Cybersecurity 2021: What to Expect After the Year that Changed Everything
We all had plans for last year. Many of those plans were disrupted by a turbulent 2020. This era of volatility is set to carry over into the new year. We can only caution that, while we all wish for a better 2021, we should continue to be vigilant and prepare for all eventualities.
Compromised Devices Return to the Office
As restrictions ease, remote workers will begin migrating back to the office. These potentially infected devices will return after a year spent in low-security environments. Cybercriminals that have had access to these devices will have the perfect opportunity to make lateral moves and compromise critical systems.
Attacks to Be Camouflaged Among False Alerts
The abundance of poor quality alerts has long been a weakness in cybersecurity. Attackers are set to operationalize that weakness by creating their own false alerts. New forms of malware will be able to trigger a plethora of IoCs that will distract security teams and soak up limited resources.
Malware to Be Delivered via QR Code
2020 saw the rebirth of the QR code. Thanks to removing the need for physical contact, QR codes are used for everyday actions like completing a health survey, seeing a menu, or paying your bill. A threat actor only needs to stick their own QR code over any of these to easily infect hundreds of devices.
Ransomware Profits Fuel More, Better Attacks
The Ransomware business is booming and threat groups’ profits are set to scale ransomware attacks. Their operational sophistication will only increase, leading to vulnerable niche demographics being targeted. Attacks will expand to include individual employees. Ransomware R&D teams will have bigger budgets, leading to new strains being released throughout the year.
Remote Users’ Credentials Targeted
Remote users' credentials are more relevant than ever. In the new year, we will see an increased number of attacks targeting individuals that have the network access that the cyber criminals need. Expect to see an increase in credential stealing and credential spraying in order to exploit these vulnerabilities.
Established Organizations Prioritize Cybersecurity at Last
Healthcare providers, K-12 education, and local government organizations have received a lot of attention in the past year, including from cybercriminals. These verticals have now experienced first hand how disruptive cyberattacks can be to their operations. As a result, cybersecurity will move up on the priority list and receive the focus that it requires.
Exponential Growth in Cybersecurity Begins
People tend to think in a linear fashion, while technology grows exponentially. 2021 will be the year when we see another exponential leap in technological advancement and adoption. Legacy technologies that were not designed to scale with this development will fail.
Orchestration Between AI and Human Talent Emerges
Bruce Schneier likes to call this the “Age of Orchestration” in cybersecurity. AI is still far from delivering autonomous solutions. Therefore, it needs to work with human operators. In 2021 you’ll have AI-based options in your toolbox that actually make your work easier.
Demands for Quick Time to Value Grow
Cybersecurity Vendors will be expected to deliver results quickly. Amid a huge skills shortage and pressured budgets, complex solutions aren’t feasible. If making a tool work requires hard work, it’s not working for you, you’re working for it. CISOs will be expected to hold vendors accountable with hard metrics on performance.
Cyberattacks to Impact Everyday People
We have long said that cyberattacks have real-life consequences. Each year, they get more serious in scope and scale, and businesses often take the blame. In 2021, we will see people’s daily lives being affected and disrupted. The severe consequences of untamed attacks will prevent people from living the way they do (yes, even during a pandemic). This means that personal payments, communication, purchases, education, and access to valuable information will be prevented for days on end when systems go down. In 2021, we expect to be rudely interrupted by cybercriminals.