 2021 - This is what CIOs need to be aware of. While the analog world was kept in check by a pandemic in 2020, cybercriminal activities and attacks created additional burdens in the digital space.
Regardless of whether it is the increase in simple phishing attacks or one of the largest recorded DDoS attacks to date: 2020 was also the year in which the threat from cyber criminals grew rapidly - and this will continue in 2021. A10 Networks explains the most pressing cybersecurity challenges and what CIOs should pay particular attention to.
State institutions in the crosshairs
The developments mentioned are expected to intensify in 2021. State actors in particular were already the focus of cyber criminals last year. One reason for the rise in attacks on governments and related institutions could have been the US presidential campaign. The attack on FireEye should also be decisive for the development of the new year. Experts suspect that this attack was caused by state-commissioned cyber criminals who stole several tools in the course of the attack that could later be used to attack critical infrastructures.
“These types of attacks on government agencies will intensify in the coming year,” says Heiko Frank, Principal System Engineer at A10 Networks. “In the future, targeted espionage acts or attempted theft will also go down in the annals. In the future, this form of international cyber espionage will probably mean that providers of cybersecurity products will have to be more creative, flexible and dynamic in order not to fall behind in the development of new defense strategies. "
Downside of 5G and MEC
The implementation of Multi-Access Edge Computing (MEC) is one of the most important innovations driven by the introduction of the new 5G mobile radio standard. With the help of this technology, both access to 5G and its efficiency can be further increased. However, this progress is also associated with the risk that the intelligent edge could be hijacked by cyber criminals in order to use it for their own machinations.
This security risk is a problematic aspect of the new technology not only for mobile networks. Customers who are explicitly outside the specified area of the corresponding telecommunications provider can also be affected by the consequences. The innovation around MEC, which is actually positively connoted, can be used to spread malware in various networks. For example, one potential consequence is that drones could be drawn into the suction of IoT botnets as a result.
DDoS attacks: small but dangerous
The DDoS attack on the AWS cloud service in February 2020, with up to 2,3 terabits per second, is already one of the largest recorded DDoS attacks of all time. While this attack did not go unnoticed due to its sheer bandwidth alone, cybersecurity companies were also able to note many smaller attacks in the past year.
Since it is to be expected that this trend will also intensify in 2021 and the following years, the IT security industry should prepare for it now. This is the only way to ensure that critical components of the security infrastructure do not fail. In addition, such attacks carry the risk of being used as a cover for major malware attacks.
Increasing danger from growing botnets
Heiko Frank, Principal System Engineer at A10 Networks
A10 Networks' cybersecurity researchers observed over the past year that the number of available DDoS attack tools has more than doubled over the past year. This includes, for example, computers or IoT devices that have been compromised by malware or other means by hackers and can thus be misused for use in targeted attacks in botnets. While security researchers found around six million compromised devices at the end of 2019, the number was already 2020 million devices at the end of 12,5.
Since the trend towards the smart home continues and new Internet-connected IoT devices go online every day, this growth will continue in 2021. Researchers assume about five million additional devices that could be used for DDoS attacks due to security deficiencies. It is therefore only a matter of time before the next record-breaking DDoS attack will occur.
Zero Trust will be the means of choice in 2021
Due to the special situation in the past year, zero trust models have moved more into the focus of many cybersecurity officers. In order to implement the necessary guidelines, which are a prerequisite for the success of the zero trust model, many providers of software, network and hardware solutions had to deal in detail with them and the underlying objectives. Not least because of the COVID-19 pandemic, the switch to SaaS models in the workplace has been significantly accelerated. The new normality of the home office as a workplace made it necessary for zero trust models to become a new standard in many companies. For those responsible, it quickly became clear that Zero Trust is a fundamental strategic IT orientation that is based on a large number of guidelines and practice-related working methods.
"In order to successfully implement the zero trust model, IT managers should understand the inherent logic of the model and also keep track of the multitude of different solutions that are crucial for the strategy to be successful," says Heiko Frank. “In 2021, the model will be implemented by many companies due to the comprehensibility that has now been achieved and the holistic approach. Not least because of mature and complex attacks, which will continue to increase, a zero trust implementation is urgently needed. "
Strategies for the 2021 threat
While companies had to prepare for unforeseeable situations in 2020, the pandemic year allows - at least for the situation within cybersecurity - far-reaching insights into the problems to be expected that could arise in 2021. Consequences can be derived from the experience of the past year, which should definitely be considered for the future. The resulting strategies should be tailored to the respective business area and industry. Ultimately, experienced and strong partners can support those responsible in implementing essential cybersecurity measures.
More on this at A10networks.com
Via A10 Networks A10 Networks (NYSE: ATEN) provides secure application services for on-premises, multi-cloud and edge-cloud environments at hyperscale speeds. The company enables service providers and companies to deliver business-critical applications that are secure, available and efficient for the transformation to multi-cloud and 5G. A10 Networks enables better business results that support investment protection, new business models and future-proof infrastructures, and enable customers to deliver a secure and accessible digital experience. A10 Networks was founded in 2004, is based in San Jose, California, and serves customers worldwide. More information is available at www.a10networks.com and @ A10Networks.