Cybersecurity has been becoming more in demand than ever before for many organizations. Unfortunately, even the largest of companies are not immune to a major cyberattack. There are even organizations that had encountered breaches/lapses within their security due to the fact that they were unable to achieve the proper solutions for being connected while maintaining sensitive data in the early days of remote work (as a result of the recent COVID-19 pandemic). As the year continued, the anticipation of being able to go back to the normal office operations seems like it is unlikely. There are many companies that are investing in making permanent transitions to complete remote/at-home and hybrid structures.
At the same time, data privacy has been a rising topic, especially with new laws being established. As of 2020 this year, California pushed a new law forward that pushed for greater data privacy with Proposition 24, which also is known as the California Privacy Rights and Enforcement Act of 2020. Proposition 24 is established to make it challenging for a large corporation, specifically Facebook and Google, to make use of user data by giving the given user an option to whether or not they would like to have their personal data disclosed. There have been various other legislations that have passed worldwide, such as GDPR (Europe), that reveal that, as a society, people are pushing for the prioritization of strict data privacy policies and guidelines. As companies continue to figure out solutions to profit around the privacy laws and potential cybersecurity threats, here are some (and not limited to) of the possible predictions and topics to consider for the upcoming year.
Growth of cyber breach costs will surpass the growth of the global economy
Due to the recent pandemic, the United States of America took a massive hit, leading into a recession as of February. In the year of 2021, the global economy will slow down to single-digit growth, while many countries will focus on minimizing the the amount of total activity to suppress the growth and spread of the COVID-19 virus. Remote work and unsecure data practices will continue, cyber breach costs are projected to reach for double-digit growth across all given industries. If government agencies, organizations and corporations fail to find a solution on mitigating cyber risks, the entire global community will suffer drastic economic losses that will take numerous years to correct.
Governments will begin to demand data sovereignty solutions and make a push to move away from the “global” cloud.
Political uncertainty, within the United States of America, has developed unrest on a national and international scale. Trust between nation-states have been at all-time lows, such as the relationship between the United States of America and Russia, the surge in cyberattacks have managed to challenge the security of both local and state government, which lead to numerous ransomware situations and so on. The large amounts of privacy concerns have led to the rise of the GDPR regulations, and the commitment to abolish EU-U.S. Privacy Shield due to the fear of U.S. government overreach. With the given unpredictable political climate of today, nations will attempt to prioritize data sovereignty and push systems that exchange/host data to the domestic cloud or an on-premise environment.
Remote workers will be the emphasis of cybercriminals
Cybercriminals will always target users and issue attacks to exploit them, whether it’s the behavior or habits. Since 2020, the became prominent as employees transitioned to remote environments to comply with mandated stay-at-home orders, the usage of their technologies have shifted significantly. Through a report by App Annie, they reported that videoconferencing apps have seen 62 million downloads in just the first week of March.
Business apps topped 62 million downloads across iOS and Google Play during the week of March 14-21, 2020 worldwide — its biggest week ever. This was up 45% from the week prior — the highest growth among any category across the app stores combined that week — and up 90% from the weekly average of Business app downloads in 2019. Record-levels of consumers demands works connectivity and accessibility from their mobile as the COVID-19 pandemic intensifies in Europe and the US.
App Annie
Cybercriminals have taken advantage of this “opportunity” to issue breaches via means of phishing, ransomware, and various other attacks to target holes within a company’s security protocols. Unfortunately, many were not yet prepared to support a remote workforce, safely and securely. Prior to the pandemic, roughly 82% of companies permitted BYOD (bring your own device) for members of an organization. Despite that many being enabled, 72% lacked BYOD malware protection entirely or were dependent on an endpoint software installation.
As a result, 2020 can be marked as a failure in the sense of being unable to find solutions that avoid the exposure of sensitive data. According to an official report by Malwarebytes, roughly 25% of organizations and companies have been seen paying for unanticipated costs to accommodate for unwarranted breaches and other malware infections. If an organization fails to evolve, cybersecurity threats will continue to grow and ultimately infect IT ecosystems by exploiting remote workers.
Large-scale video calls will be minimized and replaced with much more effective video groups and break-out room sessions
Since the start of the pandemic, organizations began to embrace video calls with many participants (even in the hundreds, most often seen with digital classrooms) – based on hindsight, this is not an effective solution. During this period of time, companies like Zoom and Cisco have seen a surge in valuations due to their video call services. Through time and time again, a large-scale video call enables the opportunities for many disruptions due to unwarranted access. As companies and organizations focus on cybersecurity and employees push for greater production (leading to greater fatigue), the capability and functionality of the current setup for online meetings will soon diminish. As an alternative, companies and individuals will push for smaller and more focused video group sessions and breakout rooms that are centered around reaching specific goals, being efficient and being much more collaborative interactions.
Legacy security architecture, such as VPNs, will become a weakness for an organization
Many organizations decided to seek out legacy security architectures, such as a VPN, as an ideal solution for remote work, due to COVID-19 pandemic. Unfortunately, this is not an effective long-term solution due to various concerns with VPNs, which would include: latency, difficulty with scaling, excess access to internal resources for users, and limited production.
VPNs are a known target, due to liabilities, for cybersecurity threats. According to ZDNet, a cybercriminal can easily exploit an unpatched VPN with ransomware such as “REvil.” Unfortunately, even a perfect and well-established VPN deployment can be prone to an attack. Through a report by the Department of Financial Services, in New York, hackers were able to obtain access to a Twitter employee’s stolen VPN credential to obtain access to high-profile accounts and promote a Bitcoin scam without having to issue authentication for their identities. According to the GlobalWebIndex, there are roughly 400 million businesses and consumers utilizing VPNs around the world, which as a result will continue to lead towards many more potential successful breaches for a cybercriminal.
According to Cybersecurity Insiders, 34% of IT security teams around the world revealed that they have implemented (or in the process of) a zero-trust security model to ease numerous concerns that are presented by a typical network schematic. According to Crowdstrike, they define Zero Trust as a security concept that requires all users, even those inside the organization’s enterprise network, to be authenticated, authorized, and continuously validating security configuration and posture, before being granted or keeping access to applications and data. Upon that information, 60% of enterprises, according to Gartner Inc., will be moving away from VPNs in favor of zero-trust network access by the year 2023. By having a zero-trust implementation, a user could have access to the most minimal amount of permissions that are necessary to execute their tasks, based on the roles that they have been assigned by the network. By 2021, there should be a strong upward trend for the zero-trust network access since organizations should recognize that the gaps that legacy architectures could impose on their security policies.
Organizations will “future-proof” by diversifying and moving beyond the more traditional cybersecurity tools and strategies
As companies will make attempts to make revisions to their architectures to accommodate dispersed teams at a scale, they would need to make an investment for diverse and future-proof tech stacks. The increase in mobile workforces and cyber threats will lead to the competition of priorities, including security, integration, privacy, and even convenience. To find a solution to this issue, companies and organizations will attempt to invest in tools that are most relevant to their needs, even if they are in overlapping categories.
New architecture for secure collaboration
As a result of the Coronavirus pandemic, work culture has evolved dramatically, with the future looking even more unpredictable for the upcoming years to come. What is already known is that big tech companies are paving the way for permanent remote work structures – enabling ways for organizations of any size to consider, if opportunities permit. To meet the rising challenges of working remotely and cyberattacks, communication platforms (such as Zoom, Webex, etc.) will need to feature security-first architecture/schematics from start. As of right now, a handful of technology vendors have started to feature some formats of end-to-end encryption within their solutions, by this year; by the end of the coming year, companies will have to expect and incorporate end-to-end encryption across all tools utilized for communication and collaboration with all members in an organization. This push will come directly from the Chief Executive Officers and non-security executives since personal liability for cybersecurity breaches have reached all-time highs; based on a report by Gartner Inc., 75% of CEOs will be deemed personally liable for cyber-physical security incidents by 2024.
Due to the nature of cyber-physical systems (CPSs), incidents can quickly lead to physical harm to people, destruction of property or environmental disasters. Gartner analysts predict that incidents will rapidly increase in the coming years due to a lack of security focus and spending currently aligning to these assets.
Gartner defines CPSs as systems that are engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). They underpin all connected IT, operational technology (OT) and Internet of Things (IoT) efforts where security considerations span both the cyber and physical worlds, such as asset-intensive, critical infrastructure and clinical healthcare environments.
Gartner Research
CSOs and CISOs seek convergence across security solutions while coping with budget reductions
As of 2020, Gartner Inc. reported that global IT expenditures declined 8% as a result of the COVID-19 pandemic, and is expected to continue into 2021. Through a report by Forrester, they project that US tech investment will fall 1.5% in 2021 after years of accelerating tech spend — a $135 billion drop from 2019’s spending peak. From Pew Research, they state this is to be expected due to the fact that the United States’s economic deficit went from under $800 billion to $2.8 trillion within a 2-year span.
Even though budget-related concerns are prominent, security executives should still focus on sealing the digital transformation gap within the organizations that they take part in; convergence and simplicity will be crucial. Security executives will focus on technologies that integrate various services (bundle of services) into a single platform to attain greater savings in cost. Platforms, such as secure access service edge (SASE) platforms, will see a major shift in 2021 since they are expected to override various incomplete point products and extend consistent security to every single enterprise IT resources through just a single control point. By doing so, leaders of the organizations will be able to reap the benefits of extensive cost savings while IT teams, such as cybersecurity teams, will be able to benefit from the consolidation of management that will save them a lot of time that could be invested elsewhere.
Healthcare sector breaches may result in lethal outcomes
The healthcare sector has seen a massive spike in traffic, as a result of the COVID-19 virus; they have managed to increase treatments, testing and research and development efforts for a vaccine. Unfortunately, despite these optimistic measures, the sector has seen historic financial repercussions. Based on a report by the American Hospital Association, they concluded that, in the United States alone, the viral pandemic has costed healthcare organizations $40 billion within a span of 4 months (March to June).
Despite these struggles with finance and halting the spread of the virus, cybercriminals are still going to elect hospitals and healthcare providers are prime targets; they will typically utilize ransomware attacks that will make it challenging to facilitate care for patients, which may become lethal. In an article by BBC, a patient lost their life due to a cyberattack that infected a computer system via ransomware in the Düsseldorf University Hospital, back in September of this year. With the impression that cyberattacks being potentially lethal, hospitals and healthcare organizations could lack proper cybersecurity protocols to prevent an infiltration that could lead to the leakage of private healthcare information (PHI) and various other types of attacks. As a result of this ongoing pressure, institutions will be pressured with the well-being of patients both electronically and physically; cybercriminals will not stop regardless of the financial pressures healthcare institutions will face.
Financial organizations will be prone to extensive cyberattacks
Finance organizations are held liable for the security of consumer financial data, and they must stay watchful of their cybersecurity investment throughout the upcoming year. With the value of financial data (SSN, banking information, etc.) being at all time highs, cybercriminals deem the sensitive data as a very lucrative target.
With that being known, financial service firms are not as heavily breached as other industries such as the healthcare sector. However, even though they have less breaches, the cost of each individual breach is typically greater than most other industries. In a Bitglass report for 2019, roughly 7% of breaches targeted financial organizations; however, in terms of damage, 62% of leaked records (for the same year) came from financial organizations.
With upcoming technologies on the horizon, such as 5G networks, cybersecurity breaches will, most likely, be significantly more enhanced. As a result, it is vital for any heavily regulated organization (finance, petroleum, pharmaceuticals, etc.) to invest its efforts in an effective data protection to ensure the safety of their data and customers.
COVID-19 will force digital transformations at an accelerated rate
2020 will go down, in history, as a memorable year with a large abundance of negative news, mostly due to the recent pandemic. In terms of technology, there were a lot of shifts in innovation. Specifically, there was a rapid digital transformation, for many industries, in order to comply with stay-at-home mandates while also being able to operate at the highest capacity possible.
The topic of digital transformation is not a new topic for organizations, as this was a concern since the early 2010s; many new topics of technology have surged during this time (such as the service of hyperconvergence that Nutanix, VMWare, or even CDW offers). With or without the pandemic, digital transformations would still have remained a priority for organizations. Gartner Inc. reported that worldwide 5G network infrastructure spending has doubled to $8.1 billion dollars, making 5G network infrastructure to account for 21.3% of total wireless infrastructure. 2020 has accelerated 5G in order to keep their remote workers constantly connected, has seen organizations expand the usage of AI and Machine Learning-powered analytics (such IBM Watson services) to expand their businesses, increased migration for cloud adoption for extensive innovation, quicker deployment, scalability and so on.
Fortunately, a lot of technological advantages came during pandemic and the benefits will extend beyond the span of the lockdown measures, with benefits including: flexibility, savings on cost, and an advantage that will enable them to overcome any further animosity that the future may entail. Despite security professionals making efforts in securing the current/modern work environment, the upcoming year will be projected with organizations of all industries investing in securing themselves with more complete and future/disaster-proof style.
Adoption of new technologies and increase in users for the Internet will lead to increased risk of data exposure
Based on historical data, cybercriminals often take advantage of global events and the uprising of new technologies. Based on a report conducted by the Federal Bureau of Investigation, the amount of crimes that were reported to the FBI’s Internet Crime Complaint Center (IC3) have roughly quadrupled since the start of the recent pandemic. A leading factor as to why there was a massive surge was due to a large increase in active internet users on a monthly basis, with over 4.5 billion users as of July. What makes that statistic more staggering is that the active user population is equivalent to almost 60% of the world’s total population. As technology becomes much more accessible, the total amount of internet users will continue to increase and companies will be pressured to continue supporting remote work even after the pandemic; 84% of organizations will continue support for remote work, based on a Bitglass report in regard to the 2020 Remote Workforce Report. With the adoption of 5G and other new technologies, it is a safe predicament to state that the total number of people across the globe that are impacted by cybersecurity data breaches will see a large increase.
However, even with all of the upcoming fear and stigma of possible data breaches, companies should not be afraid of implementing new technologies or continuing the support for being able to work remotely. With proper security protocols, organizations can reap benefits of new technologies, while supporting their entire remote/non-remote workforce, without having to worry about the exposure of any additional risks that the future may deliver.
Michael is an Information Technology consultant, with a focus on cybersecurity. Every day, Michael strives to learn something new, with an aim to share it with you all!