Wishing you all a cyber-safe and wonderful Christmas / New Year 2021 in advance. In this blog, I will be talking about the Cyber Security Risk prediction for 2021 with an emphasis on which attack vectors are most likely to be exploited.
When I look back 2020 was a year of Data Science, Internet of Things (IoT), Blockchain, and widespread Cloud Adoption with increasing regulatory focus on AI Ethics and decision-making transparency, Secure IoT adoption, etc.
With Covid19 coming into the picture, Cloud adoption and remote working/collaboration related tools have gained momentum. So is the focus around increased risk of Ransomware attacks and Data breaches arising out of cloud misconfiguration. Attacks against RDP, VPN, and remote connection servers will double in 2021.
Ransomware and Data breaches continued to be newsmakers and will hold true in 2021 as well. Phishing simulation exercises on a periodic basis along with Information security awareness sessions will hold a key from a preventive controls perspective. Data backup solution providers will also be in focus.
Cloud security will be another focus area of 2021 as we will see new attack vectors emerging particularly around DDOS attacks, Ransomware, Unsecure APIs, and misconfiguration. Cloud security posture management (CSPM) will be the buzz word and will see continued innovation and focus. I also predict more players will come into the CSPM area apart from the well-established players like TrendMicro Cloudconformity, Aqua, etc. We will continue to see fierce competition between the before-mentioned third parties and Cloud service provider native CSPM offering like AWS Security Hub, Azure Security Center, and Google Security Command center, etc. Hopefully, it will bring down the cost for CSPM users.
Container Security will be another focus area in Cloud world along with Secure APIs.
Phishing attacks will continue to be lethal and an entry point into organization defense. We will see more sophisticated Phishing attacks and it will be important to align awareness/training sessions accordingly keeping the focus on Phish Prone percentage. Voice Deepfakes will become the new phishing bait.
Data privacy will continue to gain attention under the shadow of GDPR, CCPA, and state-specific stricter Data Privacy Laws. Important to have Data privacy by design implemented along with Data minimization.
From a financial world perspective, AML and Cloud security continue to gain attention along with regulatory interests around the world of Data Science. Block-chain will continue to gain momentum. Crypto currency-related risks might see some traction.
From the Healthcare Industry perspective, we will continue to see an increase in sophisticated Cyber-attacks especially for the companies involved in Covid19 vaccine research / Manufacturing. The trend is further strengthened by recent attacks on Ranbaxy, AstraZeneca, etc. and we might see Nation state-based attacks.
Zero trust as Identity & Access Management (IAM concept) will continue to gain momentum. So is Security by design and Multi-factor authentication (MFA) requirements for access to admin consoles / sensitive information.
Deepesh Kumar works as Associate Director – Information Security Risk Management in Novartis. He has also worked with Morgan Stanley and JPMorgan Chase & Co. He holds CISSP, PMP, CIPP-E, AWS Cloud solution Architect, Azure Architect Design, and other Information Security relevant Certifications.