Only a few weeks into 2021, a string of events ensured that cybersecurity would become one of the year’s hottest tech topics, with implications for everyone from individual IT workers and developers to security pros.

In January, the federal government was still reeling from the cyberespionage campaign that targeted SolarWinds and the company’s Orion network monitoring platform. This supply chain attack targeted 100 private firms and nine federal agencies, and appears to have been the work of Russia’s Foreign Intelligence Service (or SVR).

Not long after that, Microsoft and other security researchers discovered that a series of zero-day vulnerabilities within the on-premises versions of the software giant’s Exchange email server were being exploited by a Chinese-linked hacking group. Later, other attackers appeared to exploit these bugs in unpatched systems, as well.

If this wasn’t enough, a series of ransomware attacks starting in May involving companies such as Colonial Pipeline Co., JBS and others raised additional concerns not only about the fragile security state of networks that these organizations use, but also how the U.S. government protects the nation's critical infrastructure, including the U.S. power grid, oil and gas infrastructure and even the country’s food supply.

By June 16, cybersecurity concerns became part of the agenda between President Joe Biden and Russian President Vladimir Putin during a meeting between the two leaders in Geneva. The U.S. has accused Russia of turning a blind eye to cybercriminals and ransomware gangs who appear to operate within its borders.

“This year has been focused on ransomware and IoT and critical infrastructure attacks that have been destructive in both operational capabilities as well as to the financial state of many businesses. In addition to this as a top trend in the first half of the year, we also saw a continued increase in the number of data breaches resulting from unknown and incorrectly configured datastores being targeted,” Tyler Shields, CMO at security firm JupiterOne, told Dice. “Fundamentally, enterprises and critical infrastructure providers need to do a better job of knowing what assets exist in their network and how they are configured at any given point in time.”

With 2021 now at the halfway point, security experts are already looking ahead to what the next several months might hold, with issues ranging from large groups of employees coming back to post-pandemic offices, to what federal orders might herald for the future of cybersecurity.

Here’s a look at four cybersecurity trends to watch in the second half of the year.

Workers Return and the Age of Hybrid Work

One of the great unknowns for the second half of 2021 is the possibility of large portions of the workforce, both in the U.S. and other parts of the world, returning to offices in either a full-time or part-time capacity starting after Labor Day. For many organizations, hybrid work is uncharted territory.

Some tech firms such as Microsoft and Amazon have already signaled that they want employees back—if not now, then later this year. Other companies, including banks such as JPMorgan and SaaS giant Salesforce, are taking a much more flexible approach.

As organizations look to establish a new normal, cybersecurity should be a major factor in how they approach hybrid work. For over a year, work-from-home has expanded the attack surface, and lax security practices and lack of training and resources to protect home networks means that these issues might follow employees back to corporate offices.

“As employees return to the office, you can certainly expect an immediate uptick in support calls as infected devices attempt to connect directly to the corporate network,” John Morgan, CEO at Confluera, told Dice. “What I think you should watch out for, though, is not the immediate uptick but rather the attack that simmers slowly and travels under the radar. It’s those attacks that will slip through your fingers.”

In many cases, hackers might be willing to wait weeks or even months to begin an attack, which means corporate security might appear steady at first—but this could mean a lull as threat actors map the network and plan for the next step.

“Once an attacker gains access into a corporate device or network, they are in no hurry to navigate from servers to servers looking for their prize,” Morgan said. “Such actions could alert the attention of IT and security analysts. Instead, they will take small benign-looking steps, lying dormant for weeks or months in between. IT and security analysts often do not have the tools to correlate various weak signals to make sense of an attack in progress. Nor can they correlate events that occur weeks or even months apart. This gap in security coverage is what organizations should be concerned about.”

Shadow IT Returns

After employees return to offices in some capacity, they are bound to bring the devices they have come to rely on, or the apps they have used to conduct their work, which opens the door to a wave of shadow IT problems and security issues that come with that.

Dirk Schrader, global vice president for security research at New Net Technologies, noted that security and IT teams should ensure that any devices used at home over the last 18 months are updated and secured before connecting to local area networks at corporate offices to avoid attackers gaining a foothold through vulnerabilities.

“Companies should require their staff to use built-in update mechanisms, such as Windows Update, to get the systems to the latest stage the day before they come to the office, in addition, to run a security check, again using built-in features,” Schrader said. “In addition, and even more so if the checks are not possible, an organization should put incoming devices into a quarantine section of its network and do a system integrity and security check, checking for deviation from known secure states and configuration and to restore them where needed. The goal is to re-establish a secure state, and doing so needs proper planning and time allotted to the process itself.”

Bert Kashyap, CEO and co-founder of security firm SecureW2, says IT and security teams will likely find themselves tied up trying to keep track of what apps and devices are now being hooked back into corporate networks.

“As employees transition back to the office, organizations find themselves needing to get a better handle on apps, services and networks that could be accessed through personal devices,” Kashyap told Dice. “Implementing device trust through digital certificates is at the core of zero trust projects for the second half of the year as organizations need assurances that device security standards are being met."

Zero Trust in Cybersecurity

While zero trust had been a growing trend in some enterprises before the pandemic, the last 18 months have accelerated its adoption as IT and security teams look to move away from legacy technologies such as VPNs, which have left some networks open to hacking.

Besides the growing trend among businesses, the Biden executive order on cybersecurity, which the president signed in May, put zero trust, along with encryption and multifactor authentication, at the top of the security priority list for the federal government. 

With federal agencies now needing to adopt this concept, combined with some of the rethinking caused by the pandemic, experts see zero trust adoption skyrocketing in the second half of 2021.

“Organizations need to strongly consider a zero trust approach to security, which can ensure damage is limited even in the case that privileged accounts are compromised. Rationalizing the applications, identities, access and roles into a manageable and understandable structure is the foundation of a zero trust architecture,” said Kevin Dunne, president at security firm Pathlock. “From there, organizations can implement more investigative and preventative policies to ensure that the access that has been granted is being used as it was intended to be.”

Attackers Diversify

While ransomware might have topped the agenda of the U.S. and Russia summit, cybersecurity experts don’t expect attacks using crypto-locking malware to stop anytime soon.

One reason—the money is too good for cybercriminals to stop. In the first quarter of 2021, incident response firm Coverware reported that the average ransom payment topped $220,00, a 43 percent increase from the previous quarter. 

Sherrod DeGrippo, senior director of threat research and detection at security Proofpoint, however, points out that attackers will likely continue to vary the methods as the year progresses and workers slowly return to offices. The company’s recent CISO report found executives are concerned about a wide range of threats from business email compromise, to cloud account takeover attacks to inside threats.

“The vast range of the attack surface will make it even more difficult to stop any one threat campaign,” DiGrippo told Dice. “Through the last year, we have seen threat actors become very adept at using whatever’s in the news cycle as a lure in email-based phishing campaigns, from vaccine availability to the 2020 Presidential Election. The mass migration to remote work in 2020 was a significant campaign lure so we suspect the shift back to the office, and any other topic in the public zeitgeist, to be used as a phishing lure to solicit a click and the opening for a breach.”