For the past eight months, the global COVID-19 pandemic, along with the unprecedented shift to work-from-home for many employees, has altered the way both people and enterprises approach work and conduct business. And while many of these changes are likely to become permanent, issues such as cybersecurity continue to evolve as the threat landscape shifts.
In the rapid shift to work-from-home, many businesses rushed employees out of the office with cybersecurity as an afterthought. As the new, remote routine settled in, businesses began rethinking their strategies, recognizing that the attack surface had changed and that threat actors now had many more ways to infect networks to steal data.
At the same time, threat actors quickly adjusted to the new reality created by COVID-19, such as targeting vulnerable home networks. “The coronavirus pandemic did not revolutionize the threat landscape,” said Kacey Clark, a threat researcher at cybersecurity firm Digital Shadows. “However, it demonstrated that cybercriminals could quickly exploit any period of high uncertainty and public attention for their selfish interests.”
With 2021 fast approaching, cybersecurity experts and analysts note that cybersecurity will continue to evolve even as most of the world enters a post-COVID-19 era, with cybercriminals, threat actors and nation-state hackers ready to take advantage of whatever may happen next. This will keep CISOs, their security teams, as well as their counterparts in IT, trying to catch up and stay ahead.
For those looking ahead at what the next 12 months may bring, and to help better understand how security will change, here are five cybersecurity trends to watch in 2021.
The last eight months have shown that cybercriminals and sophisticated hacking groups will rapidly adopt their techniques and tactics to take advantage of current conditions. Over the course of 2020, phishing emails, for example, changed their subject-line lures from supposed COVID-19 updates, to realistic-looking alerts about work-from-home changes, to fake updates about how government stimulus programs would work. All this was done in attempt to get more victims to click.
With the hope that a handful of pharmaceutical companies can deliver a widespread vaccine by mid-2021, cybersecurity researchers believe that threat actors will take advantage of these rapid developments to initiate attacks such as phishing campaigns or spreading malware.
“Events like the Dubai Expo, the Tokyo Summer Olympics, and the UEFA Euro Cup are set to happen next year. It is highly likely that they will receive considerable attention from cybercriminals willing to capitalize on periods of heightened public awareness,” Clark recently told Dice. “People will likely turn to these events with a great lot of interest following a year that didn’t reserve much space for the entertainment industry. We’ve already discussed how cybercriminals target major sporting events, and criminals will likely try to exploit the public’s need for updates around these events to deploy offensive campaigns in the form of social engineering, identity theft and spoof websites.”
In its own predictions for 2021, consumer credit reporting agency Experian noted that, in the race for a COVID-19 vaccine, threat actors could use the next several months to disrupt vaccine supply chains, sow confusion and spur national competition—creating a new kind of pandemic cyber-threat.
Many cybersecurity analysts believe that ransomware, along with the extortion rackets run by cybercriminal gangs, will remain one of the biggest concerns for security teams in 2021.
By the end of 2020, ransomware attacks likely resulted in over $1 billion in financial damage globally, although that number is almost certainly higher since many of these cybersecurity incidents are not reported, according to a recent analysis by security firm Group-IB. Over the past 12 months, the operators behind these attacks also got better at infiltrating enterprise networks, including brute-force attacks on remote access interfaces such as Remote Desktop Protocol and VPNs, malware used to gain an initial foothold, and botnets to help spread the ransomware.
All this is likely to intensify in 2021, said Joseph Carson, chief security scientist and advisory CISO at security firm Thycotic.
“Over the next year, ransomware will continue to be the biggest threat and financial risk to enterprises. Most organizations should be very concerned about ransomware as the biggest cyber security challenge and threat,” Carson told Dice. “Ransomware is going to continue evolving with recently it is becoming not just a security incident but also a data breach, with organized cybercrime groups also stealing the data before they encrypt it, meaning that companies are not just worried about getting their data back but also who it gets shared with publicly.”
Ransomware, he added, “has proven to not be ethical in any way and will target anyone, any company and any government, including hospitals and transportation industries at a time when they are under extreme pressure.”
Cybersecurity Threats From the Inside
The more mobile and remote a workforce is, the more likely that an employee may cause an accidental breach by opening up a phishing email or giving away their credentials without thinking. At the same time, workers themselves might see ways to benefit from the wealth of data that they can now access without the same type of supervision.
Even before the pandemic hit, the 2020 Verizon Data Breach Investigations Report, published in May, found that insider threat cases now account for about 30 percent of breaches and other security incidents. That trend is likely to continue into 2021, said Steve Durbin, the managing director of the non-profit Information Security Forum.
“The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets,” Durbin told Dice. “Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2021.”
The move to cloud, the continued push for digital transformation projects in spite of the pandemic, and the need to secure data means that traditional, on-premises networks are increasingly being abandoned.
This also means that the perimeter around corporate networks will further recede, and organizations will adopt more zero-trust approaches to not only protecting data, but securing identities and looking to improve overall corporate cybersecurity, said Oliver Tavakoli, CTO at security firm Vectra.
“The next big thing in security that we will see over the next year is the inversion of the corporate network,” Tavakoli told Dice. “It used to be that everything truly important was kept on-premise and a small number of holes were poked into the protective fabric to allow outbound communications. 2021 is the year where deperimeterization of the network—which has been long predicted—finally happens and does so with a vengeance. The leading indicator for this is companies who are ditching Active Directory—an on-premise legacy architecture—and moving all their identities to Azure AD—a modern cloud-enabled technology.”
DevSecOps Has Its Moment
While the desire to blend cybersecurity practices into the development cycle has been a goal for years, Joseph Feiman, chief strategy officer at WhiteHat Security, believes 2021 will be the year that DevSecOps has its moment.
Over the past year, Feiman noted, DevOps has benefited from several trends, including co-development in global communities—Postman, GitHub—platform agnosticism, serverless computing, infrastructure-as-a-code and end-to-end workspace with a unified experience across the entire software lifecycle.
And 2021 is now the time to fully integrate cybersecurity into the full DevOps lifecycle.
“In 2021, DevSecOps will be the secret to organizational success in a post-COVID world,” Feiman said. “A critical step toward DevSecOps has been taken by DevOps itself, which started offering its own application security technologies. Application security vendors, as well as open-source security communities, have started addressing this emerged opportunity, as well. They have begun integrating their existing technologies in the unified DevOps, thus serving it with intermediate solutions. At the same time, those security vendors and communities are now rapidly developing native solutions for the emerged DevOps.”