2020 was a significant year for individuals and businesses alike. It was a year in which all aspects of our lives were drastically affected, exposing our collective fragility and increasing feelings of fear and uncertainty.
The COVID-19 outbreak forced people’s lives to move online, both at work and in person, and digital transformation accelerated. Technology helped to maintain social and emotional well-being and helped many organizations stay afloat. However, this new reality has also led to an increase in the number of cyber-attacks. As cyber-attacks increase and new cybersecurity trends continue to emerge, organizations must take a proactive IT security stance to keep their operations safe. They must become more agile, flexible, and collaborative as they strive to protect their critical assets and infrastructure. They need to increase their digital security initiatives, change strategies, and educate employees about cybersecurity.
The year came with an optimistic outlook considering the current strides in developing vaccines for COVID-19. As businesses seek to transition to a new normal in 2021, we will examine some of the projections and expectations in the cybersecurity landscape and what will underpin organizations’ cybersecurity priorities in 2021.
1. There will be an increased demand for remote working security.
As organizations embrace remote and smart working, remote access to corporate environments brings quite significant constraints for enterprises to protect and ensure secure access to their networks.
There is an urgent need for organizations to reimagine their cybersecurity approaches and evolve counter measures of protecting teleworkers in the emerging future of work.
In 2021, there will be increased adoption of remote and smart working models and organizations must proactively embrace the zero-trust architecture to combat remote working threats.
2. Multi-Factor Authentication (MFA) will be critical.
Nowadays, there are daily occurrences of authentication attacks and cybercriminals have perfected measures of using stolen usernames and passwords on underground forums to compromise organizations, using password spraying and credential stuffing attacks.
Over time, cybercriminals have perpetuated the act of syphoning billions of credentials from breached interactions and systems across the dark web and underground forums.
These databases, paired with the ease of automating authentication attacks, suggest that no internet-exposed service is safe from cyber intrusion if it is not using multifactor authentication (MFA).
MFAs will be mandated as authentication requirements by regulators in many countries in 2021 and will be used to enforce and maintain security levels.
Organizations should therefore make adequate preparations for implementing different variants of MFAs to cope with the emerging trends and challenges.
3. The challenges around cloud security will increase.
Even though organizations were gradually migrating to cloud prior to 2020, the advent of the COVID–19 pandemic accelerated cloud adoption and empowered remote working and online collaboration.
This rapid migration and adoption of cloud opened up new security threats and vulnerabilities across different computing systems. Even though the traditional cloud technology was premised around functionality and convenience and not security. Cybercriminals are exploiting these gaps to perpetuate all kinds of havoc, including espionage and cross country cyber-attacks.
To protect its information assets, organizations will have to focus efforts on improving cloud security initiatives. Prevention and detection strategies will be crucial for all organizations, large or small, to protect themselves against these threats. Expanding the cloud’s use will require organizations to improve the visibility of their cloud presence, assets, and vendor relationships to manage risks.
4. The adoption of technology-driven security tools will be rapid.
Today’s most effective cybersecurity measures center around insight and response. The mechanism for providing spontaneous response and data-driven insights rests on technology. These technologies, including automated security tools and advanced machine learning technologies, support decision-making and provide alerts on risky thresholds in tackling threats and vulnerabilities.
In 2021, the use of technology-driven security tools will be at the center of cybersecurity implementation.
With growing data privacy awareness and the adoption of the GDPR globally come greater scrutiny from clients and consumers, who demand their sensitive information be kept safe. Legacy technologies built on static rules can simply not stand up to this pressure, and we are instead going to see even greater adoption of intelligent security technologies that use contextual machine learning to keep data safe.
Organizations will need to make conscious efforts to create security strategies and implement same with intelligent technology driven security tools and advanced machine learning technologies.
5. There will be an increase in ransomware attacks.
COVID–19 brought some social challenges, including latent economic exposures across the globe. Individuals who hitherto were dedicated to specific employment relinquished these jobs or earned less than required. Of course, this increased the number of cybercriminals who attack databases and block user access to demand ransoms before providing access to legitimate users. These ransomware attackers will be targeting corporate entities, holding company’s databases in exchange for cryptocurrency or other forms of financial compensation.
The greatest challenge with ransomware attacks is not only the reputational dent on the organization but also the transit data accumulated by the attackers such that even when the accesses are restored, the attackers can still use the retained data to blackmail the organization, make financial demands, and publicly expose the organization.
Ransomware is becoming more technically advanced and sophisticated. In 2021, ransomware attacks will be the most rampant attack across organizations. A number of entities will be targeted and compromised. Organizations therefore must prepare for ransomware prevention and recovery. Networks should be segmented and components hardened. Disaster recovery, business continuity, and data recovery plans should be in place and tested periodically.
6. New forms of 5G vulnerabilities will emerge.
5G technology will be one of the greatest drivers and revolutions of this decade, enabling the fastest and broadest connectivity for humanity. As the adoption of the 5G technology set in as the standard form of cloud-based data transfer and communication, more vulnerabilities, compromises, and new cybersecurity threats will also emerge.
In 2021, the 5G broadband will provide cybercriminals and hackers the capability to inject data packets across networks using high-speed data transfers and conduct corporate espionage with limited interference without these companies knowing. Organizations will need to prepare specially for the 5G technology adoption and provide higher levels of security scrutiny and monitoring. Training and awareness will be supreme in this crusade to provide the capacity and know-how within the organization.
7. The number of Advanced Persistent Threats (APT) groups will continue to grow.
There have been increased hackers and cybercriminals’ activities across the clear, deep, and dark web using Advanced Persistence Threat (APT), with new groups emerging every day. The dark web for instance allows cybercriminals and hackers to have access to sensitive information and corporate networks, transact on stolen credit cards, etc. More actors are joining the foray and these groups are continuously growing across different sectors and interests.
This year, organizations will increase the digitalization of their processes using social media, web sites, mobile phones, and cloud. It is important that they keep a tight control over their digital footprint and keep track of it in real time and control all activities within the outlying borders of their extended organization.
8. Smart phones and mobile devices will be a target in 2021.
The proliferation of mobile connectivity across many networks in itself is a major cybersecurity challenge. Such mobile devices are being used directly to connect to corporate networks even in this remote working era. The attention in 2021 will be on mobile device attacks. The presence of advanced spyware and vulnerabilities in many mobile software applications will give cybercriminals access to valuable data. Organizations should create comprehensive cybersecurity programs to include accurate inventory to protect their information assets including nontraditional assets such as BYOD, IoT, mobile, and cloud services.
9. Organizations will pay more attention to cybersecurity.
With the expansion of remote working and increased adoption of digital transformation triggered by the COVID–19 pandemic, executive management has seen the reality of cyber risks and the implications to business continuity. This has elevated cybersecurity conversation to a board room agenda and most organizations are giving adequate consideration to information security as a strategic component of the business strategy.
In 2021, many organizations will be very deliberate in managing cybersecurity, including appointing the Chief Information Security Officer (CISO) as a C-suite within the executive management.
10. Cybersecurity automation will increase.
Cybercriminals have devised several ways of stealing and accessing corporate databases and networks and these techniques are being improved daily. Cybersecurity automation simplifies the response from organizations in providing a faster pace to response and an efficient mechanism for containment.
With the growth in the number of cyber-attacks and the increasing accuracy of cybercriminals in gaining access to systems, cybersecurity automation is a safe and effective solution to prevent cyber-attacks and data breaches.
In 2021, the focus of cybersecurity automation will include automation of threat correlation, automated enforcement of MFA on ANY resource, authentication sequence, vulnerability scanning, Penetration Tests, security patch management, traffic logs, etc.
In 2021, organizations will deal with the effects while striving to stay secure as online dependency grows. These suggestions and recommendations are not only plausible but should also be anticipated. We looked into the drivers of cybersecurity’s near future and how organizations will have to adapt as threats and technologies exert their influence. It is pertinent that organizations and decision-makers frame a proper and strategic response that can withstand change and disruption.
Organizations need to be proactive in managing cybersecurity initiatives, including beefing up cybersecurity programs, implementing cybersecurity systems, managing vulnerabilities and risks, testing incidence response and business continuity plans.