In 2020, we saw the healthcare industry change immensely under the pressure of COVID-19. Not only did hospitals have to adapt overnight to increased patient loads, but researchers also raced for a cure and manufacturers readied production lines.
But when we look beyond the pandemic that dominated much of 2020, there is more change taking place across all industries around the world that we need to watch carefully. These changes will alter the risk surface for every organization, forcing them to adopt new technologies and security strategies to keep pace.
What follows is a story of what might be in 2021. While the focus is on healthcare, it is a story that is echoed across all markets and speaks to how each industry is tied together in a way that leaves no one immune from attack.
When Dr. Smith entered Acme Hospital 10 years ago for the first time, it was not the same hospital that it is today. Where once it was analog, now there is an average of 15 to 20 connected devices in every room, ranging from sensors to track patient vitals, to medical infusion pumps, to building automation systems.
The hospital added hundreds of new devices this year to help increase its volume of patient care amidst a huge influx of patients from COVID-19, relying on technology more than process and people. On top of that, newly opened field hospitals and testing sites added to the overall number of devices and users interacting with the hospital network.
What Dr. Smith doesn’t see is what lies under the surface. Like an ailment in one of his patients, many of these devices have vulnerabilities in the underlying TCP/IP stacks. These are the basic connectivity software component used in every connected device. While a vulnerability in a single device will only affect that device, vulnerabilities in the TCP/IP stack can affect thousands or even millions of devices across many vendors and manufacturers.
This year, his organization will be attacked through one of these devices, preventing him from delivering patient care at a critical time or giving access to sensitive patient information, like medical history or personal identifying information. Where 2020 saw the revelation of the weakness of these underlying TCP/IP stack components with disclosures like Ripple20, 2021 is the year these vulnerabilities will be exploited.
The risk of an attack will continue to rise as more devices are added to the network and hospitals rush to leverage technology to monitor, automate and increase the capacity of handling increased patient load with tools like mobile connected nurses. What’s more, supply chain vulnerabilities will force organizations to rethink their cybersecurity strategies entirely and adopt segmentation and Zero Trust principles, as maintaining good cybersecurity hygiene with patching IoT and OT devices becomes difficult or impossible.
Healthcare organizations are not in this alone. Devices entering the hospital in 2020, like ventilators, are produced and shipped by organizations that face the same risks. These organizations – manufacturing, shipping, etc. – are also equally as critical as healthcare organizations, providing and distributing food, supplies, personal care products and medications. A cyber-attack in 2021 would cripple that supply chain, especially as many organizations turn to automation to limit or remove the human element from the process.
Where this impact could be felt most acutely is on the promised COVID-19 vaccine, which requires a complex supply chain of pharmaceutical technologies, manufacturing and distribution. Production centers and factories are already being spun up around the world to handle the increased demand to produce and distribute this vaccine and the critical infrastructure and Industrial Internet of Things (IIoT) technology at each stage will have to be carefully protected from cyberattacks.
Meanwhile, the device landscape will become more complicated with the increased adoption of 5G in 2021. Hospital, like many other organizations, will begin to have 5G connected devices enter their environment. This 5G adoption is one of the many steps that will propel us into the next generation of networking, with technologies replacing LAN, WAN and becoming the new version of Wi-Fi.
While 5G devices bring significant benefits, their adoption also opens the doors to an extended attack surface that needs to be addressed by an organization’s security team. A direct 5G-related attack may not occur during this initial phase of technology adoption; however, it will inevitability become significantly more likely in 2021.
Outside of the campus network, other enterprise threats will be brewing outside of the office in 2021.
Dr. Smith often takes his work home with him, as do many of the other employees of the hospital. This became commonplace after the pandemic in 2020 made it possible to work from home outside of direct patient care.
Attached to his home network are security cameras outside his front door, a connected coffee pot that starts up for his early morning shift, and dozens of other devices. These consumer IoT devices are vulnerable to the same supply chain challenges that face the medical devices in the hospital, with less of the overall network connections. In 2021, one of these home devices will be used by attackers to access the corporate network, causing meaningful damage to an organization. As a result, a Zero Trust approach to cybersecurity will be more important than ever in the year to come, as it becomes commonplace to work from anywhere – home, a coffee shop, or even a hotel at a tropical destination.
Remote work has brought a completely new area of focus for the security team and shifted from a temporary to long-term approach. The vulnerabilities found on enterprise IoT can be easily discovered on consumer IoT, including the same supply chain vulnerabilities affecting the medical devices in the hospital. On top of that, Dr. Smith’s home network doesn’t have the same level of protection as the hospital.
2020 made clear that it is near difficult (or impossible) to predict what the future will look like with accuracy. With that said, some things are certain to be true: cybersecurity threats are on the rise, with attackers looking for new entry points for attack and high-target areas to cause maximum impact. That is at least one certainty we can guarantee for 2021, and cybersecurity teams and leaders must be prepared with the appropriate strategies and technologies to address it.
Forescout’s 2021 Predictions:
1. Supply Chain Automation Drives New Cybersecurity Concerns – In 2020, we saw the pandemic take a toll on our supply chain systems, leaving people without toilet paper, cleaning products, lumber, or other essential items. As a result, we expect that 2021 will drive a new wave of investment in automation technology. As a side effect of an increasingly automated supply chain, organizations will have to think about how they also apply automation to cybersecurity to ensure these new systems are protected. While it may not yet be a decision-maker in what automation technology is chosen, cybersecurity will have to be a key piece of the overall automation strategy for organizations in every industry.
The need to adapt security strategies for supply chain systems will come to a critical juncture in 2021 as the world moves to manufacture and distribute vaccines for COVID-19. This process will require many components and critical infrastructure systems safely and securely operating across factories, manufacturing, pharmaceuticals, distribution and healthcare.
2. Attacks Leverage Expanding Landscape of Connected Device Vulnerabilities – In 2020, disclosures of supply chain vulnerabilities in the underlying TCP/IP stacks, which is the widely used commodity software and hardware underlying many IoT, IT, and OT devices. These vulnerabilities are far-reaching, with a single flaw exposing many devices across many manufacturers and showed the underlying foundation of millions of connected devices around the world is inherently insecure.
In 2021, we will see at least one attack leveraging this new category of vulnerabilities, highlighting the fact that there needs to be increased visibility into what components make up each connected device inside an organization, as well as risk mitigation strategies to account for a growing number of vulnerable devices.
3. 5G Drives Towards Next-Generation of Networking – As the technology matures, 5G connected devices will see increased adoption across organizations in every industry. While 5G is marketed towards consumers that may get excited at having their cellphone work at new high speeds, many features of 5G promise significant technological advancements for corporate networks. Organizations everywhere will begin to have 5G connected devices in 2021. This is one of the many steps that will propel us into the next-generation of networking, with next-generation technologies replacing LAN, WAN and becoming the new version of Wi-Fi.
4. New Remote Work World Makes Zero Trust More Important Than Ever – As remote work extends from being a temporary solution to the pandemic to one that companies embrace long-term, the implications of our new Work from Anywhere world will become clear. Home networks contain dozens of connected devices, from Wi-Fi coffee pots to personal laptops and tablets, to video baby monitors. As the perimeter of the office stretches to also include the home, we will see attackers begin to leverage weak consumer devices for enterprise attacks.
Organizations will need to determine how they will adapt to this new world, now that it has become clear that working remotely is not only possible for many, but in some cases preferred. This means that Zero Trust capabilities will be more important than ever as corporate laptops connect to home, coffee shop and hotel networks around the world, mingling corporate devices with more risky ones that are no longer controlled by enterprise cybersecurity teams.
To learn more about the work of research team, please visit our Forescout Research Labs page.