The dynamic of the cybersecurity industry has brought up quite a few trending topics in the last year. But when you boil them down, they can be reduced to variations of either data or people. Since it’s sometimes hard to keep an overview on those different topics, we asked an expert to guide us through the most trending issues, how they are connected and what the outlook on these will be. We spoke with Morten Kjaersgaard, CEO of Heimdal Security, to give us a rundown of the most important topics shaping the cybersecurity industry today.
Cyber Protection Magazine: Identity and Access Management basically defines who is allowed to do what. However, in the Cybersecurity Industry, there is a growing trend towards “Zero Trust”, where the focus is more on data rather than people – are the days of Identity and Access Management over?
Morten Kjaersgaard: Identity and Access management is still very much on the rise and the market is still growing fast. The “Zero-Trust” trend is as much about people as it is about data and Identity and Access Management, so they are connected. The best example we have for that is our internal drive to restrict access to data, but at the same time restrict the access of the people and what they can run. Although the definitions may vary, they have the same objective – making sure that access to data is made in a secure manner, in order to protect it and avoid all the unpleasant consequences that a data breach may bring.
As this year’s cybersecurity market trends show, the days of Identity and Access Management are surely not over, especially not in the context of the WorkFromHome model, which basically forced companies to adapt to a new reality. More and more devices are now connected to sensitive company data from improvised home offices, and IAM plays a big role here, but we do see PAM (Privileged Access Management) playing a bigger role in the future from a security standpoint.
Hence, we’ve actually just launched a “Zero Trust” module that can be added into both our Next-Gen AV, Privileged Access Management and to the Application Control module, and we are rolling this out internally next to our IAM. We want to control which people can access what, but at the same time what they can run.
Cyber Protection Magazine: An important factor in IAM is authentication. Passwords have long been the authentication mechanism of choice, but for highly sensitive areas those are being replaced by smart cards or other means – will that change anything in IAM, and what are your personal thoughts on the future of passwords?
Morten Kjaersgaard: Authentication-related matters are a significant part of the IAM evolution. IAM solutions must take into account all the social changes and current trends (WorkFromHome, increase of BYOD, more and more data regulations around the globe) and ensure customers the best protection. Smart cards, three-factor authentication, and biometrics are some popular choices nowadays, and yet they all have their blind spots and risks.
My guess is that passwords will still be used, but combined with other authentication methods in order to improve security and also user experience. There is no doubt that the way forward is convenient security, so you have to have some degree of 2FA in there.
Cyber Protection Magazine: In cybersecurity, with attacks, as well as solutions, becoming more complex, people are usually the weakest link in the chain. IAM/IAG is at the beginning, so to speak, of the user journey. How can this weakest link be “made stronger”, especially in relation to IAM/IAG?
Morten Kjaersgaard: As much I would like to say otherwise, the risk of human error won’t be completely eliminated any time soon. However, IAM represents one of the strategies that can reduce it by introducing automation in the picture. Other strategies include, naturally, cybersecurity awareness campaigns and investing in detection solutions that can identify and restrain threats before they turn into dangerous incidents. We firmly believe in prevention, not mitigation, also simply because the cost is just much lower.
Moreover, as I’ve previously said, biometric identification like facial recognition, voice recordings or fingerprints are, of course, other big-league ways to strengthen the human link.
Cyber Protection Magazine: Looking at the current situation, in light of the crisis particularly, do you see any changes in cybersecurity attacks? Which attacks are prevalent?
Morten Kjaersgaard: The Coronavirus pandemic that forced so many businesses, big or small, to switch to remote work and undergo a digital transformation has been a terrific opportunity for cybercriminals. We have witnessed a formidable increase in ransomware attacks (as well as new methods of extracting ransom) and threats that target BYOD and IoT devices, but also pandemic-related phishing campaigns. When it comes to small and medium-sized businesses, social engineering, stolen/compromised devices, and credential theft are the most common threats nowadays.
Phishing and social engineering pose a tremendous threat for both home users and enterprises and their employees since they rely on human curiosity or desire, anxiety and excitement and, of course, a sense of urgency.
Besides, a powerful trend that has been unfolding in the last couple of years in all corners of the world is the expanding tendency to use brute force attacks as a means to further deploy ransomware on the affected devices.
Only in the last three months, we’ve registered at Heimdal a massive 58.000 brute force attempts per month (*possible false positives included*) on the corporate endpoints of our clients. I’ve also experienced multiple attacks to my home network myself, one of them being a brute force attack attempt. Absolutely amazing to see how hackers tried to penetrate, when they noticed my home Synology NAS server.
Cyber Protection Magazine: Looking into the past, we’ve seen cyberattacks evolving, with ransomware currently being the cybercriminals’ “favorite” – could you confirm this based on statistics and where will attacks evolve in the future?
Morten Kjaersgaard: If, five years ago, there was a ransomware attack every 40 seconds, in 2021 there is one every 11 seconds. The development is absolutely mindblowing and the approach is amazingly commercial. In the first months of this year, an incredible number of companies were affected by ransomware and lost millions of dollars, these incidents also having social consequences.
In the last three months, our own Ransomware Encryption Protection module has tracked a number of 9382 detections (*possible false positives included, again*) of ransomware strains across all customers, and we have even discovered a new, innovative ransomware strain, DeepBlueMagic, that now works using drive corruption, rather than encryption.
I’m certain that ransomware will continue to be the cybercriminals’ favorite – because, unfortunately, it still works. Under the right pressure, people will try to get their valuable data back even if, by paying the ransom, they’re encouraging cybercrime, whether they realize it or not. I believe that the ransomware protection solutions that have been recently developed represent a great step in this war.
Cyber Protection Magazine: Looking at the defending side of things – which trends do you see in the cybersecurity industry? We do see a trend towards solutions that cover a wide spectrum of previously separate areas – will we see a consolidation in the cybersecurity industry?
Morten Kjaersgaard: We see a powerful trend of consolidation and unification in the cybersecurity market. We know the UEM market is growing 32% and that is just a small part of an overall unification trend. The need for unification / unified endpoint management was also influenced by the increased use of the BYOD policy and the challenges it brings: lack of management and outsourced security, insecure use, cross-contamination of data, human error etc.
Other significant trends of today’s cybersecurity market are the need for ransomware encryption protection, of course, the increased focus on PAM and IAM, and the evolution towards EPDR and XDR.
Since, like we’ve previously discussed, social engineering, phishing, brute force attacks and ransomware have such a powerful impact and are in full swing, you need to make sure that you cover all the software-related layers of a proper defense in depth cybersecurity strategy (which includes firewalls, privileged access management, patch and asset management, intrusion detection, security incident and event management, but also security audit logging). Opting for a single cybersecurity solution that spreads over the whole spectrum is, unquestionably, much easier and reasonable.
Cyber Protection Magazine: What do you expect for the cybersecurity industry in the next 5 years, i.e. what are upcoming trends and important technologies?
Morten Kjaersgaard: I firmly believe that ransomware and data leakage will still be the biggest issues, so the upcoming trends and technologies will surely gravitate around them – we’ll try to prevent ransomware and data leakage, and we’ll do everything with the help of unified security management solutions. We need to drive the change, especially if we want to achieve our growth targets of 70% this year and 100% next year.