2021 Security Predictions – DevSecOps

2021 Security Predictions – DevSecOps

NADOG - DevOps - 2021 Security Predictions

On January 28th, 2021, Jon Clay, Director of Global Threat Communications at Trend Micro (https://www.trendmicro.com) shared his Software Development and DevOps related security predictions for 2021. The full video recording and slide details are below:

Talk Slides (full video below):

Threat actors will turn home offices into their new criminal hubs

  • Home Routers are prime initial target
  • Key employees will be targeted with data stealing malware
  • Worms utilized to infect home network
  • Access as a Service will increase
Devops Threat actors will turn home offices into their new criminal hubs

Extortion attacks including ransomware will continue to plague organizations of all sizes

  • Tactics will evolve as organizations build improved protections
  • Attacks as a Service allows gangs to work together
  • Ransoms will keep rising
devops Extortion attacks including ransomware will continue to plague organizations of all sizes

Attackers will quickly weaponize newly disclosed vulnerabilities, leaving users with a narrow window for patching

  • N-day vulnerabilities will be a goldmine
  • More marketplaces will crop up for trading and selling exploits
  • Customizedexploitsofferingswill grow

Exposed APIs will be the next favored attack vector for enterprise breaches

  • APIs will become a preferred target
  • Security is still not understood
  • APIs are easy to discover
  • Use of APIs in cloud environments is increasing substantially
devops Exposed APIs will be the next favored attack vector for enterprise breaches

Enterprise software and cloud applications will be hounded by critical class bugs

  • Key business applications (O365, Teams, Sharepoint) vulnerabilities will be sought- after
  • Sensitive data being shared in collaborative software is major concern (Cloud of Logs)
  • 0 data breaches due to cloud provider’s fault
devops Enterprise software and cloud applications will be hounded by critical class bugs

Nation-State Tactics will be widely adopted by cybercriminals

  • Extensive intelligence gathering before attack
  • Collaboration between groups
  • Anti-forensics will be used extensively
  • Attacks will cross many areas of your network
  • Island hopping increases
devops Nation-State Tactics will be widely adopted by cybercriminals

Attackers Prey Upon


✓ Human error

✓ IT security complacency

✓ Technical deficiencies

“It is when multiple TTPs are utilized in concert that cybercriminals are able to gain and maintain access to a computer network”.

devops Attackers Prey Upon

Commonalities Seen In Attacks

  • Weak Credentials
  • Outdated and Unpatched OS & Applications
  • Insecure application development
  • Too Much Access Privileges (Open Shares)
  • Unsecured Devices

Full Webcast Recording:

About Jon Clay:

Jon Clay, Directory of Global Threat Communications at Trend Micro, has worked in the
cybersecurity space for over 24 years. He is responsible for managing marketing messages and
external publication of all the threat research and security intelligence within Trend Micro as
well as different core technologies. As an accomplished public speaker with hundreds of
speaking sessions around the globe, Jon focuses on the threat landscape and the use of advanced
technologies in protecting against today’s sophisticated threats. Jon is also a volunteer speaker
for the Trend Micro Internet Safety for Kids and Families program.

Jon Clay NADOG

Resources:

Join NADOG Today!

Free to join and participate for all IT practitioners and IT leaders
Contact