Cybersecurity Predictions Roundup 2021

Lessons learned from 2020 are aplenty but the most important one is that it taught us to keep anticipating changes (and be as prepared as we can). So, what's next? Remote working and other impacts fueled from the global COVID-19 pandemic continue to influence many of the top cybersecurity predictions and trends for 2021. Here is a roundup of cybersecurity predictions and trends for the New Year.

#1 The Rise of Insider Threat

According to Forrester, 33% of databreaches will be caused by insider incidents, up from 25% last year. In 2021, CISOs will want to monitor three major factors that will produce an uptick in insider threats: 1) the rapid push of users, including some outside of companies’ typical security controls, to remote work as a result of the COVID-19 pandemic; 2) employees’ job insecurity; and 3) the increased ease of moving stolen company data.

In a separate report, Forcepoint emphasizes that insider threat is more than disgruntled employees. Employees are now scattered around the world and hired remotely, giving chance for bad actors to become trusted employees.

Source: https://go.forrester.com/wp-content/uploads/2020/10/Forrester_Predictions_2021.pdf

https://www.forcepoint.com/blog/x-labs/rise-insider-threat-as-a-service

#2 5G Can Enable Advanced Swarm-Attacks

In Fortinet’s Cyber Threat Predictions for 2021, compromising and leveraging new 5G-enabled devices will open up opportunities for more advanced threats. There is progress being made by cybercriminals toward developing and deploying swarm-based attacks. These attacks leverage hijacked devices divided into subgroups, each with specialized skills. They target networks or devices as an integrated system and share intelligence in real time to refine their attack as it is happening. Swarm technologies require large amounts of processing power to enable individual swarmbots and to efficiently share information in a bot swarm. This enables them to rapidly discover, share, and correlate vulnerabilities, and then shift their attack methods to better exploit what they discover.

https://www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/02_Collateral/WhitePaper/wp-cyber-threat-predictions-for-2021.pdf

#3 Passwordless Authentication, Cloud Workload Protection Platform and Cloud Security Posture Management

Passwordless Authentication, Cloud Workload Protection Platform and Cloud Security Posture Management are predicted to be among the most influential technologies in cybersecurity within the next three years, according to Gartner’s Impact Radar for Security framework which compares how influential a given cybersecurity technology will be within a specific time horizon or range.

https://blogs.gartner.com/swati-rakheja/2020/10/27/announcing-gartners-new-impact-radar-for-security/

#4 Exposed APIs will be the next favoured attack vector for enterprise breachesTrend micro security predictions for 2021

As APIs become more prominent in the enterprise space, so will their attack surface. APIs will become a preferred target as they also act as conduits for third-party integration. APIs, while already ubiquitous, have security that is still nascent. Some recent cases have reported gaining access to users’ personal information and finding exposed source code and access to backend services. Traditional defense mechanisms involving Captchas, JavaScript, or mobile SDK instrumentation cannot be effectively used to prevent an automated attack, which means APIs are only partially protected, if at all. In the report, Trend Micro recommends configuring access control and authentication mechanisms with a defense-indepth approach and regularly monitoring access logs.

Source: https://www.trendmicro.com/en_ca/research/20/l/takeaways-from-trend-micro-2021-security-predictions.html

#5 Supply chain attacks mean that the bad guys won’t just hack your organization.They’ll hack your stuff

https://www.splunk.com/pdfs/ebooks/splunk-security-predictions-2021.pdf

Threat actors will be taking advantage of technology in consumer products as workers continue to work from home. As such, any new technologies that are being developed should be questioned on security and its supply chain. Companies must get a clear understanding of its vendor supply chain by performing due diligence and educating employees as they stock their home offices.

#6 Target on Remote Learning

Schools and universities have pivoted to large-scale use of e-learning platforms, so perhaps it’s no surprise that the sector experienced a 30% increase in weekly cyber-attacks during the month of August, in the run up to the start of new semesters. Attacks will continue to disrupt remote learning activities over the coming year.

https://blog.checkpoint.com/2020/09/15/not-for-higher-education-cybercriminals-target-academic-research-institutions-across-the-world/

#7 Attackers Pinpoint Security Gaps in Legacy Endpoints - Watchguard cybersecurity predictions 2021

https://www.watchguard.com/wgrd-resource-center/cyber-security-predictions-2021#endpoints

Endpoints have become a high priority target for attackers amid the global pandemic. With more employees working at home without some of the network-based protections available through the corporate office, attackers will focus on vulnerabilities in personal computers, their software and operating systems. In 2021, we expect cyber criminals to seek out a significant security flaw in Windows 7 (many organizations chose to stick with Windows 7 and Server 2008 for as long as they could due to the fact that people rarely update) in hopes of exploiting legacy endpoints that users can’t easily patch at home. Black hat hackers know this and look for opportunities to take advantage. You can expect that we’ll see at least one major new Windows 7 vulnerability surface in 2021 as attackers continue to find and target flaws in these legacy endpoints.