Towards the end of 2020, a Digicert team headed up by Dean Coclin, Senior Director of Business Development and Avesta Hojjati, Head of R&D gathered to debate the direction that the cyber security market might take in 2021. The following is a summary of the resulting predictions.
1. Social engineered attacks will get more complex
According to Verizon’s Data Breach Investigations Report for 2020, social engineering is a top attack vector for hackers, and the team expects threat actors to leverage current events to unprecedented levels. Various factors should be considered.
Unemployment fraud: With unemployment fraud at an all-time high, an even larger increase in 2021 could be expected, as pandemic-focused unemployment programmes from governments have lowered the barriers to collecting benefits, and security methods have not been able to keep up. The team suggests that if we see additional stimulus funding from governments to provide relief for the effects of the pandemic, this will only make this a richer channel for fraudsters.
Covid-19: Digicert believes that free Covid-19 tests will be leveraged heavily by threat actors in the New Year. Scammers will utilise social engineering to dupe users into providing a mailing address, phone number and credit card number with a promise to charge 25 cents to verify their information and qualify for a free Covid-19 testing offer.
More COVID: Additionally, they anticipate the offer of fake, “government-approved” cutting edge technologies to fight Covid and take the temperature of those in proximity will trick users into downloading malicious apps on their smart devices that can be leveraged for nefarious activities by threat actors.
2. The “New Normal” will be under attack
The predictions suggest that individuals and businesses alike will adjust to a new normal sometime in 2021, and that this new normal will result in an increase of travel, a reduction in unemployment, and a transition for workers to return to the office, leading to threat actors’ attacks in various areas:
Back to the office: As workers return to the office, there will be a steady crescendo of applications offered by threat actors with the promise of increased productivity tools to ease the transition to the office. Tools such as apps that provide ambient sounds will be leveraged in these attacks. Expect new attack vectors to emerge not only for social engineering, but also attacks targeting common home devices that are used at home for workers splitting time working at home and the office that can be used to compromise an individual and allow for lateral movement into a business. Workers splitting time between the home and the office will only exasperate this transition period, causing confusion and an increase in security risk for business.
Data breach news: It is also anticipated that news of data breaches will increase in 2021 as the public learns of exploits on companies that haven’t done a good job securing their remote workforce.
3. 2021 will bring increased focus on automation and efficiency solutions in the security market
As organisations work to keep the lights on and scrutinise the bottom line, the team suggests that there will be a resulting push for efficiency in security technologies.
Security teams will be asked to do more with even fewer resources. 2021 will bring an emphasis on technologies that allow organisations to do more with less, and automation will play a significant role in terms of security innovation in the New Year. According to a 2020 SANS Automation and Integration Survey, 12% of respondents had no security automation in 2019. In 2020, that dropped to 5%. Digicert predicts the level of automation in 2021 will increase exponentially.
A consolidation of security vendors will take place in 2021 as businesses look to reduce the number of vendors within their environments. Trusted vendors with leading global technology and local resources where their customers live will be valued, as will be their emphasis on automation of security tasks.
As security investments focus on immediate value, the team at Digicert predicts that Quantum Computing will continue to move forward. We will see the effect of Moore’s law on Quantum Computing. As Quantum Computing allows for tasks to be more efficient, organisations will prioritise its continued development. Improvements and efficiency are recession-resistant.
4. Staying safe online: Finally the team concludes that identity and consumer accountability of their permissions and controls over their data will lead to a new interest in how to stay safe online and with connected devices. Concerns over contact tracing and other government invasions of personal privacy could lead to a new desire by the public for ways to identify organisations with which they connect online and for better assurances of the security of the connected devices in their everyday lives, including connected cars, homes, buildings, websites, emails, etc.