I was planning on writing “Looking VERY MUCH Ahead to 2021,” as 2020 has earned a less than desirable reputation amongst most of us. However, the idea of 2021 being all roses and puppy dogs was destroyed with the news last week of the discovery of an enormous cybersecurity breach with tentacles throughout the federal government and beyond. The breach is so vast and so deep that security experts are still trying to track down what was seen and what was done over the many months that it was active—but undiscovered. So, with that ominous ending for 2020, here are seven trends to watch for in 2021:
Trend #1: More Cyber Espionage
As noted above, we close the year with a reminder of a form of warfare that is growing more intense: International cyber attacks. The attack was carried out by foreign bad actors (most fingers pointing to Russia) surreptitiously inserting malicious code into software updates being sent by SolarWinds for its Orion networking monitor platform. The attack was reported as impacting the U.S. Department of Commerce, but is believed to have extended to other agencies as well. Reuters, reporting that the hacks uncovered so far may just be the tip of the iceberg, quoted one person familiar with the matter as saying: “This is a much bigger story than one single agency. This is a huge cyber espionage campaign targeting the U.S. government and its interests.” Unfortunately, we will likely see more of this in the year ahead.
Trend #2: Focus on Protecting Remote Workers
The vaccines are on the way, but the COVID-19 pandemic will likely dominate much of 2021, meaning a large percentage of workers continuing to log in from home. Even as the pandemic wanes, many observers believe that the movement to remote workers has proven sufficiently beneficial to organizations, and popular with their employees, that it may remain a major element of an evolving workspace. This makes it essential that organizations increase security measures to enable secure connectivity—while tightening role-based access to ensure that workers can only access resources required to do their job.
Trend #3: Growing Threats from Phishing and Ransomware Attacks
Ransomware attacks—and the phishing social engineering methods that are often used to enable them—will continue to grow in numbers, as well as sophistication. During 2020 we saw an escalation of blackmail attached to ransomware attacks, in which bad actors in addition to locking up access to data through encryption would threaten to post unencrypted data to dark websites. Healthcare organizations will likely continue to be major targets, in part because of the extreme sensitivity of their patient records. Robust backup scenarios can protect against ransomware, and encrypting data while in motion and in storage can protect against the blackmail scenario. I predict we’ll see movement toward wider adoption of both strategies.
Trend #4: IoT Becomes a Bigger Target
The Internet of Things—that vast world of seemingly invisible devices that we all use to connect our homes and businesses to the Internet—represents such a vast threatscape that it will likely become an even larger target for bad actors in 2021. Attacks against IoT devices is especially worrisome not just because they can provide an entry way to networks, but because interfering with IoT devices can create chaos. IoT devices are found throughout our industrial plants, the power grid, the water works, healthcare, and beyond. We need to develop more robust solutions for securing them.
Trend #5: More Attention to Attacking the Cloud
Cloud-based resources have become part of the IT fabric, and dependency on cloud-based apps, services, and data stores has only increased as COVID-19 forced so much of the workforce to operate remotely. All of this makes the cloud a major target. While cloud providers tend to have tight security—often tighter than what their business customers might have—weak spots will be probed, including for any apps used to interact with the cloud. The problem is exacerbated because it can be more difficult for organizations to monitor what is happening with their cloud-based resources than if they were sitting on their own backend infrastructure.
Trend #6: Our Defenses Will Improve
So far, my outlook has been a bit on the bleak side. On the positive side, there is tremendous effort across the industry to enhance security of operating systems, applications, and every other element of IT infrastructure. Vendors know it is bad business to allow products to ship with vulnerabilities—and even worse business to allow vulnerabilities to go unpatched. On the corporate side, chief technology officers, chief information officers, chief security officers—as well as chief executive officers—are becoming more attuned to the absolute necessity of securing all of their IT resources. We should get help from machine learning and the holistic approach of eXtended Detection and Response (XDR) technologies that automatically, and intuitively, monitor networks and applications for unusual activity. Although IT spending at many organizations suffered during pandemic cutbacks, I predict that there will be increased investments in IT security, simply because the alternatives are so unacceptable.
Trend #7: Security Talent Will Be in Demand
We are entering a period of cyber warfare. I wish I didn’t have to say that, but the use of cyber espionage, as noted earlier, has been going on for a long time, and is intensifying. On top of that you have cyber criminals in it for the money. In a cyber war we need cyber warriors. An article in Homeland Security News Wire titled “Creating a National Network of Cybersecurity Institutes,” hints at what needs to emerge. Meanwhile, just about everyone is going to need an expert in cyber security. This means there should be a big demand for security talent. If you can’t find—or afford—a dedicated cyber security team, consider bringing in a security managed services team. Because the biggest trend I see for 2021 is the need to become ever more secure.
Clinton Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.