2021 Cybersecurity Predictions: Remote Work, Phishing, Ransomware, & More
Adapting to an ever-evolving digital and physical threat landscape is vital for all businesses. However, in the year 2021, it will be more important than ever before. In 2020, many orgs have had to evolve and expedite their pre-existing timelines for digital transformation. Cybersecurity and cybersecurity transformation are no exceptions. As you’ll see from this list, many of our predictions for 2021 have been shaped by all that has happened in 2020 — especially the onset of remote work and greater cloud adoption across organizations of all sizes.
During the onset of COVID-19, many organizations had employees working remotely for the first time. For 2021, we predict that the remote working trend will be here to stay. However, we know that remote work does not come without additional security needs. Many organizations do not have the correct security protocols in place for safe remote work. When forced to do remote work earlier in the year, many organizations scrambled to acquire and deploy new technologies quickly. Due to urgency and the sheer volume of technologies needed for swift adoption, we see that many organizations didn't perform the due diligence to assess these technologies ahead of time properly. We predict that in 2021, organizations will take a step back to evaluate these new technologies and processes, fine-tune, and change where that change is needed. There will be more of a focus on “getting it right” vs. getting the technologies out of the door as quickly as possible. With cybercriminals continuing to try to take advantage of remote workers, we hope that an increase of awareness of cybersecurity best practices enables more companies to secure their remote workforce. We predict this will go beyond the standard hardware-based VPN and that IT organizations will invest heavily in software-based VPN and cloud-based VPNs.
2020 has also brought an increase in phishing attacks that we predict will carry heavily into 2021. Phishing attacks, such as spear phishing, involve highly targeted and convincing malicious electronic communications (like emails) that include specific and accurate details about a particular individual, group, or role at a company. New tools have been developed by cybercriminals to automate the manual aspects of spear-phishing. These tools will allow cybercriminals to send hundreds if not thousands of emails with content customized to each victim. With the number of increased spear phishing emails sent, the success rate will also increase. With remote workers as an attractive target for cybercriminals, we will hopefully see an emphasis on phishing training during new hire onboarding.
Continuous Education & Training
Speaking of an emphasis on phishing training, we think that the trend for 2021 will encompass overall cybersecurity training and education. With many organizations getting into the spotlight for breaches, leadership is beginning to understand the ramifications of poor cybersecurity practices. Arming employees (especially remote employees) with the best security practices can decrease the chances of them accidentally exposing enterprise systems and data to new risks. Continuous education is crucial to keep users aware of the latest attacks and exploits and decreases the risk of security issues from human error. We predict that organizations will invest in security awareness tools, training tools, and third-party consultants to provide hands-on experience and educational resources to better secure this attack vector.
Users will also need to be on the lookout for ransomware attacks in 2021. Ransomware is a form of malware that encrypts the victim’s files, which will no longer allow the user access to the files. The victims are shown instructions on how to pay the ransom to receive the decryption key. As the remote work trend continues, it is imperative for the workforce to have access to their corporate resources. However, this increases the chances that they are a good target for a ransomware attack. Already in the past two years, we have seen an increase in ransomware attacks from hospitals, schools, local and state governments, to mid-large businesses. For business continuity purposes, a great number of organizations pay the ransom. To protect against ransomware attacks, organizations need to:
- Properly back up their data
- Screen emails and inform users not to click on suspicious links or ads
- Invest in an antivirus firewall
- Sustain an effective security awareness training program
- Apply security patches to all applications in a timely manner
- Whitelist certain computer applications
- Develop a Disaster Recovery Plan
Multi-Factor Authentication (MFA)
Authentication attacks have increased a great amount and will only increase into 2021. The best way to defend against these types of attacks? The key to thwarting thwart authentication attacks such as phishing, spear-phishing, keyloggers, credential stuffing, brute force attacks, and man-in-the-middle (MITM) attacks is through multi-factor authentication (MFA). MFA adds an extra layer of security by requiring additional information or credentials from the user. When implementing MFA, there are many different applications to choose from to provide this service. Make sure you choose a reputable application and educate employees on MFA before rolling this out to your organization.
Security for IoT Devices
With the onsite of IoT or “Internet of Things,” devices are now more connected than ever before. With this interconnectedness, organizations are at a much higher risk than in the pre-IoT era. These devices can be products such as smart locks, smart-controlled thermostats, lights, sensors, CCTV cameras, and voice assistants like Siri and Alexa. With all these connections, a great amount of data and access is stored. This data must be protected, otherwise leaving organizations vulnerable to cyberattacks.
So how can you help implement security safeguards for your IoT devices in 2021? Some ways include:
- Using strong access passwords or biometric access to devices
- Implementing automatic antivirus updates
- Deploying end-to-end encryption
- Making sure the device and software updates are available and installing them in a timely manner
- Keeping track of available features and disable unnecessary features
Remember, many people have these types of IoT devices around their house. If you are working remotely, make sure these devices are secure.
Cloud Security Solutions
As we move into 2021, the need to secure the cloud applications, environment, and assets is more essential than ever before. Many organizations will increase their cloud security programs by enhancing cloud security monitoring. Organizations will focus more on cloud-native solutions for vulnerability and configuration scanning. Many breaches result from vulnerabilities and misconfigurations of assets that have not been remediated. In general, security testing across applications, networks, and devices will increase as implementing more robust security controls will decrease the chances of a breach occurring and allow organizations to adapt and to be better prepared to secure their remote workforce. Many organizations improve their cybersecurity programs and implement third-party penetration testing programs and implement automated solutions with real-time insights that support a continuous monitoring approach.
Adapting to an ever-evolving digital and physical threat landscape is key for all organizations. Cloud computing is the path forward and will only increase as organizations see the benefit from both a revenue and security perspective. Adapting to the threat landscapes, organizations need to implement agile solutions that provide continuous effective monitoring and testing. Whether your organization is remote or in the office, the need for continuous education around cybersecurity is critical. If you need a partner to help you get started building a security program from scratch, or improving on an existing program, contact MindPoint Group to get started.