Advertisement

Cybersecurity Threats and Opportunities to Expect in 2021

By on

Click to learn more about author Anurag Kahol.

2020 has been an extremely tumultuous year. From a cybersecurity perspective, multiple high-profile Twitter users’ accounts were hacked in a sophisticated Bitcoin scam, remote workers became the priority focus for threat actors amid COVID-19 stay-at-home orders, and California has a stringent data privacy proposition in the works that is likely to become a law. As we reflect on the events of 2020, we can expect several key trends to continue to develop that will shape the technology and cybersecurity space in the coming year, including remote work, constrained IT budgets, and increasingly impactful and sophisticated cyberattacks.

1. Remote Workers Will Be the Focus of Cybercriminals Through 2021

Cybercriminals will always follow users and launch attacks that exploit their behaviors and habits. We saw this very clearly in 2020 when employees suddenly became remote workers to comply with stay-at-home orders, and their use of technology and devices shifted. Cybercriminals took advantage of this disruption to launch phishing, vishing, ransomware, and a whole slew of other attacks that targeted gaps in companies’ security postures, as many were not prepared to support a remote workforce securely.

As one example, even prior to the pandemic, many companies (82 percent) enabled bring your own device (BYOD) for employees, partners, or other stakeholders. However, 72 percent lacked BYOD malware protection entirely or relied upon endpoint software installations. As the pandemic has further enabled BYOD, this lack of preparedness is potentially disastrous.

Thus far in 2020, a failure to figure out how to support remote work without exposing sensitive information has led tonearly 25 percent of organizations paying unexpected costs to address cybersecurity breaches and malware infections. If organizations don’t rethink their approaches to security, cybercrime will continue to evolve and exploit remote workers as the ideal entry points into corporate IT ecosystems.

2. Legacy Security Architecture Like VPNs Will Be the Weak Link for Many Organizations

To quickly ramp up remote operations and comply with stay-at-home orders, many organizations looked to legacy security architectures like VPNs as a silver bullet solution for remote work. However, this is not a sufficient long-term solution, as VPNs introduce latency, hamper productivity, can be difficult to scale, and can grant employees excessive access to internal resources.

VPNs also represent significant liabilities, as cybercriminals can easily exploit unpatched VPNs with ransomware. Even a “perfect” VPN setup and deployment is vulnerable to attack. For example, looking back at the July Twitter hack,attackers were able to use stolen employee VPN credentials to access high-profile users’ accounts to promote a Bitcoin scam without having their identities authenticated. With 400 million businesses and consumers using VPNs across the globe (according to GlobalWebIndex), it’s likely that we will continue to see VPNs targeted by cybercriminals in successful attacks.

Fortunately, there is hope for the future: 34 percent of IT security teams across the globe have shared that they are in the process of implementing a zero-trust security model that can ease many of the challenges presented by a traditional network approach. Additionally,60 percent of enterprises will be phased out of VPNs in favor of zero-trust network access by 2023. With a zero-trust implementation, users have access to only the smallest set of permissions necessary to perform their work duties. This trend toward zero-trust network access is likely to accelerate in 2021, as organizations realize the gaps that legacy architectures like VPNs pose to their security postures. 

3. To Cope with Reduced Budgets, CIOs Will Seek Convergence Across Security Solutions

After years of accelerating, IT spending decreased nearly 10 percent in 2020. This trend is expected to continue in 2021, as Forrester predicts that U.S. tech investments will fall another 1.5 percent – a $135 billion drop from 2019’s peak. This comes as no surprise, given the fact that theU.S. economic deficit grew from $779 billion at the end of 2018 to $2.8 trillion as of July 2020.

Despite budget-related adversity, CIOs must still close the digital transformation gap within their organizations. As such, convergence and simplicity will be key. CIOs will turn to technologies that integrate multiple services into one platform to recognize larger cost savings. For example, secure access service edge (SASE) platforms will have a major impact in 2021, as they will replace a number of disjointed point products and extend consistent protections to all enterprise IT resources through a single control point. In this way, CIOs will recognize massive cost savings and IT teams will enjoy consolidated ease of management that will save them significant sums of time.

4. The Impact of Breaches in the Health Care Sector May Be Deadly

The health care sector stepped up in a heroic fashion to help combat the spread of COVID-19 through increased testing, treatment, and vaccine R&D efforts. However, the pandemic created historic financial pressures for health care organizations; for example, revenue issues stemming from individuals cancelling services and avoiding going to the doctor unless it’s absolutely necessary. Additionally, support costs are incurred by hospitals assisting front-line workers, while the costs associated with purchasing needed equipment and supplies are quite high as well. Overall,COVID-19 hospitalizations cost U.S. hospitals and other health care organizations close to $40 billion from March to June 2020.

Amidst these challenges, cybercriminals are still targeting hospitals and health care providers –– particularly with ransomware attacks that can disrupt their ability to provide care to patients.

For example, earlier in 2020, a patient was unable to receive life-saving treatment after hackers disabled Düsseldorf University Hospital’s computer systems with ransomware, ultimately costing the patient her life. Knowing that cyberattacks can have fatal consequences and that many health care organizations may not have adequate cybersecurity controls in place, attackers are in a prime position to exfiltrate PHI or get health care organizations to pay a ransom. As such, health care institutions are going to be tasked with the physical and electronic well-being of patients, and attackers will continue to target them as they face financial pressures.

5. Financial Organizations Beware: More Attacks Are Coming

Financial services organizations and other firms that are responsible for the security of consumer financial data must remain vigilant in their cybersecurity efforts throughout 2021. The high value of financial data, including Social Security numbers, banking details, and more, makes it a lucrative target for cybercriminals.

It’s true that financial services firms are not breached as frequently as those in other industries like health care. However, when financial firms are breached, these incidents tend to be much larger and more detrimental than those experienced by companies in other industries. For example, even though 7 percent of breaches in 2019 occurred at financial services companies, 62 percent of all records leaked in that same year were from financial organizations.

With the projected rise of new technologies – like 5G – throughout the new year, the sophistication of cybercriminals’ attacks will likely be enhanced. Consequently, it is imperative that financial organizations (and all companies in heavily regulated industries) take a proactive approach to data protection.

6. COVID-19 Will Continue to Force Organizations to Accelerate Digital Transformation Efforts

It’s difficult to reflect on the year 2020 and identify highlights or “good news.” However, if we look at the year from a technological point of view, we can discern a silver lining. Specifically, there were rapid digital transformation efforts across industries as organizations strove to comply with stay-at-home orders.

Digital transformation has been an ongoing objective for countless organizations since the early 2010s. If stay-at-home orders were never enforced due to COVID-19, it’s possible that digital transformation still would have been on many organizations’ to-do lists throughout the next decade. However, 2020 has accelerated 5G to keep remote workers connected, seen organizations expand their use of AI and ML-powered analytics to grow their businesses, and increase cloud adoption to enable businesses to achieve simplified innovation, faster time-to-market, easier scalability, and more.

Remote work and other technological advantages spurred by stay-at-home orders will long outlast the pandemic, granting organizations more flexibility, cost savings, and an overall edge in their business plans to conquer any other obstacles the future might bring them. While IT and security professionals have made some strides in securing these modern work environments, 2021 will also be filled with organizations around the world striving to secure themselves in a more complete, future-proof fashion.

7. The Adoption of New Technologies and Increase in Internet Users Means Most of the World’s Population Is at Great Risk of Data Exposure

History shows that attackers refine their methods to take advantage of global events and the adoption of new technologies. In fact, online crimes reported to the FBI’s Internet Crime Complaint Center (IC3) have nearly quadrupled since the beginning of the COVID-19 pandemic. This comes as no surprise, as there were close to 4.6 billion active internet users as of July 2020, which represents 59 percent of the world’s population. The number of internet users will continue to increase in the coming year, and 84 percent of organizations will continue to support remote work even after stay-at-home orders are lifted. Combining these trends with the rapid development and adoption of technologies like 5G (which enables malicious actors to execute attacks and move data much more quickly) suggests that we will see an increase in the number of people around the world who are impacted by data breaches.

However, this shouldn’t prevent organizations from implementing new technologies or continuing remote work. With the right security strategies and solutions, organizations can benefit from new technologies and support their remote workforce without exposing themselves to additional risk.

Despite these challenges, enterprises will also be presented with plenty of opportunities to adapt and thrive in 2021. One of the most important changes companies can make is ensuring success and security in a continued remote world. This includes implementing cost-effective security solutions that can protect data in the cloud or on-premises from any device or location, block threats, and enable efficient business operations. As a result of enhanced security and eliminating interruptions to business operations, enterprises will save time and money while enabling their workforce to achieve long-term success.

Leave a Reply