2021 is poised to be a doozy of a year for cybercrime, with an estimated $6 trillion USD of damage this year alone. It’s hard to prepare for everything, but our team put together a list of the major cybersecurity risks and trends for 2021 to help get you started:
Ransomware will remain prevalent, but the evolution of attacks likely won’t change
The main goal of most cyber attacks is monetization and as long as attackers continue to successfully get businesses to pay to get their sensitive data or systems back online, threat actors will stay the course as the method is still very lucrative.
The prevalence of cyber insurance will increase
As cyber insurance increases, insurance companies will likely decrease coverage amounts and provide further stipulations on what or how much they cover as a result of ransomware attacks.
Zero Trust models will be adopted more prevalently
As companies rely more and more on a remote workforce, they’ll look at Zero Trust models that assume the perimeter has been breached and segment authentication and access to sensitive data accordingly. VPNs simply are not enough to ensure that your remote environment is connecting to the network safely.
A lot of the same cyber attacks that have impacted companies will continue
Cyber threats like social engineering attacks and ransomware will continue to be the main methods of attack. Known vulnerabilities are a huge reason for this. A majority of Patch Tuesday releases in the past year have reported 100+ vulnerabilities, which is an amount that’s impossible to maintain if patching teams are deploying updates through VPNs. This means attackers are likely to find a device at an organization that is exploitable through an unpatched, but patchable, vulnerability.
An increase in cyber attacks against remote work infrastructure
Companies have had to deploy new technologies organization-wide and within a short period of time to support remote workers. Knowing this, expect attackers to target things like VPNs and collaboration applications that are in high use.
Social engineering attacks will evolve
We’ve seen how phishing has changed over the years - from generic to personalized emails, to context-aware methods that are scarily realistic. Deepfakes could see a similar evolution where an attacker uses audio and video recordings to impersonate an important figure at an organization.
Cloud misconfigurations will be even more prevalent as cloud data increases
More and more technologies are going to cloud-based models, increasing the amount of cloud data companies have. With this, expect more leaks from cloud storage buckets from companies that overlook basic security configurations in the cloud.
Everything will revolve around remote workers, but the core target will remain the same
2021 will likely see malware and attacks focus heavily on remote workforces. These devices and users will often be outside the scope and perimeter of corporate security. However, many of these devices will continue to regularly access critical access and IP via a VPN. Adversaries will likely increase focus on these devices in an attempt to land and expand to other critical infrastructure.
Fortune 1000 companies will consider Zero Trust
Zero Trust approaches will become critical for securing IP and critical infrastructure and will likely become the de facto replacement for cumbersome VPN approaches. We predict that by the end of 2021, every company in the Fortune 1000 list will have evaluated Zero Trust for their organizations.
Adversaries will lean in on targeting more known exploits, considering the potential of at-risk and vulnerable remote devices
Adversaries will begin to more broadly attack remote workforces in 2021. This will lead to the utilization of more tried and true, or well known, vulnerabilities being targeted for exploitation, leading to less targeted attacks using bleeding-edge vulnerabilities due to the ease of using known exploits. Addressing vulnerabilities will be just as important as ever; however, tools like firewall rules will not be at the ready for remote devices, which means that patching endpoints becomes more important.
2021 will be the costliest year for cybersecurity for the next decade
In 2021, CISOs will likely see budgets strained by IT needs, especially for VPN, and spend less on cybersecurity as a consequence. Reduction in resources and revenue often coincides with cutting corners. Shadow IT will increase while investment in security decreases, leading to breaches from misconfigurations, missing patches, and poor cyber hygiene.
What risks and trends do you think we can expect from 2021?