2020 was a significant year for all people worldwide with the outbreak of the COVID – 19 pandemic. It was a year in which all aspects of our lives were drastically affected, exposing our collective fragility and increasing feelings of fear and uncertainty.
The arrival of COVID-19 forced people’s lives to move online, both at work and in person, and digital transformation accelerated. Technology helped to maintain social and emotional well-being and helped many organisations stay afloat. However, this new reality has also led to an increase in the number of cyber-attacks.
As cyber-attacks increase and new cybersecurity trends continue to emerge, organisations must take a proactive IT security stance to keep their operations safe. They must become more agile, flexible, and collaborative as they strive to protect their critical assets and infrastructure. They need to increase their digital security initiatives, change strategies, and educate employees about cybersecurity to deal with this increase in cyber-threats.
The year came with an optimistic outlook considering the current strides in developing vaccines for COVID -19. As businesses seek to transition to a new normal in 2021, we will examine some of the projections and expectations in the cybersecurity landscape and what will underpin organisations’ cybersecurity priorities in 2021.
1. There will be Increased Demand for Remote Working security
As organisations embrace Remote and Smart working, remote access to corporate environments brings quite significant constraints for enterprises to protect and ensure secure access to their networks.
There is an urgent need for organisations to reimagine their cybersecurity approaches and evolve countermeasures of protecting teleworkers in the emerging future of work.
In 2021, there will be increased adoption of remote and Smart working models, and organisations must proactively embrace the zero-trust architecture to combat remote working threats.
2. Multi-Factor Authentication (MFA) will be critical
Nowadays, there are daily occurrences of authentication attacks and cybercriminals have perfected measures of using stolen usernames and passwords on underground forums to compromise organisations, using password spraying and credential stuffing attacks.
Over time, cybercriminals have perpetuated the act of syphoning billions of credentials from breached interactions and systems across the dark web and underground forums.
These databases, paired with the ease of automating authentication attacks, means no Internet-exposed service is safe from cyber intrusion if it is not using multi-factor authentication (MFA).
MFAs will be mandated as authentication requirements by regulators in many countries in 2021 and will be used to enforce and maintain security levels.
Organisations should, therefore, make adequate preparations for implementing different variants of MFAs to cope with emerging trends and challenges.
3. The challenges around cloud security will increase
Even though organisations were gradually migrating to cloud before 2020, the advent of the COVID – 19 pandemic accelerated cloud adoption and empowered remote working and online collaboration.
This rapid migration and cloud adoption opened up new security threats and vulnerabilities across different computing systems, even though the traditional cloud technology was premised around functionality and convenience and not security. Cybercriminals exploit these gaps to perpetuate all kinds of havoc, including espionage and cross country cyber attacks.
To protect their information assets, organisations will have to focus efforts on improving cloud security initiatives. Prevention and detection strategies will be crucial for all organisations, large or small, to protect themselves against these threats. Expanding the use of the cloud will require organisations to improve the visibility of their cloud presence, assets, and vendor relationships to manage risks.
4. The Adoption of Technology-driven Security Tools will be rapid
Today’s most effective cybersecurity measures centre around insight and response. The mechanism for providing spontaneous response and data-driven insights rests on technology. These technologies, including automated security tools and advanced machine learning technologies, support decision making and provide alerts on risky thresholds in tackling threats and vulnerabilities.
In 2021 the use of these technology-driven security tools will be at the centre of cybersecurity implementation.
With growing data privacy awareness and the adoption of the GDPR globally come greater scrutiny from clients and consumers, who demand their sensitive information be kept safe. Legacy technologies built on static rules can simply not stand up to this pressure, and we are instead going to see even greater adoption of intelligent security technologies that use contextual machine learning to keep data safe.
Organisations will need to make conscious efforts to create security strategies and implement the same with intelligent technology-driven security tools and advanced machine learning technologies.
5. There will be an increase in Ransomware attacks
COVID-19 brought some social challenges, including latent economic exposures across the globe. Individuals who hitherto were dedicated to specific employment relinquished these jobs or earned less than required. Of course, this increased the number of cybercriminals who attack databases and block user accesses to demand ransoms before providing access to legitimate users. These ransomware attackers will be targeting corporate entities, holding the company’s databases in exchange for crypto-currency or other forms of financial compensation.
The greatest challenge with ransomware attacks is the reputational dent on the organisation and the transit data accumulated by the attackers. Even when the accesses are restored, the attackers can still use the retained data to blackmail the organisation, make financial demands and publicly expose the organisation.
Ransomware is becoming more technically advanced and sophisticated. In 2021, ransomware attacks will be the most rampant attack across organisations. Several entities will be targeted and compromised.
Organisations, therefore, must prepare for ransomware prevention and recovery. Networks should be segmented, and components hardened. Disaster recovery, business continuity, and data recovery plans should be in place and tested periodically.
6. New forms of 5G vulnerabilities will emerge
5G technology will be one of the greatest drivers and revolutions of this decade, enabling the fastest and broadest connectivity for humanity. As the 5G technology adoption set in as the standard form of cloud-based data transfer and communication, more vulnerabilities, compromises, and new cybersecurity threats will also emerge.
In 2021, the 5G broadband will provide cybercriminals and hackers with the capability to inject data packets across networks using high-speed data transfers and conduct corporate espionage with limited interference without these companies knowing.
Organisations will need to prepare specially for the 5G technology adoption and provide higher security scrutiny and monitoring levels. Training and awareness will be supreme in this crusade to provide the capacity and know-how within the organisation.
7. The number of Advanced Persistent Threats (APT) groups will continue to grow
There have been increased hackers and cybercriminals’ activities across the clear, deep, and dark web using Advanced Persistence Threat (APT), with new groups emerging every day. The dark web, for instance, allows cybercriminals and hackers to have access to sensitive information and corporate networks, transact on stolen credit cards, etc. More actors are joining the foray, and these groups are continuously growing across different sectors and interests.
This year, organisations will increase their digitalisation processes using social media, web sites, mobile phones, and cloud. It is important that they keep tight control over their digital footprint and keep track of it in real-time and control all activities within the outlying borders of their extended organisation.
8. Smart Phones and Mobile devices will be a target in 2021
The proliferation of mobile connectivities across many networks in itself is a major cybersecurity challenge. Such mobile devices are being used directly to connect to corporate networks even in this remote working era. The attention in 2021 will be on mobile device attacks. The presence of advanced spyware and vulnerabilities in many mobile software applications will give cybercriminals access to valuable data.
Organisations should create comprehensive cybersecurity programmes to include accurate inventory to protect their information assets, including non-traditional assets such as BYOD, IoT, mobile and cloud services.
9. Organisations will pay more attention to Cybersecurity
With the expansion of remote working and increased digital transformation adoption triggered by the COVID-19 pandemic, executive management has seen the reality of cyber risks and the implications to business continuity. This has elevated cybersecurity conversation to a board room agenda, and most organisations are giving adequate consideration to information security as a strategic component of the business strategy.
In 2021, many organisations will be very deliberate in managing cybersecurity, including appointing the Chief Information Security Officer (CISO) as a C-suite within the executive management.
10. Cybersecurity Automation will increase
Cybercriminals have devised several ways of stealing and accessing corporate databases and networks, and these techniques are being improved daily. Cybersecurity automation simplifies organisations’ response in providing a faster response and efficient containment mechanism.
With the growth in the number of cyber-attacks and the increasing accuracy of cybercriminals in gaining access to systems, cybersecurity automation is a safe solution to prevent cyber-attacks and data breaches.
In 2021, the focus of cybersecurity automation will include automation of threat correlation, automated enforcement of MFA on ANY resource, authentication sequence, vulnerability scanning, Penetration Tests, security patch management, traffic logs, etc.
In 2021, organisations will scramble to deal with the far-reaching effects while striving to stay secure as online dependency grows. These suggestions and recommendations are not only plausible but should also be anticipated. We looked into the drivers of cybersecurity’s near future and how organisations will have to adapt as threats and technologies exert their influence. It is pertinent that organisations and decision-makers frame a proper and strategic response that can withstand change and disruption.
Organisations need to be proactive in managing cybersecurity initiatives, including beefing up cybersecurity programs, implementing cybersecurity systems, managing vulnerabilities and risks, testing incidence response and business continuity plans.
Jason Ikegwu, PCI-QSA