Written by: Mark Bird, Consultant at Pragma Strategy
With the unexpected year 2020 behind us, what are the biggest security takeaways and what can organisations anticipate in 2021? We have compiled cybersecurity trends, predictions, forecasts, white papers, guides from industry leaders that offer insights for the year ahead, with remote working and other impacts fueled by the global COVID-19 pandemic taking the center stage.
#1 – The Rise of Insider Threat to cybersecurity
According to Forrester, 33% of data breaches will be caused by insider incidents, up from 25% last year. In 2021, CISOs will want to monitor three major factors that will produce an uptick in insider threats: 1) the rapid push of users, including some outside of companies’ typical cybersecurity controls, to remote work as a result of the COVID-19 pandemic; 2) employees’ job insecurity; and 3) the increased ease of moving stolen company data.
In a separate report, Forcepoint emphasizes that insider threat is more than disgruntled employees. Employees are now scattered around the world and hired remotely, giving the chance for bad actors to become trusted employees.
#2 – 5G Can Enable Advanced Swarm-Attacks
In Fortinet’s Cyber Threat Predictions for 2021, compromising and leveraging new 5G-enabled devices will open up opportunities for more advanced threats. There is progress being made by cybercriminals toward developing and deploying swarm-based attacks. These attacks leverage hijacked devices divided into subgroups, each with specialized skills. They target networks or devices as an integrated system and share intelligence in real-time to refine their attack as it is happening. Swarm technologies require large amounts of processing power to enable individual swarmbots and to efficiently share information in a bot swarm. This enables them to rapidly discover, share, and correlate vulnerabilities, and then shift their attack methods to better exploit what they discover.
#3 – Passwordless Authentication, Cloud Workload Protection Platform and Cloud Security Posture Management
Passwordless Authentication, Cloud Workload Protection Platform and Cloud Security Posture Management are predicted to be among the most influential technologies in cybersecurity within the next three years, according to Gartner’s Impact Radar for Security framework which compares how influential a given cybersecurity technology will be within a specific time horizon or range in 2021.
#4 – Exposed APIs will be the next favored attack vector for enterprise breaches
#5 – Supply chain attacks mean that the bad guys won’t just hack your organization. They’ll hack your stuff.
In Splunk’s report, threat actors will be taking advantage of technology in consumer products as workers continue to work from home. As such, any new technologies that are being developed should be questioned on security and its supply chain. Companies must get a clear understanding of their vendor supply chain by performing due diligence and educating employees as they stock their home offices.
#6 – Target on Remote Learning
Schools and universities have pivoted to large-scale use of e-learning platforms, so perhaps it’s no surprise that the sector experienced a 30% increase in weekly cyber-attacks during the month of August, in the run-up to the start of new semesters. Attacks will continue to disrupt remote learning activities over the coming year, in this source from Checkpoint.
#7 – Attackers Pinpoint Security Gaps in Legacy Endpoints – Watchguard cybersecurity predictions 2021
Endpoints have become a high priority target for attackers amid the global pandemic. With more employees working at home without some of the network-based protections available through the corporate office, attackers will focus on vulnerabilities in personal computers, their software and operating systems.
According to Watch Guard’s 2021 Security Predictions, we can expect cybercriminals to seek out a significant 2021 cybersecurity flaw in Windows 7 (many organizations chose to stick with Windows 7 and Server 2008 for as long as they could due to the fact that people rarely update) in hopes of exploiting legacy endpoints that users can’t easily patch at home. Black hat hackers know this and look for opportunities to take advantage. You can expect that we’ll see at least one major new Windows 7 vulnerability surface in 2021 as attackers continue to find and target flaws in these legacy endpoints.
Pragma is a cybersecurity consultancy with global headquarters in Singapore, Australia, Vietnam and the UK. Our expertise is demonstrated in these four solutions; Cyber and Regulatory Consultancy, Incident Response, Cloud Security and Security Testing. Visit them at: https://www.pragmastrategy.com
Zegal is one of the fastest growing LegalTech companies, and operates from offices in Hong Kong, Singapore, Nepal, Australia, New Zealand and the United Kingdom. Zegal was recently recognised by the South China Morning Post as an emerging LegalTech company in the artificial intelligence space. Visit them at: https://zegal.com