Best Practices 11-11-2020

DigiCert 2021 Security Predictions

DigiCert

2020 has brought about a lot of change. Who would’ve imagined watching our favorite sports teams on TV and stadiums without spectators, or the one-year postponement of the Tokyo Summer Olympic games? But isn’t it nice that some things don’t change, like our annual exercise of predicting what cybersecurity challenges we expect in 2021 and beyond?

With all the uncertainty that 2020 presented us, no one knows with 100% certainty what will happen. However, we can be reasonably certain about our predictions based upon the changes to infosecurity brought upon us by the pandemic and other events of 2020 and the way it will likely shape 2021. First and foremost, in our thoughts are the impacts of vastly increased remote working and digital transformation that have both been accelerated by the pandemic and the difficulty of in-person gatherings. So, with these events in mind, our team of cybersecurity experts gathered (virtually of course) to debate and formulate their list of 2021 cybersecurity predictions. This team consisted of Dean Coclin, Avesta Hojjati, Tim Hollebeek, Mike Nelson and Brian Trzupek.

The envelope please…

Prediction: Social engineered attacks will get more complex

According to Verizon’s Data Breach Investigations Report for 2020, social engineering is a top attack vector for hackers, and we expect threat actors to leverage current events to unprecedented levels. Consider the following:

  • Unemployment fraud: With unemployment fraud at an all-time high, we will see an even larger increase in 2021, as pandemic-focused unemployment programs from governments have lowered the barriers to collecting benefits and security methods have not been able to keep up. Should we see additional stimulus funding from governments to provide relief for the effects of the pandemic, this will only make this a richer channel for fraudsters.
  • COVID-19: Free COVID-19 tests will be leveraged heavily by threat actors in the New Year. Scammers will utilize social engineering to dupe users into providing a mailing address, phone number and credit card number with a promise to charge 25 cents to verify their information and qualify for a free COVID-19 testing offer.
  • More COVID: The offer of fake, “government-approved” cutting-edge technologies to fight COVID and take the temperature of those in proximity will trick users into downloading malicious apps on their smart devices that can be leveraged for nefarious activities by threat actors.
  • Tax deadlines: With the fluctuation of tax filing deadlines in 2020, expect threat actors to leverage this to their advantage in 2021. Phishing around tax season will drastically increase.

Prediction: Shortcomings in data security are going to cause a slowing effect on telehealth organizations due to an increase in targeted attacks

Telehealth providers are opening themselves up to cyberattacks on an unprecedented scale. Prior to the pandemic, telehealth comprised only a small fraction of medical visits. However, beginning in March 2020, much of medicine suddenly shifted to the telehealth model, aided by the federal government’s temporary relaxation of HIPAA restrictions on telehealth. The value of a single health record is high, and this will become a growing target for fraudsters looking to take advantage of this situation. It’s a perfect storm. Healthcare providers are rushing to set up systems and keep up with exploding telehealth appointments, while hackers are looking for soft, high-value targets. As news of successful attacks spreads, this will result in eroding patient trust.

Prediction: The “new normal” will be under attack

We predict that individuals and businesses alike will adjust to a new normal sometime in 2021. This new normal will result in an increase of travel, a reduction in unemployment and a transition for workers to return to the office, leading to threat actors’ attacks on the following:

  • Travel: Fraudsters looking to take advantage of the new normal will target vacation-starved travellers looking for good deals online or via email. Phishing attacks will be the tool of choice and will be leveraged successfully by fraudsters.
  • Back to the office: As workers return to the office, there will be a steady crescendo of applications offered by threat actors with the promise of increased productivity tools to ease the transition to the office. Tools such as apps that provide ambient sounds will be leveraged in these attacks. Expect new attack vectors to emerge not only for social engineering, but also attacks targeting common home devices that are used at home for workers splitting time working at home and the office that can be used to compromise an individual and allow for lateral movement into a business. Workers splitting time between the home and the office will only exasperate this transition period, causing confusion and an increase in security risk for business.
  • Data Breach News: News of data breaches will increase in 2021 as the public learns of exploits on companies that haven’t done a good job securing their remote workforce.

Prediction: 2021 will bring increased focus on automation and efficiency solutions in the security market

  • As organizations work to keep the lights on and scrutinize the bottom line, there will be a resulting push for efficiency in security technologies.
  • Security teams will be asked to do more with even fewer resources. 2021 will bring an emphasis on technologies that allow organizations to do more with less, and automation will play a significant role in terms of security innovation in the New Year. According to a 2020 SANS Automation and Integration Survey, 12% of respondents had no security automation in 2019. In 2020, that dropped to 5%. We predict the level of automation in 2021 will increase exponentially.
  • A consolidation of security vendors will take place in 2021 as businesses look to reduce the number of vendors within their environments. Trusted vendors with leading global technology and local resources where their customers live will be valued, as will be their emphasis on automation of security tasks.
  • As security investments focus on immediate value, Quantum Computing will continue to move forward. We will see the effect of Moore’s law on Quantum Computing. As Quantum Computing allows for tasks to be more efficient, organizations will prioritize its continued development. Improvements and efficiency are recession-resistant.

Prediction: Staying safe online

Identity and consumer accountability of their permissions and controls over their data will lead to a new interest in how to stay safe online and with connected devices. Concerns over contact tracing and other government invasions of personal privacy will lead to a new desire by the public for ways to identify organizations with which they connect online and for better assurances of the security of the connected devices in their everyday lives, including connected cars, homes, buildings, websites, emails, etc.

Predictions 5-10 years in the future

Always looking to exceed expectations, our experts also looked beyond 2021 and into their crystal ball for the next 5-10 years for what security innovations will await us.

  • Holographic teleconference to minimize travel: Each generation brings a new technology which “shrinks” the globe. In the early part of the 20th century, steam ships allowed people to make trans-Atlantic crossings in about a week. Then propeller airplanes shortened it to two days (with stopovers). Once commercial jets became viable, the same trip which took one week on a ship took less than 10 hours on a plane. With the advent of the Internet and email, instant communication was made possible. Fast forward to today, where everyone is using video teleconference tools to communicate, which have in many cases, eliminated the need to travel. In the next 10 years, expect holographic teleconference or sophisticated telepresence devices, where participants can view others in 3D without the need for special glasses. Holographic projectors located on the back of cameras will project the image in front of you, which will give a more lifelike experience to conferencing. This will further reduce the need to travel across the globe to meetings. To make this a reality, a backbone of high speed, secure communications pathways will be required. In addition, on the hardware side, a migration to higher capacity processors and higher resolution cameras and projectors will be needed. For the software, codecs that can operate in 3D with the appropriate encryption controls are a must. While this technology will start with businesses, it will easily expand to consumer use cases as families will be able to “visit” each other using this holographic method.
  • Data privacy: The data “given away” by the current generation of children in the home will come back to haunt this generation in the future, inspiring a new generation to carry infosec securely into the future. Children being forced into online learning at home will instill in some a discovery and passion for technology. This newfound passion for technology among this virtual learning generation will inspire new technology and security solutions and will inspire a new generation of innovators.

And there you have it. Here at DigiCert, we look to the future, so we can offer the best protection in the present. Bring on 2021.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

Why Matter needs to toughen up

National Cybersecurity Awareness Month:
October 2024