Centrify Execs Weigh-In On Insider Threats, Governance and IP Theft in 2021

This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.


Flint Brenton, CEO, Centrify


“Intellectual property will be hackers’ next golden ticket. In 2020, we saw a rise in healthcare breaches, likely because patient records often fetch up to $1,000 each. Compared to credit card data, which goes for just $12-20, and email addresses, which average around $100 in bulk, it makes complete financial sense. But during the COVID-19 pandemic, we began seeing an alarming trend of cyber adversaries targeting intellectual property such as vaccine research, including Russia’s APT29 going after research centers in the U.K., U.S., and Canada. With countries and companies around the world competing to be the first to distribute a viable vaccine, we believe hackers and possibly even insiders will begin releasing the fruits of their malicious efforts on the Dark Web in 2021 -- for a premium fee of tens, if not hundreds of thousands of dollars.”


"With the exponential increase in non-human identities, DevOps pipelines and machine identities will become the attack surfaces of choice. As companies look to adopt new technologies, tools, and methodologies to enhance the DevOps process, security measures become increasingly complex. Human identities and now applications, virtual machines, microservices, and workloads (non-human identities) need to be protected as well as the APIs they interface with. Add in the challenge of development, operations, and security teams working remotely, and organizations are much more likely to experience a cyberattack.

With remote working expected to be a reality for some time and credential-based attacks on the rise, organizations need to adopt a centralized privileged access management (PAM) solution architected in the cloud, for the cloud to minimize attack surfaces. PAM solutions that evolve modern application-to-application password management (AAPM) approaches can help DevOps teams secure all identities, even in distributed environments. Methods such as federation, ephemeral tokens, and delegated machine credentials can reduce the overall attack surface and seamlessly incorporate PAM into the DevOps pipeline. Combined with adopting a least privilege approach, these best practices and modern solutions can improve an organization’s security posture without compromising the agility that DevOps relies on."


"Messaging and video conferencing platforms will become the catalysts for the next wave of phishing attacks. Spear phishing attacks have steadily been on the rise as a result of COVID-19, increasing by as much as 600%, according to Barracuda. As organizations continue to work remotely and rely on video conferencing and messaging platforms for daily correspondence among team members, cybercriminals will creatively leverage the range of ways we connect in a remote world. From video conferencing platforms to messaging apps, these channels keep us virtually connected to our colleagues but leave substantial room for cyberattacks. As we grow accustomed to communicating in real time, we will see a rise in cybercriminals utilizing employee accounts to conduct phishing attacks, potentially even including spear phishing by video (e.g. using “deep fake” technology) and spear phishing on third-party messaging platforms (often through hackers weaponizing webhooks).


Prevention for this new, opportunistic wave of phishing goes beyond training. Organizations should plan ahead by requiring multi-factor authentication (MFA) wherever possible as well as ensuring they leave zero standing administrative privileges. MFA is designed to create more certainty that the person using the username and password is who they claim to be based on something they know (such as a password or PIN), something they have (such as a smartphone or hardware key), or something they are (such as biometrics including Face ID or a fingerprint scan). Eliminating standing privileges reduces the ability for the attacker to cause damage and move laterally throughout the network."


"Ransomware incidents will triple -- and data exfiltration will overtake encryption as the attackers’ end game. Since the beginning of 2020, research has shown U.S. ransomware attacks are rapidly increasing. In Q3 2020 alone, the daily average number of attacks essentially doubled in frequency. While ransomware variants also continue to evolve into more sophisticated threats, perhaps the most troubling datapoint is that the U.S. has become the most targeted country, with attacks jumping as much as 98% in the same timeframe.


These statistics illustrate a persistent onslaught of threat actors that could indicate 2021 will be our most challenging year yet in combating ransomware in the enterprise. What's important to understand is that the attacks don't just attempt to execute a lockout or encryption of data anymore, but are increasingly aimed at extraction or stealing data from organizations. While some cybercriminals may sell the data on the Dark Web, others may threaten to leak the data for a higher payout on the ransom. We predict that this will become hackers’ ransomware end game -- though the risk of detection rises along with the potential payday. Granting ‘least privilege’ is essential in preventing unauthorized access to business-critical systems and sensitive data by both external actors and malicious insiders. Striving towards zero-standing privileges and only granting just-enough, just-in-time access to target systems and infrastructure can limit lateral movement that could lead to data exfiltration and additional damage."


Torsten George, cybersecurity evangelist, Centrify


“AI Will Help Solve Some Entitlement Challenges Related to Cloud Adoption. Cloud adoption continues to grow rapidly and has even been accelerated as a result of the COVID-19 pandemic. As resources are often created and spun down in a matter of hours or even minutes, it has become challenging for IT security team to manage those cloud entitlements, meaning who is allowed to access cloud workloads, when, and for how long. Traditional tools are often not applicable to these new environments. However, AI technology can help detect access-related risks across Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) environments by discovering both human and machine identities across cloud environments, and then assess their entitlements, roles, and policies. Establishing this granular visibility allows organizations not only to fulfill their compliance obligations but also to enforce least-privilege access at scale, even in highly distributed cloud environments. AI technology can also be leveraged to establish cloud configuration baselines and report changes or irregularities to raise alerts and/or self-heal the identified misconfiguration. Capital One’s data breach is a good example where AI could have detected configuration changes (in that case, misconfiguration of a firewall) and led to an automated response to mitigate the risk.”

“AI Will Re-Learn How to Squash Insider Threats. September was Insider Threat Awareness month, and a lot of attention was paid to the threat but not always to the remedies. Fortunately, more tools are relying on AI technology to address this challenge, such as data loss prevention (DLP) and user and entity behavior analytics (UEBA). However, these tools have to establish a behavioral baseline first, which has not been helped by the pandemic because those baselines basically need to be redone to make those tools effective again. While this represents the drawback of relying too much on AI, it also shows the dynamic resiliency of AI in that it can re-learn what it needs to be an effective security tool, which will be important as we continue to adapt to pandemic-related challenges in 2021.”

“AI Will Become More Embedded in Authentication Frameworks. When AI is utilized in authentication, it provides the ability to be far more dynamic, create less friction, and guarantee real-time decisions. In the context of privileged access management (PAM), we know that adaptive multi-factor authentication (MFA) is one example where a multitude of authentication factors combined with taking dynamic user behavior into account can dramatically reduce risk when making authentication decisions. In 2021, this could lead to AI being used more frequently to establish real-time risk scores and stop threats at the authentication stage before they can get in to do real damage.”

“AI Will Help Optimize Governance Modeling. In Identity Governance and Administration (IGA), the establishment of broad responsibilities, assignment to groups, etc. typically results in particular privileges being assigned to identities. AI can be used to see if those privileges are being used or not, and how they are being used. Then it can help make recommendations to help adjust those assignments based on usage, and in 2021 will likely lead to more accurate access modeling for who should get access to what assets and why.”

“AI Can Help Stop Viruses Before They Mutate. No, I’m not talking about COVID-19 but rather about computer viruses. For decades, anti-virus software solutions have all been signature-based, whereby they identify the unique signature of the virus and put it into their code, hoping the virus doesn’t change between software updates. AI can be used to address this issue. Complex algorithms can be developed that establish particular patterns, so they are no longer signature bound. The chances to capture these viruses while mutating is much higher than with traditional tools, which will become increasingly important in 2021 as threat actors up their efforts to wreak havoc during ongoing uncertain times.”

###