Daunting Year Ahead: 12 Cybersecurity Predictions for 2021
2021 will uncover the security impacts of people doing people things.
![Cybersecurity Predictions Feature Cybersecurity Predictions Feature](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt239ed82f3715d262/6524574dd03b4f84f4908d2e/Cybersecurity-Predictions-Feature.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
John Hammond, senior security researcher at Huntress, said after everything that has happened in 2020, there’s no way of knowing what 2021 will bring.
“There is already conversation around 6G when we haven’t really understood 5G,” he said. “Wi-Fi 7 has entered dialogue when WiFi 6 hasn’t even been implemented. AI and ML haven’t truly been uncovered despite how much industry attention (and hype) they’ve been afforded over the years. Though we will see the same stuff we’ve always seen, there’s much that we won’t be able to anticipate. When there are plenty of challenges and unsolved issues today, we need to stop trying to see the future when we can’t even address the past.”
Hackers will continue to go for the low-hanging fruit, Hammond said. Password spraying and credential stuffing, whatever’s the easiest option, they will always take the path of least resistance.
“Though hackers and attack methods have grown more sophisticated, the fact remains that they work smarter, not harder,” he said. “There’s no need to break through the window when the front door is unlocked.”
Matt Tomlinson, Huntress’ director of channel partnerships, said clients will continue to push MSPs to refine their security practices. But this likely won’t occur without a few more breaches acting as a reality check to kick things into high gear.
“Traditionally, MSPs have relied on their collective internal IT knowledge to support their own IT staff,” he said. “But this is no longer enough. MSPs need to eradicate their ‘I’m too small to be a target’ mentality, and level up security by leaning on partner groups and establishing it as a top priority.”
MSPs and internal IT teams will band together to co-manage security as opposed to operating in silos, Tomlinson said. Security talent is dwindling. So organizations will continue to outsource to obtain services in areas where they are not as strong, while still leveraging the knowledge of their internal IT teams.
“I would also not be surprised if more organizations with remediation capabilities built in will continue augmenting these services to take themselves to the next level,” he said. “The bottom line is that no one can manage IT alone. And collaboration in this area will be a key factor in a company’s security success.”
Given COVID-19, it’s no surprise the health care industry has been a primary target for cybercriminals in 2020, said Ryan Weeks, Datto’s CISO.
“Between highly desired intellectual property and the opportunity for major payouts, the incentive to exploit even the smallest of health care institutions, let alone larger networks, will remain a top priority for malicious actors in 2021,” he said. “Specifically, ransomware will be the primary attack method because the consequences are higher for health care organisations that can’t risk down time due to the critical services they provide for patients.”
It will be critical for hospitals and other health care organizations to evaluate their IT and security budgets ahead of the new year, Weeks said. That will ensure they’re able to implement advanced security and data management tools that allow them to effectively back up and secure networks while enabling business continuity efforts in 2021.
There are two types of insider threats. There are malicious insiders who deliberately exploit the systems within an organization for monetary compensation. And there are colluding insiders who are potentially being forced to, or paid to, share information or execute illegal acts.
“I believe that in 2021, we will see an increase in insider threats, specifically the colluding insider, because it’s easier for employees to get away with suspicious activity,” Weeks said. “This is a pretty low risk for a large payout. We’re seeing a rise already in 2020, which is why I believe we’ll see more of it in 2021.”
Nicolas Fischbach, Forcepoint’s global CTO, said as we got used to remote working, many companies gave up on protecting the perimeter and trusted in basic networking and cloud services to protect “the branch office of one.”
“In 2021, the consequences of these actions will come to light and we will start to realize exactly how much intellectual property was stolen by attackers and malicious insiders during 2020,” he said.
Bill Harrod, Ivanti’s federal CTO, said his company predicted passwords would be eradicated by 2025.
“Little did we know COVID-19 would come in and kill them four years sooner,” he said. “Alongside this, one challenge we will see in 2021 is people figuring out how to go from relying on passwords for authentication to not just second-factor, but to totally removing that additional friction that passwords create for the enterprise.”
The United States is still not ready to introduce mobile voting technologies, Harrod said. Between concerns regarding testing, scalability, privacy, secrecy, transparency and trust — all of which came to light in 2020 — mobile voting isn’t ready yet for prime time.
“Before we can rely on mobile voting, we need to be able to trust and verify that the user, their identity and their device are all validated and in compliance with security policies,” he said. “We’ll get there eventually, but there’s more work to be done. And this will be a big focus to begin in 2021, especially since, not despite, there not being a major election.”
Managing security for a distributed workforce will be top of the agenda for organizations next year, said Christina Walker, global director of channel sales and programs at Blancco. This will be even more important for those in highly regulated industries like finance, health care and life sciences.
“Months after employees left the office due to the pandemic, many are still working at home and will continue to do so well into the future,” she said. “While this poses some big challenges for organizations trying to manage data security remotely, it opens up many doors for MSSPs that traditionally focused on providing front-end encryption, VPNs and various endpoint security solutions and services to centralized IT departments.”
MSSPs are in a position to provide vital support to IT departments struggling to maintain best practices across a highly distributed workforce. They can bolster revenues by equipping customers with preconfigured assets embedded with the front-end security solutions needed to protect corporate data and mitigate the potential for breaches.
Greg Martin, general manager of Sumo Logic’s security business unit, said digital privacy for employees and customers increasingly isbecoming more important every year. And COVID-19 has accelerated this need.
“My prediction is that most large enterprise organizations will make the investment in hiring a dedicated privacy officer, if they haven’t already, in the next 12-24 months to define, monitor and enforce privacy protections for both their employee and customer bases,” he said.
The corners of the security market that will see the most consolidation are security orchestration and response (SOAR) and user and entity behavior analytics (UEBA), Martin said. UEBA solutions are being consumed or replaced by cloud security information and event management (SIEM) offerings.
“There will also be continued consolidation in the cloud access security broker (CASB) and secure internet gateway (SIG) solutions for tighter restrictions around VPN and cloud DLP for WFH users,” he said.
The corners of the security market that will see the most consolidation are security orchestration and response (SOAR) and user and entity behavior analytics (UEBA), Martin said. UEBA solutions are being consumed or replaced by cloud security information and event management (SIEM) offerings.
“There will also be continued consolidation in the cloud access security broker (CASB) and secure internet gateway (SIG) solutions for tighter restrictions around VPN and cloud DLP for WFH users,” he said.
Cybersecurity predictions for 2021 include more uncertainty, increasing cyberattacks, mounting pressure on MSPs and more.
When it comes to cybersecurity, this year was unlike any previous year. Cybercriminals pounced on the vulnerability created by the COVID-19 pandemic. Cyber threats became more targeted and sophisticated. And MSPs were heavily targeted as a gateway to their clients.
So what’s in store for 2021?
Margaret Cunningham is principal research scientist for human behavior at Forcepoint. She said 2021 will uncover the security impacts of people doing people things. Those are the normal, yet risky behaviors “we all undertake.”
Forcepoint’s Margaret Cunningham
“Whether it is creating multiple workarounds and shortcuts to accomplish goals, stockpiling data, making human errors or experiencing decreased risk perceptions, everything has an impact,” she said.
Companies need to better understand how their people adapt to, respond to and inform their environments, Cunningham said. Furthermore, they need to start implementing security practices and tools that work with humans rather than against them.
Stuart Schielack is director of channel sales at Secureworks.
Secureworks’ Stuart Schielack
“The COVID-19 pandemic has had a global impact on our lives and businesses,” he said. “As such, we’ve seen the need for the as-a-service model increase exponentially from both a consumer and business perspective. We expect we’ll see an influx of vendors leveraging MSPs to augment their solutions by adding services to scale in this subscription model era early in 2021 and throughout the new year”
Productivity, the right solution at the right time, and ease of use are paramount to businesses, Schielack said.
“The acquisition of new customers will see a dramatic change in 2021 because of the pandemic’s global effect on people and markets,” he said. “With the increased demand for cybersecurity solutions coupled with the limited ability to meet face to face to build relationships, vendors will lean on VARs more than ever to leverage existing relationships to get solutions to the market.”
Scroll through our slideshow above to see some cybersecurity predictions for next year.
About the Author(s)
You May Also Like