2020 was a very disruptive year. We saw a massive workforce shift to work-from-home/remote work. This shift moved most employees outside the protective firewalled security of their corporate networks. Those organizations that were actively pursuing digital transformation simply accelerated their plans. Those who had not, either started or simply put their heads in the sand.
2021 brings consequences for those who have not adjusted their cybersecurity policies and plans to match their new operations. Not only the regulatory pressures that emerged at the beginning of 2020, but now the likelihood of governmental pressures in the realms of:
- Responsible cybersecurity protections
- Personal liability for corporate leaders
The number has not been tallied yet, but we’ll likely end up seeing a several thousand percent increase in cyberattack activity. If you hear an organization reporting that cyberattack activity has gone down a little, beware – they’re just not seeing the attacks. They are actually up dramatically, and new techniques tend to defeat correlation, thus leading to systems reporting false reductions in attacks. Look for every organization that reported a reduction in attacks to be in the news as the latest victim of a breach.
Here are a few other predictions for 2021:
- Workforce re-shift. Remote workers will transition back to the office, but probably not until the summertime at least. Most businesses have figured out that they save a fortune by not having a big office building. This may translate to a surprisingly large number of them having no intention of bringing their workforces back to a single location. In turn, it would change the competitive landscape as companies trying to go back to pre-2020 operation modalities would be competing against organizations with dramatically lower costs of operation.
- Ransomware. Expect continued increases in ransomware attacks. Enhanced by insider threats, better attack techniques, and multi-stage cyberattacks. The bad guys are reverting to stealing corporate data to ensure they are paid the ransom they demand. The ransoms will increase, and the damages will get worse; very few organizations have in place what is necessary to protect themselves from ransomware. These threats continue to remain a world of opportunity for ransomware threat actors.
- Increasing cyberattacks. Most of the security industry and its lust for being “first” to report something unique will continue to fall for silly shiny objects given to them by the bad guys. For example, several entities are talking about crypto miners as a new technique. Crypto miners are a distraction put in place to keep cybersecurity teams away from the threat actor’s real intentions. If someone is making a scene in your lobby, watch carefully the other areas of your business; the distraction upfront is noisy upfront for a reason.
- Nation-states continue to drive hostile activity. As an old school hacker, the world of hacktivists is mostly gone. Either you are working for or with a nation-state or your skills are not worth acquiring. There really is not a middle ground anymore. Due to the differing needs of a nation-state versus any other type of threat actor, making judgements on what the bad guys are up to is outside the skill set of most cybersecurity professionals. They simply do not understand how nation-states behave.
- Budgets. Cybersecurity is a cost of doing business. If an organization does not invest in protecting their business, they will not be in business very long. Let us hope organizations will invest the money they are saving by not housing employees into better cybersecurity. Once they make the intelligent choice, let us hope they are working with cybersecurity professionals who actually know what they are talking about. The cybersecurity gene pool could use some chlorine. Charlatans need to be removed before they destroy more than they already have.
- 5G. Corporations don’t see that 5G impacts are coming. Not only do you have a massive fight going on among nation- states who see 5G as a great way to spy and steal secrets, but what happens when a single user has 100 times more horsepower to harm your organization. How long will it be before we see a resurgence of zombie botnets that collect 5G horsepower and wipe organizations off the Internet? How long will phone and cable companies last when consumers have a viable alternative for their Internet connectivity? New satellite providers also chip away at those Internet connectivity monopolies. I cannot wait to leverage something other than a cable/phone company for Internet access.
- Security of the “Cloud”. Organizations are finally getting in tune with the reality that cloud service providers sell convenience and not security. Convenience and security don’t work well together. Organizations must adapt their security operations to embraces the differences and put in place realistic security controls to protect their organizations from cyberattacks. Identity systems, data repositories, and event correlation will continue to change around hybrid operations and the unique challenges they bring.
- Health-related disruption. This year, we saw healthcare used as a form of a power grab for politicians, a way for governments to hinder their adversaries by destroying the populations and economies of their enemies, and a way to steal the private information of an adversary’s citizens. The healthcare sector will continue to be a frontline for cyberattack activity since it is the fastest way for countries to physically hurt each other. Biometrics and DNA data providers/aggregators will serve governments who are looking for ways to target their enemies’ populations with customized bioweapons; sadly, they are structurally impeded to implement the needed defenses, and the problem will get much worse and there will be continued loss of life.
- Tailored attacks will be the norm, not just an interesting phenomenon. “COVID-19” was the most common subject of phishing-based attacks for most of 2020, now it is turning to phrases like “recovery,” as well as “open job opportunities”. Threat actors are very good at spotting trends as they emerge. They will soon get tired of older mass methods and concentrate all their energy on tailored attacks.
- Government aggregated data repositories will continue to be compromised. The data governments are aggregating to track and mitigate illness is too valuable for threat actors not to steal. Soon the data collected to “protect” you may be used to harm you. We know governments cannot defend against cyber threats and we know governments would never destroy the data before it is too late. Privacy mandates are for corporations, not the elites of government.
- Innovation. New technologies and business models will emerge from stealth mode. This will bring plenty of disruption to businesses trying to recover. I am excited to see what new things emerge.
- Governments will still not be prepared. Cybersecurity moves too fast. Governments, military, and politicians will never keep up. If you want to experience how these dynamics work, try delaying your answers to other people’s questions for 2 minutes. You will find that everything you say seems wildly irrelevant. You have now channeled your government’s ability to operate. Now add in greedy and recklessly focused special interest groups and you will have successfully channeled your government. They are simply too distracted to implement or make consistent changes that would make a real difference.
- Threat intelligence will move from “nice to have” to “need to have.” The quality of threat intelligence is essential. However, cybersecurity organizations will not be able to effectively keep up without collaborative threat intelligence. Most ISACs and ISAOs are adapting their systems/practices to work towards a collaborative threat intelligence model. Let’s hope they get there soon. In the meantime, Stratozen offers a curated threat intelligence feed, and Tech Data offers ISAO Threat Feed with a fully customized threat intelligence feed defined and managed by each member of the collaboration. Collaborative threat intelligence allows your cybersecurity team to focus on the cyberattack signal rather than waste their time on attack noise.
- Automation, not AI. The orchestration will drive cybersecurity progress. The volume of cyberattacks makes humans versus computers a losing game. Only orchestration can empower to enable cybersecurity teams to keep up. Artificial Intelligence (AI) is still 15 to 20 years from meaningful capability in fending off cyberattacks.
As I read back through these predictions, they seem a bit dark and overwhelming. But with all of the challenges we will face in 2021, there is also a massive opportunity. Organizations who choose to take cybersecurity seriously, those willing to take concrete action, those who will approach the world with a clear focus will leap ahead of their competition. Profound results await. Luck favors the prepared. Tech Data can help ensure you are prepared.
Contact us for more information: firstname.lastname@example.org