There is no doubt that millions of us are ready to close the book on 2020 and cast our eyes towards 2021. While most people have experienced greater challenges in their jobs this year, cybersecurity specialists have certainly had to tackle more than their fair share of hurdles.
In order to take a peek at what cybersecurity trends and challenges await in us 2021, I asked a handful of industry experts to provide some insight into what they believe lies ahead. Below are the top five.
Measuring Reasonable Security 'Due to Care'
With an increasing array of regulations and compliance requirements regarding personal data coupled with the escalating costs of data breach litigation, defining a company’s “due of care” when it comes to cybersecurity is growing imperative. A proper definition can reduce the associated legal risks of a cyber incident.
Due to care is the legal responsibility of a person or entity to avoid behavior or neglectful actions that could reasonably be foreseen to cause harm to others. It is the process of determining what is indeed reasonable. Chris Cronin, an ISO 27001 Auditor, and Chair of the DoCRA Council predicts that 2021 will be the year we can expect a clear definition for reasonable security. (Read also: 6 Cybersecurity Advancements in the Second Half of 2020.)
He points to a “Test for Reasonable Security” that was recently released by the Sedona Conference. Its purpose is to provide regulators, litigators, and legislators a calculation or test to determine whether the burdens from security controls are worth the risk reduction they provide. It will also serve as a way to rationalize the security priorities and expenses based on a cost-benefit test. The state of Pennsylvania used a prototype of the test in their action against Orbitz in 2019. Cronin says that the test will be embraced by both regulators and insurance companies in the coming year.
Increased Email Loads and Vulnerability
Believe it or not, email usage increased in 2020. While that may come as a surprise when considering the escalating presence of chat-based collaboration platforms, the world used more email than ever before this year according to Ronan Kavanagh, CEO of the security filtering company, TitanHQ.
This correlates with a recent study showing that 306.4 billion emails were sent and received each day on average in 2020 and that figure is expected to increase to over 361.6 billion emails in 2024. Kavanagh says that more tasks are being completed over email than ever before thanks to the proliferation of remote work strategies.
As confidence returns to the economy next year, this pattern will continue to traverse upwards. Because email is still the primary delivery method for cyber attacks, the need to secure the email platform will be more important than ever. He believes that cloud-based email archiving solutions will become a key pillar in email security strategies through the end of 2021. The formula is simple, increased email volume equates to increased vulnerability.
Record Number of PCs Sold Creates Need for Endpoint Protection
Jeremy Moskowitz, Microsoft MVP, and Founder and CTO of PolicyPak Software predict that more Windows PCs will be sold in 2021 than the two previous years combined. Despite the dramatic expansion of remote work strategies this year, Moskowitz says there are still too many home-based workers using their own consumer-grade PC or continuing to use the old beater that was salvaged from the office.
This massive hardware refresh will propel further popularity of work from home software. He also predicts that Windows Virtual Desktop will continue to fill in gaps where the iPhone and Chrome OS fall short. The challenge he says will be in how to deploy and secure all of these desktops, both physical and virtual. Unfortunately, users continue to refrain from clicking on things, which is why the practice of least privilege is so important today.
There is still a rampant practice of assigning standard users local admin rights to their machines, which creates massive exposure to malware and zero-day attacks. Moskowitz sees “always-on VPN” solutions” growing more popular this year as well as cybersecurity solutions that enforce access list like protection. (Read also: Are Insecure Downloads Infiltrating Your Chrome Browser?)
The Second Phase of Ransomware
Cybercriminals certainly took advantage of the unease throughout the world this year, with ransomware attacks up in the triple digits. Erik Leach, CISSP and SCF along with Steve Lawn, Senior Consultant at Hallock Security Labs, both believe that we have yet to see the peak of the second phase of ransomware.
While initial versions of ransomware were cast widely as a giant net, hoping to snag an unsuspecting victim or two, ransomware 2.0 is a different beast. Not only is it designed to evade conditional security controls, but its attack methodology is also different. Once the new strain obtains a foothold within the network, its perpetrators manually control it in patiently.
Once high-value data is located, it is immediately uploaded to a managed location. Only then does the encryption process begin. This provides hackers with a second way to extort money. If the encryption process fails to garner payment, the criminals then threaten to sell the data or publicly expose it unless a ransom is paid. As a result, companies must keep accurate data inventories in order to know what type of data is in what location.
Packaged Cybersecurity Education and Training
Cybersecurity and awareness training is constantly brought up every year, but 2021 will be different according to Danny Kennedy, a long time veteran of the managed service provider (MSP) market. He said his clients as well as other MSP owners are all saying that the remote work movement is here to stay.
He too thinks that email volumes will continue to increase and cybercriminals will continue to take advantage of that medium, as well as the isolated environments that home-based workers must contend with. Because there is no one in the cubicle next to you to ask for a second opinion, training is essential.
He believes that cybersecurity education and awareness platforms will become popular next year. Glenn Stout, CISSP, and ISO 27001 Lead Auditor also believe that the need for training is becoming critical. As the first real line of defense, he says, it is critical that cybersecurity be more than a one hour workshop. It must be a continual organized effort throughout the year. (Read also: Cybersecurity and You: Why Learning Now Pays Off Later.)
If nothing else in 2020, we learned that it's impossible to tell the future. No one had a road map for 2020 at the start of the year for the specific challenges dealt with us. While no one can predict the exact events to prepare for in the coming year, we can draw conclusions based on the realities of today that point to the anticipated trends of tomorrow.
Predicting the cybersecurity challenges of 2021 doesn't take a crystal ball. It just requires the accumulation of knowledge from industry experts... and sites such as Techopedia bringing them to you.