As part of our wrap-up for the first annual Cybersecurity Insight Jam, we present these expert 2021 cybersecurity predictions.
Expert 2021 Cybersecurity Predictions
Avishai Sharlin is Division President of Amdocs Technology.
The disruption brought about by COVID-19 has seen the acceleration of cloud adoption, with 91 percent of enterprise IT environments now relying on cloud solutions. We can expect the cloud’s popularity to continue to grow because of its proven track record with businesses, who have successfully used the technology to rapidly respond to issues with targeted solutions. As adoption continues to accelerate among enterprises, hybrid, multi-cloud environments, in particular, will be a critical focus area. However, this accelerated adoption doesn’t come without concerns. A recent survey by Amdocs found that 60 percent of IT managers in the US, UK, and India said security was one of their biggest cloud-based challenges. 50 percent of IT leaders are currently reskilling/training employees on cloud security practices, according to that same survey, and this will be a critical piece of the cloud security puzzle moving into 2021.
Though public clouds can provide a secure environment, the sheer number of available options can cause human error, leading to breaches. For example, one must ensure they don’t expose resources to the wider internet, or assume that putting something in the public cloud automatically makes it secure. In reality, it’s not, unless you put in guardrails that enable it to be. This becomes even more critical in hybrid cloud models, where organizations play in public and on-premises environments, making it more likely that an exploit may occur.
Duncan Mills is Product Marketing Lead at Mimecast.
The pandemic has created opportunities for cyber-criminal reconnaissance
The pandemic is forcing data privacy to be disregarded. Bars, pubs, restaurants, and even barbers shops have their check-in lists of individuals’ personal information on public display (names, addresses, email addresses, phone numbers). Some are using this data for marketing purposes, but more concerning is its potential use for cyber-criminals doing reconnaissance to target individuals with spear phishing, etc. Expect the number of targeted attacks to grow.
Cyber security teams need to adapt to new challenges presented by WFH
Consumer-grade IT equipment does not get the attention that business-grade equipment gets WRT security. As we all continue to work from home, educating employees about how to secure their home networks that can be used as a jumping-off point for attacks is essential.
With a remote workforce WFH, informal “water cooler” discussions are now taking place by email and instant messaging. It is imperative that these communications are monitored and secured to ensure that (a) a duty of care is exercised and (b) individuals are not contravening regulations and legislation.
Bob Rudis is Chief Data Scientist at Rapid7.
Attackers will be operating in a 2020 environment
It’s pretty clear that a tumultuous political climate, combined with economic and physical uncertainty and change caused by the SARS-CoV-2 global pandemic will continue to be the “new normal” for the vast majority of 2021. Given that, 2021 is going to look a great deal like 2020 when it comes to the milieu attackers will be operating within.
Criminals will exploit businesses trying to survive the chaos
Bitcoin is climbing — albeit, erratically — back to its high point back at the cusp of 2018, and neither local municipalities, school districts, health care providers, nor many other industries have learned the lessons from 24-months of nigh-continuous ransomware assaults. As such, we can be fairly certain ransomware tactics and techniques will continue to be commoditized and industrialized, and criminals will continue to exploit organizations that are strapped for resources and distracted by attempting to survive in these chaotic times.
COVID-19 will continue to influence the types of attacks
2021 will also see a dramatic increase in “cure”-related phishing attacks as we all desperately hope for a true end to this current global malady. However, as 25 percent of us are still working sheltered in-place, we can expect to see even more vulnerabilities discovered in remote access technologies with more exploit campaigns taking advantage of them.
Attackers will compromise smart devices
I foresee a real possibility of “The Alexa Ecosystem” being compromised and put to nefarious use. An increasing number of consumers are bringing “smart” devices into their homes, which are also now their places of work complete with state-of-the-art, “always-on” surveillance technologies. Attackers (whether it be nation-states, unaffiliated terrorist/paramilitary groups, or just clever organized criminal gangs) will not be able to pass up such a target with so much potential malicious gain.
Cyber violence will become central to 2021 political operations
Finally, stray just slightly past the edge of probably (somewhat depending on the outcome of the 2020 POTUS election), I can see 2021 being the year when unhinged right- or left-wing groups (in America) add regular “cyber violence” to their menu of operations.
Deral Heiland is IoT Research Lead at Rapid7.
New exploits and attacks will impact critical infrastructure security
With the continued expansion of IoT sensor and actuator technologies that leverage cellular communication, it is highly probable we will start to see new classes of exploits and attacks against cellular-based edge devices, which will have a dramatic impact on critical infrastructure security in 2021.
Malware and ransomware will focus on manufactures IIoT infrastructure
With manufacturers growing their dependencies on IoT and IIoT technology within the manufacturing processes. I expect to also see a continued growth in IoT malware and IoT based botnets that target these technologies throughout 2021 with a high probability that we will also see a move to also launch ransomware attacks against these manufactures IIoT infrastructure.
Harley Geiger is Director of Public Policy at Rapid7.
Politically motivated cyber-attacks will stay mainstream
The United States is firmly in a new era of political discourse in which cyber espionage, sabotage, and disinformation have a growing impact. This will certainly not end with the 2020 election. Many attacks are seemingly designed to undermine confidence in American societal cohesion and democratic processes, rather than change the outcome of a single election cycle. As a result, the need for strong cybersecurity practices is increasing for lesser-known organizations that affect politics on a more local level, extending well beyond national campaigns, government agencies, or traditional targets of for-profit attacks. How media outlets and social networks report on and disseminate hacked material and cyber-attacks (such as not rushing to attribution and declining to act as a force multiplier for attackers) will also continue taking on growing importance. While these patterns started before 2021, we should expect them from day one in 2021 through the year. Please prepare accordingly.
Stephen McNulty is President for the Asia Pacific Region at Micro Focus.
Security risks from WFA (Work from Anywhere)
In the face of security risks from an increasingly remote workforce, organizations will increase investment into access security, analytics, and automation to protect sensitive information. Failing to cover end devices with rigorous security policies has proven to be costly and many organizations have paid the price for that this year. As the attack surface continues to expand in 2021, we can expect more organizations to keep a tighter rein on intra- and inter-organizational data flow, with defense measures encompassing context-based access controls, geofencing of employee remote work location, and encryption. Security analytics and automation will become mainstream to help organizations detect anomalies in user behavior and deploy quick remediation to block malicious activities.
Neil Correa is Cyber Strategist at Micro Focus.
Gaps in Security Exposed
Digital transformation timelines were significantly sped up due to the COVID-19 pandemic with security left behind, opening the door for hackers to access these vulnerable networks. Organizations have been focused on sustaining business operations and often security controls were either bypassed or not factored in during the rush of transforming to the new model. With the continued volatility and uncertainty, security controls are still not a priority and may not be addressed until a breach were to occur.
Kate Scarella is Cyber Strategist at Micro Focus.
Security in IoT Takes Center Stage
Reliance on IoT devices will expand exponentially, however, security has not been at the forefront of the IoT world. Moving forward, IoT original equipment manufacturers (OEMs) and IoT security vendors will continue to address this current gap. Unfortunately, legacy IoT devices will continue to be breached. However, as IoT security vendors work with IoT OEMs to deploy secure IoT devices from pre-production through to production, managed IoT security players will increase their presence in the marketplace and may even provide the ability to secure legacy devices until replacement.
Thanks to these experts for their expert 2021 cybersecurity predictions. For more on 2021 cybersecurity, check out our SIEM Buyer’s Guide.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021