Dozens of cybersecurity-related vendors showered us with predictions for 2021. We’ve compiled predictions from experts representing more than 40 vendors.
Ivan Orsanic, regional vice-president and country manager, Palo Alto Networks:
We have one big prediction for 2021: COVID-19 will continue to dominate the cybersecurity landscape as fallout from the pandemic causes wide-ranging disruption to our digital lives — at work and at home.
Shelter-in-place orders and travel restrictions imposed in early 2020 forced Canadian organizations to quickly revamp their IT operations to provide remote access to employees, partners and customers. The move allowed them to stay in business, while also introducing new security threats.
Here’s how we expect this to play out over the coming year as Canadians have adapted to remote everything — work, education, healthcare, etc.
- IoT devices pose a security risk for homes and businesses. As attackers look for ways to move laterally home networks to corporate networks, they will look for soft targets among the rapidly growing number of devices in the Internet of Things (IoT). Voice assistants, smart TVs, smartwatches, routers, baby monitors and other IoT devices typically come without security tools and run on software that is rarely or never updated.
- Public sector organizations will struggle against ransomware. Local governments and public sector organizations, such as schools and universities, will struggle more than ever to defend against ransomware capable of shutting down operations, as the economic impact of the pandemic cuts into technology and cybersecurity budgets. They’ll have increasing trouble attracting talented security professionals away from the private sector seen as offering better job security, higher pay and shorter hours.
- Corporate networks shoring up vulnerabilities caused by the shift to remote work. Organizations moved quickly in 2020 to enable their corporate networks to support unprecedented numbers of remote employees. Now they need to quickly identify any vulnerabilities or other unintended security threats that may have emerged after the rush to go remote. Hackers have already begun to seek out new weaknesses they can exploit to compromise corporate networks — whether it be a failure to implement basic security safeguards or improperly configured cloud infrastructure.
- Security teams will embrace automation to work smarter, not harder. Security teams will be spread thinner than ever as they’re called on to continue to protect legacy, in-house IT data centers, while also learning new tools and techniques for securing remote workers who are accessing data centers in the cloud. Enterprises will need to work smarter, using technologies such as automation to make their security teams more productive and prevent burnout.
Mike Lloyd, chief technology officer, RedSeal
- The next “big thing” in security is to take something away, not add another widget. Most security teams have more technology stacked up than they can operate to get the intended benefits. Simplification is never easy – ask any poet. Still, we have to reduce the skill level required to drive our ever-expanding attack surface and corresponding technology chain.
- It’s typical for organizations to have somewhere between 15 and 50 different security technologies, and enough staff to be expert in about five of them. This means the other choices either need to be integrated via automation, so they can be driven from the products your teams can handle or need to be eliminated.
- In too many real breaches, there was a sensor in place, and it detected an anomaly, but the anomaly was buried inside an avalanche of other anomalies, none of them serious. Relevant prioritization of facts is the key missing piece in most organizations.
- Ask what is truly essential, so that you can focus. A good model is known as the OODA Loop – it stands for Observe, Orient, Decide, then Act. We have a lot of “Observe” technology – many sensors. Most companies have invested heavily in Decide (using SIEM) and are in the early stages of automating Act (using SOAR). The big gap to address in 2021 is Orient – taking all the raw facts, and relating them to your specific business situation, so you understand what is relevant or critical, and what is low priority.
Dave Padmos, EY Americas technology, media and entertainment, and telecommunications (TMT) industry leader
- Investments in cloud will accelerate — and evolve. According to pre-COVID-19 EY research, 60 per cent of corporations said cloud accounted for the largest share of their technology investments in 2018 and 2019, and 53 per cent said cloud will likely account for the largest share of investment over the next two years. During the COVID-19 crisis, with work from home becoming the new normal, IT spending on technologies supporting remote work and investments in cloud is seeing a steep increase. Evolving cloud services present challenges for even mature digital companies to efficiently manage cloud spend while continuing to optimize cost. Cloud is no longer a cutting-edge experiment. It is, in fact, a business requirement, fueling better economics and more innovation at greater speed. Next, enterprises will be looking for cloud-enabled capabilities, such as data analytics, artificial intelligence and robotic software, to cut costs or generate revenues from new services.
- Data protection — and disposition — will grow in importance. Concerns over data privacy and security will only increase in 2021. In the coming year, data collection and storage won’t be the only factors under a microscope. Data disposition will become increasingly critical to an enterprise’s overall governance efforts. Building a robust and holistic data disposition program requires strategic decision-making and considerations, as well as input and integrations with a variety of key stakeholders.
- Data processing platforms will take center stage. Companies will need to more clearly understand the relationship between their data, business processes and systems. The need for data-specific platforms to provide cost-effective and efficient solutions to enable ecosystems, derive analytics and insights, or even deliver automation and new technologies (e.g., machine learning and blockchain) will be accomplished by architecting efficient data processing platforms and solutions.
Greg Wolfond, CEO, Toronto-based SecureKey
We anticipate an exponential increase in the use-cases of digital ID across every industry. In-person processes like purchasing a home or checking healthcare information can now be safely completed virtually, and we expect this trend to continue long into the future. COVID-19 initiated a refreshed appreciation for and understanding of the value in doing digital ID right. the launch of the Digital ID Authentiation Council of Canada’s PCTF launch is an excellent example of the holistic approach we need to champion. Although the future remains as uncertain as ever, one thing is clear – digital ID ecosystems like Verified.Me have set the stage for the evolution of our industry on a global scale.
Bob Botezatu, director of threat research, Bitdefender
Firmware attacks become mainstream. As competition in the cybercrime world tightens, malware operators will increasingly focus on burying their creations deeper into compromised systems. Attacks against firmware previously thought of as extremely complex and difficult to achieve, will likely become mainstream in 2021. Abuse of tools like RwEverything might lead to a significant increase in firmware attacks, particularly on systems where the manufacturer hasn’t correctly configured the firmware to block unauthorized rewrites. Ransomware authors may also target device firmware to block devices and render a system unusable until victims pay the ransom. Investigations we have worked on this year have also revealed a significant increase in malware targeting misconfigured or inadvertently exposed micro containers. We expect to see an increase in compromised containers used for anything from crypto-currency miners to pivots in the network.
Rasmus Holst, chief revenue officer of Wire
- The growth of cyber breach costs will outpace the growth of the global economy. In 2021, the global economy will slow to single-digit growth, as countries minimize activity in order to slow the spread of COVID-19. Meanwhile, as remote work and insecure data practices persist, cyber breach costs are slated to hit double-digit growth across all industries. Unless corporations, government agencies and nation-states figure out how to mitigate these cyber risks the global community will suffer catastrophic economic losses that will take years to rectify.
- Governments will demand data sovereignty solutions and move off the “global” cloud. The spate of privacy concerns have led to the emergence of the EU’s GDPR regulation, and the decision to strike down the EU-US Privacy Shield due to concerns of US government overreach. In this uncertain political climate, nation-states will prioritize data sovereignty and move all systems that exchange or host data to domestic cloud or on-premise environments.
- Organizations will future-proof by diversifying and moving beyond traditional cybersecurity tools and strategies. As companies revise their work architectures to accommodate dispersed teams at scale, they will need to invest in diverse, future-proof tech stacks. The rising tide of mobile workforces and cyberthreats will result in several competing priorities such as convenience, security, high integration and privacy. To solve this problem companies will invest in tools that are most appropriate even if they are in similar categories.
- A new architecture will emerge for secure collaboration. While a number of tech vendors have only just started to incorporate some form of end-to-end encryption in their solutions this year (primarily as a knee-jerk response to the rise of remote work, and customer demand for greater privacy and security), by the end of next year, companies will expect and incorporate end-to-end encryption across all tools used to communicate and collaborate with coworkers, prospects, customers and all external stakeholders. The drive for this will come directly from CEOs and non-security executives, as personal liability for cybersecurity incidents reaches an all-time high.
Adam Caudill, a principal security engineer at 1Password
- Cryptography Post-Quantum: Quantum computing is progressing fast: qubit counts are rising, systems are becoming more stable and the industry is investing to make them practical. While we are still years away from quantum computers that can practically attack modern cryptosystems, time to prepare is running short. Data encrypted now may be stored in its current form for many years when at rest in databases, backups, legacy systems, or in cases where encryption technologies are hard to update. It will be critical in 2021 for the industry to take concrete steps to ensure that this data doesn’t suddenly become vulnerable when practical quantum computers become available. While NIST is working to finalize standards for post-quantum cryptography that will address these weaknesses, these changes will take time to implement. Steps that can be taken now include reviewing use cases, system designs and other requirements to see what will need to change to support these new post-quantum options. Given the time left, and the scale of the changes, it’s important that companies start planning for these upgrades sooner than later.
- Data as a Liability: As laws are enacted to provide consumers with more insight into who holds their data, and how it’s used, companies will be forced to acknowledge that data is actually a liability. Consumers are expecting greater control, transparency and protection of their private data. The more data a company has, the greater the risk of costly breaches and fines, so there is a strategic benefit to holding only the data that’s absolutely needed to operate successfully. While companies that are built around collecting vast amounts of data are unlikely to make significant changes, 2021 will be a year when others need to revisit how much data they actually need.
James Carder, chief security officer for LogRhythm
- We’ll see the consequences of employees letting their guards down as work-from-home extends. This relaxation on security protocol — combined with threats that already exist in a rushed remote work environment — will result in data loss rates exceeding what we saw in 2020.
- We will see a rise in internet policing as misinformation reaches new heights following the U.S. elections. Large-scale spear phishing and watering hole attacks will add to the mounting pressure on Congress to introduce and pass legislation that forces tech giants and media organizations alike to have better safeguards in place.
- The board meeting of a major company conducted using video conferencing software will be exposed, resulting in a high-profile scandal.
- Deepfakes will become a significant threat to business integrity. The unprecedented shift to remote work will lead to video and images of leaders inside an organization being weaponized to exploit employees for financial gain. Outside of being used to target employees internally, this technique will be used to dramatically impact a specific stock by manipulating the public into thinking the CEO of a public company has done something damaging.
- There will be a reckoning within the growing API security market as API data breaches rise.
Security predictions from Wandera
- We predict companies might pump the breaks a little on cloud migration projects as they refocus on refining their end-to-end security strategies. Connecting workers to distributed workloads is the easy part; protecting business applications and intellectual property in a decentralized, hybrid, and multi-cloud environment is where we expect to see security leaders focused in the coming year.
- Businesses will begin to experience the limitations of VPN and start looking for more modern secure access solutions that scale and perform far better than appliance-based security.
Shai Morag, CEO of cloud identity and access security provider Ermetic.
- There will be a phased shift in the way organizations enable and secure remote workers. In 2020 companies were generally putting out fires, since they were completely unprepared for the speed and scale at which they needed to provide security for a 100 percent remote workforce. Now that the basics have been addressed and organizations understand that remote work is here to stay, the focus in 2021 will be on implementing new security controls that provide a user experience similar to being “in the office” and improves both efficiency and team collaboration. And no less important, organizations will look for solutions that are easily managed by a remote IT organization. Since organizations will continue to switch to SaaS applications wherever possible and accelerate the migration of private applications to the cloud, we can expect them to replace slow, legacy VPN connections to the corporate network with identity-centric or zero-trust solutions.
- Large security conferences will cease to exist. Many organizations had serious doubts about their efficacy before COVID, and now a year without them will prove that they are no longer worth the expense. Small, focused security events are going to be the first to rebound, especially ones that can be delivered regionally.
John Hammond, senior security researcher, Huntress Labs
- In 2021, there’s no such thing as a false positive. When assessing their security tools, now more than ever, organizations must take a hard look at their dashboards for false positives/negatives. In 2021, there’s really no such things as perfect tools or a false positive. If your security tool is alerting you, it’s alerting you for a reason. Security controls aren’t going to be tuned when you buy them so organizations will need to learn how to adjust and modify them to meet their security and business needs.
- Hackers will continue to go for the low-hanging fruit – password spraying and credential stuffing – whatever’s the easiest option, they will always take the path of least resistance. Though hackers and attack methods have grown more sophisticated, the fact remains that they work smarter, not harder. There’s no need to break through the window when the front door is unlocked. Organizations should spend the time tuning their security controls, or following through official hardening guides, creating processes and procedures to really move the security needle.
- Every organization should have their own vulnerability disclosure program (VDP) because if you don’t have your own talent poking at stuff all the time, there’s a good chance someone else with less than ethical standards already is.
- Boundaries will be broken as MSPs and internal IT teams band together to co-manage security as opposed to operating in silos.
Ryan Corey, co-founder and CEO, Cybrary
Cybersecurity training is now being conducted online more than ever before and it’s highly unlikely to return to the traditional model in 2021. Not only is working from home here to stay, but so is training from home. 2021 will also likely show an increased emphasis by hiring managers and SOC managers on improving training options within their respective organizations in order to scale current employees’ career tracks.
Ken Underhill, Cybrary Master Instructor adds this: We may see some AI poisoning attacks in the wild where attackers are injecting bad data, which causes the algorithm to learn the wrong “lesson” from the data. It will also be interesting to keep an eye on insider threats and if they increase next year, given many people around the world are hurting financially because of the pandemic.
I also don’t think we will see any significant reduction in the skills gap, even though we see organizations and the government throwing millions of dollars at the problem. Until “entry-level” roles stop asking for 2-3 years of experience, certifications like CISSP and have real salaries instead of a minimum wage, the positions won’t be filled.
Jonathan Reiber, senior director of cybersecurity strategy and policy at AttackIQ
- 5G and IoT will increase the speed of attacks and enable more actors to conduct a wider range of operations against targets globally.
- Autocratic regimes will ramp-up the use of surveillance technologies for more effective control over their populations, forcing them into sharper confrontation with the United States as it likely asserts increasing levels of support for democratic movements globally. The use of surveillance and facial recognition technology has become so commonplace in countries ruled by autocratic governments that there is even a phrase to describe the techniques, “high-tech illiberalism.”
- MITRE ATT&CK will continue to increase in prominence as the backbone framework for cybersecurity planning and threat-informed defence. MITRE ATT&CK is a globally vetted framework of known adversary tactics, techniques and common knowledge (A. T. T. C. K.), a kind of periodic table that lists and organizes malicious actor behaviour in an accessible, user-friendly format. But ATT&CK is not just a framework to understand adversary behaviour: it is a tool for improving security effectiveness, and that trend is catching on and leading to a transformation in the cybersecurity community. Governments all over the world have begun to use the ATT&CK framework as a tool to communicate with the public about threats and how to mitigate them.
Keith Neilson, Technical Evangelist for CloudSphere
- Artificial intelligence will increasingly be relied on in the coming year to maintain cloud hygiene by streamlining workflows, managing changes and archiving. Once proper cloud hygiene is established and maintained with AI, it will also be used as a strategic predictive knowledge tool. By predicting and addressing threats and vulnerabilities, AI will help enterprises create the best possible outcome for their cloud environments. Leveraging AI as a strategic asset will empower CIOs to make informed decisions about their cloud environments, such as evaluating costs and compliance risks.
- Securing and governing multi-cloud environments will be the top IT challenge facing enterprises. To make identity and access management digestible and manageable by humans and therefore avoid data exposure, organizations will increasingly implement cloud ownership guidelines and governance policies to visualize who–or what–has access to specific resources in the cloud.
- 2021 will see the demise of the centralized security strategy. With more people working from home companies can look at an expanded geographical pool of candidates for new hires in all business departments, not just security. Security must evolve to a more democratized approach where it is delivered at the edge and on the various endpoints used by the global workforce.
Mike Riemer, chief security architect at Pulse Secure
- Financial institutions will be the most at-risk industry for cloud-jacking. As companies across industries continue to move towards hybrid IT environments, the threat of cloud security breaches is at an all-time high. Financial institutions, which have traditionally been slower to adopt cloud technologies due to heavy regulations and security concerns, accelerated their digital transformations in 2020 as COVID-19 brought about new challenges. These businesses are now faced with a customer base seeking digital-first services, and they are leveraging cloud-based infrastructure to maintain customer satisfaction. As a result of this rapid transition to a hybrid cloud environment, we could see the cloud-jacking of a major financial institution that results in bad actors gaining control of highly sensitive customer information.
- The July, 2020 Twitter employee hack is a sign of more sophisticated phishing scams to come. The brazen nature of this attack shows bad actors are using social engineering to raise the stakes, and we can expect to see more of these high-profile orchestrated events in 2021 as remote work continues and cyber criminals look for new, creative ways to infiltrate organizations.
- A lack of segregation between company IoT/IIoT devices and the rest of the network will result in an increase in breaches. Maintaining the security for OT systems is going to be critical, which is why companies must implement processes and technologies that ensure the IoT devices or IIoT devices talking to the OT systems are what they say they are and haven’t been hijacked.
David Wolpoff, CTO and co-founder at Randori
- Ransomware evolves to enterprise extortion. Threat actors are evolving from high-volume/low-value attacks to high-value/low-volume attacks targeting businesses. Half of ransomware attacks already involve data exfiltration, and in 2021, cybercriminals will incorporate extortion by weaponizing the content they’ve stolen to compel their victim to action. Ransomware attacks will shift from “I’ve stolen all your data, now pay me;” to, “I’m going to extort your CEO with the information I’ve found in the data I’ve stolen from you, and if you don’t pay, we’ll devalue your stock on Wall Street.”
- Cloud infrastructure ransom attacks. Threat actors are beginning to sift through exfiltrated data from ransomware attacks for high-value content, and their pot of gold? Cloud infrastructure credentials that would allow them to hold a company infrastructure for ransom. It takes adversarial creativity, but the reward is high and the killchain is simple enough: Find credentials that allow for the creation of code signing malware, gain access to an app like Slack and send spoofed messages to convince unwitting victims to share cloud login credentials (heads up, IT). With a stroke of luck, gain high-privilege AWS tokens, log into the cloud infrastructure and hold it for ransom. The threat of turning off the business with the click of a button is a highly effective extortion technique. Many CISOs don’t know when and where highly privileged passwords have been shared and recorded (in an old Slack message from two years ago?) — this is a big risk for companies mid-cloud migration.
Tim Sadler, CEO of Tessian
Remote work – in some form – will stay. So instead of just securing networks and endpoints, CISOs must consider how their 2021 strategy will protect their remote workers, while empowering them to work productively and flexibly. All too often, security solutions can stand in the way of people getting their work done, and they’ll quickly find unsafe workarounds. Companies must make security as flexible as their people in 2021.
Renaud Deraison, CTO at Tenable
Generations Z and Alpha are arguably the most tech-savvy of any generation before them. I suspect this virtual crash course in all things technology will bring about a more cyber-conscious generation that will understand and appreciate technology on a deeper level. We should take this as an opportunity to meet the skills gap challenge head-on by bringing cybersecurity into classrooms as early as possible. This means ensuring we’re not only making cybersecurity accessible to all students, but actively encouraging boys and girls, especially students of color, from all walks of life to pursue the field. The security challenges of tomorrow cannot be solved in a vacuum and will require diversity of thought and experience to truly be effective.
Curtis Simpson, CISO at Armis
Botnets pose the single largest security threat in 2021. We will continue to see highly detrimental botnet attacks but likely ever more focused on supply chain weaknesses exposed by the pandemic. In parallel, we will see botnets continue to grow exponentially through the exploitation of consumer devices. With more people working from home it’s more likely than ever that information stolen from consumer networks can be used to break into the larger prize: enterprises and governments.
Brian Fox, CTO at Sonatype
Hybrid software attacks will spike, especially impacting COVID-19 related sector. Year after year, ourreports show developers continue to download hundreds of millions of vulnerable code components from open source repositories, resulting in supply chain attacks across government, financial and business institutions. The recent Octopus Scanner Malware breach alerted us that attackers were mixing techniques from the ‘90s with modern tooling to recycle older virus-like behaviours in new domains. I predict we’ll see an increase in hybrid attacks on the software supply chain, especially across the healthcare, financial, and political sectors – those most affected by the COVID-19 pandemic.
Robert Prigge, CEO of Jumio
- Addressing bias in AI algorithms will be a top priority, causing guidelines to be rolled out for machine learning support of ethnicity for facial recognition. Evaluating how vendors address demographic bias will become a top priority when selecting identity proofing solutions in 2021. According to Gartner, more than 95 per cent of RFPs for document-centric identity proofing (comparing a government-issued ID to a selfie) will contain clear requirements regarding minimizing demographic bias by 2022, an increase from fewer than 15 per cent today. Organizations will increasingly need to have clear answers to organizations who want to know how a vendor’s AI “black box” was built, where the data originated from and how representative the training data is to the broader population being served.
- Identity fraud will become a national crisis. Not only was there more fraud attempted in 2020 but the dollar value of each attempted fraudulent transaction was also 5.5 per cent higher than it had been the six months preceding the pandemic. Organizations will shift from using data-based approaches of identity proofing (such as using credit bureau or census data) to document-centric identity proofing (using a government-issued ID and a selfie) to verify online users.
- Stronger age verification will be essential in 2021 — and tech giants will be held accountable for who accesses their sites. As the social harm epidemic continues to accelerate with children being bullied, subjected to predators and influenced by harmful content at a rapid rate online, technology companies need to take responsibility to protect minors on their platforms. The U.S. is likely to follow in the footsteps of Ofcom, the U.K.’s first internet watchdog, by implementing new legislation aimed to mitigate social harm, enforce age verification and remove legal protections for tech companies that fail to police illegal content. l harm.
- Credential stuffing will become the #1 global cybersecurity threat as account takeovers become mainstream.
Emil Sayegh, CEO of Ntirety
- Businesses will still be learning how to navigate hybrid work scenarios for months to come. Among the challenges that are still in the works is the handling of data – securing data, access by design, compliance audit capabilities, and privacy issues represent just some of the issues that many organizations never had to consider before.
- Under increased scrutiny, the feelings of invincibility of Google, Amazon, Facebook, Twitter, and others will quickly become a cry for forgiveness.
- This next year will be the year where infrastructure-as-code becomes the big difference-maker.
- It is early in the game, but there is a real possibility that in specific corporate scenarios, 5G will replace Wi-fi. Corporate connections over privately deployed 5G means continuous connection as well as simplified and improved security.
- The Chief Information Officer will further move forward from day-to-day operations to picking up innovation, becoming de facto Chief Innovation Officer formally or informally.
Grady Summers, EVP Product at SailPoint
The remote workforce appears to be putting organizations at a greater risk of data breaches, IP theft, and illegal access through company and personal devices. In the first six months of the pandemic, 48 per cent of total U.S. knowledge workers said they had experienced targeted phishing emails, calls, or texts in a personal or professional capacity – this number will only continue to grow. If these risks are not addressed, 2021 will be yet another year where we say, “the threat landscape continues to become more complex”—a phrase that I feel we’ve been (justifiably) repeating for the last decade.
Gaurav Banga, CEO of Balbix
- 2021 Will Reveal “The Great InfoSec Divide.” Due to 2020’s disruptions, the gap between cybersecurity-mature organizations and security unready organizations will widen significantly and become a major competitive disadvantage factor. Cybersecurity-mature companies are those that have made already made investments to prevent cyberattacks before they happen. On the other hand, security unready organizations have yet to implement proactive security controls and practices and as a result can only respond to breaches after they happen.
- Quantum computing will become the next WannaCry for malicious actors. Quantum computing is likely to become practical soon, with the capability to break many encryption algorithms. Organizations should plan to upgrade to TLS 1.3 and quantum-safe cryptographic ciphers soon. Big Tech vendors Google and Microsoft will make updates to web browsers, but the server-side is for your organization to review and change. Kick off a Y2K like project to identify and fix your organizations encryption before it is too late.
Drew Daniels, CIO and CISO at Druva
While all organizations remain at risk in part due to the work from home, I believe healthcare will be the most targeted industry in the next year. In 2021, ransomware will target healthcare even more so than in 2020. As R&D organizations scramble to find a vaccine for the COVID-19 pandemic, ransomware threat actors will similarly be scrambling to make a profit even more so than before. Threat actors will be targeting medical research laboratories, big pharma, biotechnology companies and any third party companies that healthcare works with, as these organizations will likely be storing the patient data being analyzed in order to create a vaccine. Biotechnology, pharma and medical organizations will have to step up their cybersecurity posture in order to keep up with the wave of new attacks. It will no longer be an option, especially given the pressure for coming up with a vaccine that is tested and safe.
Robert Capps, vice-president, marketplace innovation at NuData Security
- As we move into 2021 organizations managing home-based employees must ensure that all company-owned devices are configured with up-to-date security tools. Beyond that, the management of corporate data should also be required, as should be the deployment of data loss prevention tools that manage and audit the movement of company data to USB data storage devices, non-owned or managed computing devices, and local printers in the home office.
- As remote work becomes the norm, and continues to evolve into the new year, all security and data management tools should be configured to send real-time alerts to the information security team when threats are detected, for follow-up and action as needed. All company-owned computing assets should be configured with an always-on VPN connection that tunnels all traffic through the VPN, to the corporate network. Split-tunnel VPN, which routes corporate communications over the VPN while allowing internet traffic to go directly to the internet, can leave corporate computing assets vulnerable to internet-based attacks that are traditionally mitigated by corporate security products such as content filters and security proxies.
Michael Rezek, vice-president of cybersecurity strategy at Accedian
As IT teams build out their 2021 cybersecurity strategy, they should look most critically to network detection & response solutions (NDR), and other complementary solutions like endpoint security platforms that can detect advanced persistent threats (APT) and malware. For smaller companies, managed security services such as managed defense and response are also good options. However, a comprehensive security strategy must also include educating all employees about these threats and what to watch out for. Simple cybersecurity practices like varying and updating passwords and not clicking on suspicious links can go a long way in defending against ransomware. Perhaps most importantly, since no security plan is foolproof, companies should have a plan in the event of a ransomware attack. This is especially important since attackers might perform months of reconnaissance before actually striking. Having a plan and the forensic data to back it up will ensure your organization and its reputation are protected.
Jon Toor, CMO for Cloudian
Ransom will be taken out of ransomware in 2021. As remote work and learning continues into 2021, ransomware attacks will become more manageable as enterprises will opt for immutable backup data repositories on top of perimeter security solutions. This ensures they can restore a clean copy of data in the event of an attack, without needing to pay the ransom. Ransomware will no longer be a potential catastrophe, causing downtime rather than an existential threat of date being held hostage for exorbitant sums.
Matt Tyrer, senior manager, solutions marketing at Commvault
Organizations finally realize they need a business continuity plan for ransomware attacks. As recent ransomware attacks on hospitals that halted radiation treatments for some cancer patients demonstrate, despite organizations’ best efforts, it is impossible for security solutions to be 100 per cent effective. As organizations finally come around to realizing that no security system is perfect, they are now asking themselves not what they will do if a ransomware or other cyberattack locks or destroys their data, but when. The answer to this question is to have a business continuity plan in place that accounts for a ransomware or other cyberattack, allowing the organization to recover from the attack quickly, so that any disruption to their operations is minimal. Next year, expect to see organizations finally start working to ensure they have in place the business continuity processes and disaster recovery solutions they need to rapidly recover not just from natural disasters, but malicious cyberattack disasters as well – helping them transform ransomware attacks from three-car pileups into mere bumps in the road.
Joe Partlow, CTO ReliaQuest
Ransomware payments will go underground: Ransomware payouts have increased significantly over the past 12 months. To compound this, the U.S. Treasury Department recently warned that firms that negotiate with ransomware extortionists could face steep fines from the federal government if the crooks who profit from the attack are already under economic sanctions. In response, we will see ransomware payments go underground in 2021 and beyond. Companies will take whatever measures necessary to regain access to critical systems and data to keep the business running, regardless of government regulations.
Florindo Gallicchio, managing director at NetSPI
-More security teams will pivot from a compliance-based security approach to a risk-based security approach. Financial institutions will continue leading in risk-based security, but we can expect to see increased adoption in the retail industry. This pivot is being triggered by increased visibility into risks and security programs, better documentation, and more efficient opportunities to present risk to the business leaders.
Fredrik Forslund, vice-president of Cloud and Data Center Erasure at Blancco
-Data privacy fines are not going away, despite current conditions. Companies globally are working in a new and unfamiliar distributed working environment, which brings new data privacy challenges. Now is the time to be cautious. Data privacy regulation, alongside the threat of fines and reputational damage, will continue to drive businesses to act on data privacy in 2021. Organizations must ensure their data management policy is adapted to fit the “new normal”. This means ensuring that all IT assets handling sensitive data are tracked and dealt with securely upon end of life.
Jasen Meece, CEO of Cloudentity
A Zero Trust Framework is No Longer Optional for Enterprises. There’s no doubt that COVID-19 and the shift to remote work have accelerated Zero Trust adoption in the enterprise. In 2021 and the following years implementing a Zero Trust approach will become essential to protecting every enterprise, regardless of industry. This is due to the increasing volume of cyber threats that organizations and individuals face on a regular basis, and human error remains one of the top causes of security breaches. In fact, roughly one-quarter of all data breaches are caused by human error, with the average cost of US$3.92 million for each breach, according to a report from the Ponemon Institute. As a result of this growing issue, the Zero Trust Model will become the new standard, in which all users, even those inside the organization’s enterprise network, must be authenticated and authorized before being able to access apps and data.
Jason Crabtree, CEO and Co-Founder at QOMPLX
In 2021 attackers will continue to use Kerberos- and SAML-based authentication forgeries, as demonstrated in SolarWinds Orion Sunburst breach, to move laterally and persist surreptitiously inside target networks. IT leaders will need to further emphasize disabling the fundamentally secure NTLM protocol and focus on stateful validation of Kerberos and SAML to reduce risk of more forged authentication events that give attackers the keys to the kingdom.
Predictions from OneSpan
Digital identity based on self-sovereign identity leveraging blockchain will emerge. The development of a decentralized or self-sovereign identity will bring a complete evolution to the digital identity space. We’ll see the development of digital ID fully under the control of the user securely stored in mobile devices within a digital wallet. The complete ecosystem available for both public and private sector will leverage distributed ledger technology as source of trust. We will also see the development of a standard protocol for issuing, ordering and verifying digital identities. By combining blockchain technology with standardization that can be made by regulators, self-sovereign identities will become the future of what today is a physical identity document.
WatchGuard’s 2021 cybersecurity predictions
Cybercriminals will find new and innovative ways to attack individuals, their homes and devices, in order to find a path to your trusted corporate network. The global pandemic has rapidly accelerated the existing shift toward remote work, where employees operate beyond the protection of the corporate firewall. In turn, hackers will exploit vulnerabilities found in the gaps between people, their devices, and the corporate network:
- Automation will drive a tidal wave of spear-phishing campaigns. Cybercriminals have already started to create tools that can automate the manual aspects of spear phishing. By combining such tools with programs that scan data from social media networks and company websites, phishers can send thousands of detailed, believable spear-phishing emails, with content customized to each victim. This will dramatically increase the volume of spear-phishing emails attackers can send at once, which will improve their success rate. On the bright side, these automated, volumetric spear-phishing campaigns will likely be less sophisticated and easier to spot than the traditional, manually generated variety.
- Cloud hosting providers finally crackdown on cyber abuse by deploying automated tools and file validation that spot spoofed authentication portals.
- Hackers infest home networks with worms. Home-based workforces will continue in 2021, so cybercriminals will create attacks specifically targeting the home worker with malware that not only spreads across networks but looks for signs that an infected device is for corporate use (such as evidence of VPN usage).
- Booby-trapped smart chargers will lead to smart car hacks.
- Users will revolt over smart device privacy, making vendors take privacy for home and consumer Internet of Things (IoT) devices more seriously.
- Attackers will pinpoint security gaps in legacy endpoints. With more employees working at home without some of the network-based protections available through the corporate office, attackers will focus on vulnerabilities in personal computers, their software and operating systems — for example, unsupported Windows 7 and Server 2008.
- Every service without MFA will suffer a breach.