Throughout 2020 cybercriminals have pivoted their attacks to capitalise on coronavirus chaos and a mass shift to remote working. Nation states have targeted Covid-19 vaccine research organisations, while Russia’s involvement is suspected in the SolarWinds hack that left some 18,000 companies vulnerable. With organisations set to continue remote working for much of next year, and geopolitical tensions continuing to bubble, what does the next 12 months have in store for the cybersecurity industry?
Verdict spoke to seven industry experts to hear their 2021 cybersecurity predictions.
A hacker will bring down a WFH CEO
“Homeworking is set to stay in 2021, as companies look to strike a better work-life balance for their busiest employees – and even stressed out CEOs will jump at the chance to continue working from their garden or living room. As a result, with more people working from home, expect to see an increase in smart devices as everyone aims to make their lives more convenient.
“However, this could open the door, with smart homes set to become the new battlefield for cyber-criminals. Unbeknownst to senior business leaders, the adoption of connected devices like baby monitors and security cameras could be opening the door for hackers to listen in on their confidential work conversations.
“Whether it’s discussing sales figures, business strategy or product development, including details of the company’s IP, this information could be valuable if it falls into the wrong hands and is sold to rivals. As such, 2021 could see a CEO forced to resign due to a breach of a personal connected device that unveiled company secrets.”
Chris Harris, EMEA technical director, Thales
The emergence of the ‘Zoom of cybersecurity’
“With the move to mass remote working and accelerated digital transformation in 2020, cybersecurity has moved up the food chain. Cybersecurity is now a business differentiator, and it needs a category disruptor.
“The need for a converged, digital, cloud-delivered platform means we’ll see the emergence of the ‘Zoom of security’ – a high-tech system that ‘just works’ and is easily accessible for the everyday consumer.
“Any serious category disruptor must be more deeply integrated into the public cloud ecosystem. Cloud must become part of cybersecurity’s DNA, in a way that it isn’t today. Currently, developers are using security as a tool, but having to shoehorn in applications and functions not necessarily designed as cloud-native.
“Security will move to the left for the developer and will become easily deployable and fully integrated. This integration will result in security becoming so engrained in applications and platforms that people will no longer realise they are being “secured”.
Nico Popp, chief product officer, Forescout
BEC growth will slow but it will still be dominant
“Already a massive issue, business email compromise (BEC) will get even worse. Costing billions of dollars each year, BEC fraud is responsible for the majority of cyber-insurance claims and has a very low barrier to entry, so it will remain a draw for threat actors. As a result, attackers will likely work to increase their ‘earning potential’ and success rate by taking the additional step of compromising a user account and pretending to be a legitimate user.
“The FBI already chalks up a majority of cybercrime losses to BEC, and as BEC actors broaden their toolsets to compromise cloud accounts and organisations’ suppliers and vendors, stopping them will continue to be challenging.”
Ryan Kalember & Andrew Rose, Proofpoint
VC funding for European cybersecurity firms will increase
“In 2020, the European Commission reiterated its focus on European digital sovereignty for the years ahead. This presents an opportunity for European-based cybersecurity businesses, as US investors move to secure a foothold in a growing European market. European tech companies have already seen an increase in the level of investment they receive from US firms in recent years, and we expect trend to increase in 2021.
“Investors will look to opportunities in cybersecurity in particular, with Forrester recently stating they expect a 20% increase in investment for non-US headquartered cybersecurity companies in 2021, over a 2019 baseline. VC funding for European cybersecurity firms has previously trailed behind that secured by firms in the US, but we expect this gap to narrow, as VC firms recognise the opportunity in Europe. Much of this will be focused the UK in particular, which remains at the forefront of innovation and, despite the impact of Brexit, will see a boost as investors continue to pursue the UK’s thriving cybersecurity scene.”
Tony Pepper, CEO, Egress
Supply chain attacks will become more common
“Threat actors will focus more on supply chain attacks rather than go directly after bigger targets. Similar to recent “Cold chain” attacks on organisations that provide transportation for the Coronavirus vaccine or attacks on regulators that handle Coronavirus vaccine documentation, supply chain attacks will become more popular throughout 2021. Either for political or economic reasons, supply chain attacks will likely affect even industry verticals that have rarely been hit in the past, such as real-estate or healthcare.
“Targeted attacks on mission-critical industry verticals will rise. Threat actors will increasingly target research, pharma and healthcare in 2021. While ransomware-as-a-service operators will remain the main adversaries, industrial espionage groups will likely join the hunt.”
Liviu Arsene, global cybersecurity researcher, Bitdefender
Increased adoption of passwordless authentication
“Organisations are starting to understand the benefits of a passwordless login experience – as it encourages higher security and employee productivity, while also freeing up resources for IT. While passwords aren’t going away completely anytime soon, our recent report found that 92% of IT professionals believe that passwordless authentication is in their organisation’s future. Additionally, the report found that most IT and security leaders understand the importance of reducing the number of passwords used daily.
“In 2021, organisations will continue to make strides towards passwordless authentication deployment by implementing IAM solutions such as an enterprise password manager, SSO and biometric authentication that complement regular passwords. These technologies will ultimately streamline and simplify the login experience for end users, while providing better control and visibility for IT teams.”
Gerald Beuchelt, CISO, LogMeIn