The year of 2020 has seen unprecedented change and challenge impact the information security industry. The ramifications of the COVID-19 pandemic have been stark and had a direct bearing on so many of the technological and human-centric intricacies involved in the safekeeping and management of data.
What’s more, the consequences of the ‘new normal’ in which organizations find themselves are sure to have significant implications as we head into next year.
As 2020 draws to a close, Infosecurity highlights the key trends and themes that are likely to play a notable role in the infosec landscape in 2021, with a list of 10 security predictions from some of the leading names within the information security industry.
1. More Companies to Adopt Security Champions Programs
These are a great way of scaling up awareness programs and enabling the security team to form stronger relationships with the rest of the organization, especially in the context of remote working.
Source: Dr Jessica Barker, co-founder, Cygenta
2. Everyone Will Be Election Security ‘Experts’
Actually, they won’t, but by the time 2020 is over, the ones who have truly been working on this problem for decades will be drowned out by opinions, misinformation and armchair quarterbacking.
Source: Wendy Nather, head of advisory CISOs, Duo Security (Cisco)
3. The Fall of the Managed SOC
The MSOC market has exploded in the past year and there will be a shakeup in 2021 for many of the smaller and less mature players in the market. Those who have not matured their service offerings will withdraw, leaving the market to consolidate around some key players.
Source: Brian Honan, CEO and principle consultant, BH Consulting
4. More Security for Remote Working
Next year we’ll see a larger investment in security for remote workers. This will probably be a bigger task than most anticipate, with a bottom-up review of security controls that are working, and those that are not.
Source: Javvad Malik, security awareness advocate, KnowBe4
5. AI Poisoning Will Be a ‘Thing’
The ability of cyber-criminals to poison AI algorithms or the data used to train algorithms in stealth mode will allow this to happen. AI will run, present or make decisions, with unintended consequences.
Source: Theresa Payton, CEO and president, Fortalice Solutions
6. Passwords: Beginning of the End
2021 will be the tipping point for passwords and we’re going to see fewer new services offering only passwords as a form of authentication. However, this will mean that we’ll see an increase in attacks against password-less technologies.
Source: Javvad Malik, security awareness advocate, KnowBe4
7. Users Will Push for Better Experiences
The glitz and glamor of consumer IT will continue to be preferred by enterprise workers. The revolt started with remote working, but will spread in 2021 to enterprise software. As a side effect, security design will become a recognized sub-specialty in the industry.
Source: Wendy Nather, head of advisory CISOs, Duo Security (Cisco)
8. Significant Uptake in Cyber Insurance
Many organizations have been forced into remote working, which means substantially increased cyber-risk exposure. Cyber insurance will emerge as a key way to treat the potential fallout from successful attacks next year.
Source: Dr Jason Nurse, associate professor in cybersecurity, University of Kent
9. Shifts in How Ransomware Operates
Traditional ransomware just encrypts data, but cyber-criminals have discovered they can often double their money when extorting organizations by threatening to release the data as well. This will likely become the norm.
Source: Jake Moore, cybersecurity specialist, ESET
10. A Credential Stuffing Crisis
Credential sources are expanding, online services are growing and consumer behavior isn’t changing. It all means more account takeovers, more big brands in the headlines and more individuals making claims of being ‘hacked’ in 2021.
Source: Troy Hunt, founder, Have I Been Pwned?