Eight cybersecurity trends that will shape 2021

Recognising emerging risks and threats is critical for defeating cyber attackers. During 2020, the average cost of a single cybersecurity incident in Australia was $276,000 – enough to cause the failure of a small to medium business or put a huge dent in the aspirations of larger organisations, coming at a time when businesses are already fighting for survival during the pandemic. The Australian Information Commissioner reported that data breaches increased by over 700% during 2020.

One of the best ways organisations can spot early trends is to know what’s happening on the dark web and keep up-to-date with how emerging technologies are being used by attackers.

As the cost and frequency of cyberattacks continues to accelerate, these are the eight trends to watch as we head into 2021:

1. Nation states will start looking at attacking businesses to generate income for their political agenda.

Nation states are launching attacks against private businesses and Australian firms are in their sights. This activity is likely to increase in scale and velocity into 2021, as they attempt to either steal valuable intellectual property or run ransomware campaigns and email fraud in order to increase their power and national revenue. In 2020, North Korea was the first state nation to openly attack for financial gains.

2. Threat actors will leverage Artificial Intelligence

Just as security teams are using machine learning and AI to detect and block incoming attacks, criminals are learning how to use the same tools to find new vulnerabilities and attack vectors. The next generation of the cybersecurity arms race will be AI-fuelled. In 2021, we will see AI used more in cyber warfare as it’s used to launch attacks and defend against them.

3. Use of biometrics ID verification technology will accelerate

The era of username/password authentication is coming to an all-too-slow end. Biometrics and other passwordless identity verifications systems will become more popular. We’ll see more businesses make the step towards multi-factor authentication as well as the advent of passwordless identification.

4. 5G will drive a new wave of security innovation

With carriers in Australia and around the world pushing the deployment of 5G infrastructure, we’ll see the number of connected devices and the volume of data they create and share increase. The Internet of things (IoT) will create new challenges for businesses who will need to monitor more endpoints and data than ever before. There are also many currently unknown and untested threats that will likely be exposed in 2021.

5. Hospitals and healthcare will get serious about cybersecurity

Following several high-profile attacks in Australia and overseas, including one ransomware attack which resulted in a patient’s death, the healthcare industry will increase its focus on cybersecurity. In the past, hospitals were averse to spending money on cybersecurity, preferring to spend it on new life-saving equipment. In 2021, hospitals will increasingly see how spending on cybersecurity will also save lives. The Australian healthcare sector is very immature and is particularly vulnerable to attack as some medical records are worth more on the dark web than they realise.

6. Ransomware will keep being a major issue

The old saying about robbing banks because that’s where the money is rings true. In 2021, we will see a further increase in ransomware attacks. In part, this is fueled by the rise in media exposure reporting that many SMEs in 2020 actually paid out money to regain access to their critical data. This is telling attackers that Aussie SMEs are a ripe target as bad guys, and those who previously hadn’t attempted to enter the space, are lured by the hope of success with knowledge that many businesses in 2020 actually did pay.

For this reason, it is imperative that organisations:

1. Employ least-privilege access permissions “if you don’t need it, you don’t get it.”
2. Employ network segmentation to assist with containment.
3. Consider application white listing to prevent unknown applications from executing.
4. Have a robust user-awareness campaign to educate users.

7. More purpose built, secure operating systems for specific applications will emerge

Organisations all over the world are developing new operating systems that are made for specific, narrow use-cases. These new systems are built to be super-secure and will be found in healthcare, military operations, and the emerging world of autonomous vehicles. Security in 2021, will move from an afterthought and become increasingly central to development.

8. The number of vendors businesses will use, will shrink

Businesses want a trusted partner and not a collection of different vendors and partners that are hard to manage. Many businesses use in excess of 50 different vendors and partners for everything from endpoint security and penetration testing, to red teaming and security appliance deployment and management. More mid-tier Australian businesses will look to outsource cybersecurity to experts that are across the latest techniques and have white hat hackers ready to deploy in defence.

2021 will continue to be a cyber challenge for organisations, as they continue to adapt to new ways of working during the pandemic, they will need to rethink their cybersecurity plans. New and emerging technologies will power innovation for both criminals and defence. The only way to stay one step ahead of the attackers is to know what they are planning and to be prepared.