[German]To kick off 2021, I'd like to take a quick look at cybersecurity trends. What can we expect in the next 12 months in this regard, especially after many tasks were moved to the home office in 2020 as part of the Covid 19 pandemic.
Advertising
I have received some information from security companies. For example, security vendor Check Point conducted a survey of enterprises on IT security priorities in 2021. The global survey sees defending telecommuters and cloud environments from threats at the front of every agenda even in the next two years. Majority of companies do not believe that old familiar norms will apply after the Corona crisis.
Check Point survey : IT security priorities.
Over half (58 percent) of the more than 600 global respondents see more attacks against their organization now than they did at the start of 2020, while 39 percent claim the number has stayed about the same and only 3 percent said it has actually dropped.
The majority (51 percent) also believe that IT security strategy cannot simply return to where it was before the pandemic began. Only 29 percent think that operations will return to old waters, while 20 percent are convinced that their situation is already back to the way it was before. Other key findings below:
- The biggest IT security challenges facing businesses at the turn of the year: securing telework is top of the list (47 percent), followed by fending off phishing and social engineering (42 percent), followed by maintaining secure remote access (41 percent) and protecting cloud applications and cloud structures (39 percent).
- Priorities for the next two years: here, by 2023, home office protection also leads (61 percent), followed by securing all endpoints and mobile devices (59 percent) and securing public clouds or multi-cloud environments (52 percent). So in the top three are not popular topics such as IoT security (30 percent) or email protection (24 percent).
- Upsetting IT security plans during 2020: 69 percent of respondents agreed that their strategy changed during 2020 because of the Corona crisis. The biggest change (67 percent) for experts was the large-scale deployment of telework. In second place (39 percent), they cited training employees against IT threats (security awareness); in third place (37 percent), they cited improving network protection and threat defenses, as well as expanding security for endpoints and mobile devices. In fourth place (31 percent) was rapid installation of new cloud environments. Only 27 percent said they were already doing existing projects, underscoring that the Covid 19 crisis was a complete game changer for most experts' strategy.
The majority of respondents believe that the current threat environment and corresponding IT security priorities are unlikely to change much over the next two years. Many also believe that the rapid changes to their networks and IT infrastructures, forced by the crisis, will remain in place from now on," says Lothar Geuenich, Regional Director Central Europe at Check Point Software Technologies GmbH: "However, because the many changes had to be implemented quickly, they remained partially unsecured and hackers now want to exploit this fact. Companies must therefore focus on closing the newly created security gaps. These measures start with employee training, continue with securing the computer or portable device, and only end with the data center or cloud environment. Balancing strengthening IT security with continuing to run the business under difficult financial conditions is, and will continue to be, the biggest challenge facing organizations of all types."
The survey was conducted for Check Point by Dimensional Research among 613 participants from companies around the world. All respondents are responsible for IT security at their company. More details on the survey can be found here.
5 predictions for the cybersecurity year 2021
From security vendor Imperva, I received a few more predictions from security experts that address the challenges for 2021. There, too, the focus is on the Corona pandemic. Cybercriminals are taking advantage of the uncertain and challenging situation for businesses and are vehemently trying to exploit the impact of the pandemic for themselves. Here are the predictions:
Advertising
- Many breaches from 2020 will continue to be commonplace in 2021: The significant increase in cyber attacks amid the global pandemic has resulted in millions of unprotected files and data; some of these data leaks are already known, countless others are yet to be reported. The new year will also bring a record number of thefts involving stolen credentials. This activity may fuel further discussions about general investment in cybersecurity and spur action on privacy regulation.
- Digital transformation projects entail spending on data protection: In order for companies to further digitize their business models during the pandemic, IT teams had to migrate large data sets – with little or no insight into what exactly was being stored. Failures of this kind could be publicized in the media in 2021, when the spotlight returns to data protection and, for the first time, unsecured data stores lead to outages on the order of petabytes.
- 5G advancement and IoT expansion spur botnet armies: Cybercriminals will continue their sophisticated attacks in 2021 by exploiting vulnerabilities in household IoT devices. With mature and widely available 5G solutions, criminals will be able to abuse endpoints for their own purposes – whether it's shutting down a network or stealing sensitive data. When combating cyber risks, it will become increasingly important how quickly threats can be responded to.
- The emergence of "smart" cyber attacks: The democratization of machine learning will equate to smarter attacks that are harder to defend against and stop. Smart attackers will automate their attacks while learning from how the victim responds, optimizing for more effective and damaging attacks. This heralds a new era of cybercrime that will require more advanced threat intelligence and increased security coverage.
- Serverless computing is becoming a playground for cybercriminals: While serverless solutions are more convenient for enterprises, IT teams have often adopted these cloud applications without deeper scrutiny and without involving their security colleagues. So in the new year, we can expect to see more cyber attacks here, such as DDoS attacks targeting serverless computing environments.
From the above points, I can see that protecting data must be a top priority for enterprises in 2021. Unfortunately, the ongoing rollout of 5G and the IoT is opening up more gateways for hackers, who are setting up increasingly intelligent attacks and automating them thanks to ML and AI technologies. So, we won't see any easing in terms of ransomware, data leaks and cyber espionage in 2021.
