Cyber Security In 2021 - Predictions & Trends

Uploaded on 2020-12-30 in NEWS-Cybersecurity News, FREE TO VIEW

While 2020 has dominated by the Coronavirus, the impact of global warming and the  constant growth in severity of cyber attacks, it seems that every passing year gets worse for cyber security. Improved cyber defences are being matched at every step by the increasing sophistication of hackers and other cyber criminals.. 
 
We hope that 2020 turns out to have ben an exceptional year and  that the spike in cyber crime that sought to exploit  the Coronavirus crisis and disrupt remote working will not be repeated.  
 
A recent Report from PwC found that cyber security is more business-critical than ever before. They say that 96% of executives have shifted their cyber security strategy due to Covid-19 and 40% of executives say they are accelerating digitisation. Around 55% of enterprise executives plan to increase their cyber security budgets in 2021 and 51% are adding full-time cyber staff in 2021. PwC found that most executives are planning to ramp up their cybersecurity spending in 2021 despite the majority of them, 64%, expecting business revenues to decline.
 
What is truly shocking is PWC's finding that 25% of organisations are actually planning to downsize their cyber budgets in the forthcoming 12 months
 
Recent news that Russian state-sponsored hackers have for a year or more working on using the weak aspects of  SolarWinds management software to hack into major US and other government federal agencies and corporations. After  Donals Trump's presidential terms and four years of deference toward Russia, the Biden Administration will likely respond with renewed sanctions and retaliatory attacks for the SolarWinds hack. The challenge for the Biden Administration will be to respond strongly enough to deter future attacks, without triggering an escalation into cyber warfare. A much stronger cyber security focus from the new US administration can be expected, although simply cleaning up the mess from the SolarWinds attack will take time as  cyber attackers will have left tripwires behind them inside the hacked networks.
 
Companies will be forced to take nation-state actors more seriously after about 18,000 were exposed in the SolarWinds attack .
Many employees will continue to work remotely, far more than they used to and security teams will still need to worry much more about securing remote connections. 
 
Zero Trust - It makes sense that access to networks, applications and data be as limited as possible, so expect zero trust capabilities to begin to show up in every kind of access product. That will help greatly in cases of stolen credentials and could also help prevent lateral movement across networks.  a Zero trust regime can also replace or supplement VPNs, plugging vulnerabilities there. But zero trust won’t do much if those applications and networks have vulnerabilities, so things like patch management, configuration and threat detection will still matter.
 
Secure Access Service Edge (SASE) - is a broader technology that encompasses zero trust and will also see greater adoption as external users and Internet of Things devices continue to drive growth in edge computing.
 
Leaking Cloud Buckets - The explosion in remote work led to acceleration in digital business transformation and application migrations to the cloud. Along with that rush will come the inevitable cloud bucket misconfigurations and security breaches. CompariTech  have  estimated that 6% of Google Cloud buckets are vulnerable due to misconfiguration and both AWS and Microsoft's Azure users have their vulnerabilities too. Expect billions of sensitive records to be exposed again this year because of user error in the cloud.
 
Ransomware - Just gets worse every year, and 2021 will be no exception. Sophos predicts that the big ransomware families will become “more evasive and nation-state-like in sophistication,” targeting larger companies with multimillion-dollar ransom demands, and ransomware-as-a-service will continue to let smaller players wreak havoc with everyone else. Expect to hear a lot more about ransomware names such as Ryuk, RagnarLocker, Netwalker, REvil, Egregor/Maze, Dharma and Buer Loader.
 
The latest threats always generate  headlines, but it’s the ones everyone already knows about that do most of the damage and 2021 will be no different.
 
So-called Commodity Malware such as loaders and botnets and human-operated Initial Access Brokers can do more damage than might appear. According to Sophos, “Such threats can seem like low-level malware noise, but they are designed to secure a foothold in a target, gather essential data and share data back to a command-and-control network that will provide further instructions,.. If human operators are behind these types of threats, they’ll review every compromised machine for its geolocation and other signs of high value, and then sell access to the most lucrative targets to the highest bidder, such as a major ransomware operation.”
 
The impact of the Coronavirus pandemic should reduce as effective vaccines are produced and distributed and as the impact of the pandemic subsides,  there should be an economic recovery and more money to invest in cyber security training and tools for overwhelmed emplyees.
 
2021 Security Industry Trends
 
Here is  a selection of the major trends that across a large number of cyber security industry forecasts:
  • There will be huge security impacts in the coming year from the move to work from home (WFH) fueled by COVID-19. More attacks will occur on home computers and networks, with bad actors even using home offices as criminal hubs by taking advantage of unpatched systems and architecture weaknesses.
  • The rush to cloud-everything will cause many security holes, challenges, misconfigurations and outages.
  • More growth in the security industry. Our numbers of new products and new year mergers and acquisitions will cause network complexity issues and integration problems and overwhelm cyber teams.
  • Privacy will be a mess, with user revolts, new laws, confusion and self-regulation failing.
  • Identity and multi-factor authentication (MFA) will take center stage as passwords (finally) start to go away in a tipping-point year.
  • Many high-profile Internet of Thing (IoT) hacks, some which will make headline news.
  • Ransomware will get worse and worse — with new twists, data stealing prior to encryption, malware packaging with other threats and very specific targeting of organizations.
  • Lots of 5G vulnerabilities will become headline news as the technology grows.
  • Advanced Persistent Threats (APT) attacks will be widely available from criminal networks. The dark web will allow criminals to buy access into more sensitive corporate networks.
  • Mobile devices, including smart-phones, will be attacked in new ways, including app stores.
  • Crypto-currencies will play new roles, with criminals switching often for hiding advantages.
  • As digital transformation projects grow, many plans will implode as security challenges mount.
Putting off your organisation’s total digital transformation is no longer an option and nd a greater urgency to adopt the cloud will spur innovation, improve overall security, and help future-proof enterprises in the face of uncertain market conditions.
 
GovTech:       Forbes:            eSecurity Planet:         TechHQ:      Aria Cybersecurity:
 
You Might Also Read:
 
Five Risks That Will Define Cyber Security In 2020
 
 
« The Impact Of Brexit On British Cyber Security
Cyber Attacks On US Government - New Evidence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

Center for Cyber & Homeland Security (CCHS)

Center for Cyber & Homeland Security (CCHS)

The Center for Cyber and Homeland Security at Auburn University is a nonpartisan think tank that works to develop innovative strategies to address current and future threats to the United States.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

TRU Staffing Partners

TRU Staffing Partners

TRU Staffing Partners is an award-winning contract staffing and executive search firm for cybersecurity, eDiscovery and privacy companies and professionals.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

Filigran

Filigran

Filigran provides threat intelligence, adversary simulation and crisis response open solutions to thousands of cybersecurity and crisis management teams across the world.

Adili Group

Adili Group

Adili Group is a leading pan-African corporate advisory firm. We deliver tailored solutions in regulation and compliance, risk management, and improving business efficiency.