Many experts predict that in the 2020s, companies will start focusing on cybersecurity more than ever before.
Gartner, for instance, predicts that by 2025, 40% of boards of directors will have dedicated cybersecurity committees. This shift, they say, is unsurprising, since cyber threats are rated as the second-highest risk for enterprises.
Get your Free Digital Adoption Certificate
In 2020, cyber risks escalated, in part due to the disruptions driven by COVID-19.
The disruptions caused by the pandemic, as we all know, drove major trends such as remote working and cloud adoption. And while these trends certainly have their advantages, they have also become grounds for new cyber attacks.
Below, we’ll explore a few of these cyber risks, which we can expect to see dominate the landscape in 2021 and beyond.
7 Cybersecurity Trends that Will Define 2021
Here are some of the top cybersecurity trends to watch closely in 2021:
1. Remote Working
Even if aren’t working in a traditional office, they can still be a target – in fact, remote workers can be targeted more frequently, precisely because they are working from home.
In fact, phishing was the most common type of cyber attack used in 2020, according to the FBI.
Even without the disruptions caused by COVID-19, however, the workforce is one of the top cybersecurity threats to the enterprise.
2. The Workforce
For years, employees themselves have been a major cause of security breaches.
These attacks can include:
- Phishing attacks
- Using insecure networks
- Inadvertently leaking sensitive data
- Installing unapproved apps or programs
- Failing to update or adopt software
These preventable breaches demonstrate the need for increased digital training within the enterprise, if not the creation of a “culture of security.”
Ransomware, or malware that holds data “hostage,” is on the rise.
This threat becomes compounded by the fact that many companies fail to house data offline, an essential risk mitigation strategy.
Many organizations also fail to implement basic security measures, such as network segmentation, a strategy designed to minimize horizontal movement across a network. Without this type of strategy in place, attackers and ransomware can spread more easily throughout a network.
While software vulnerabilities are decreasing year-by-year, ongoing digital transformation and the continual proliferation of new technology only makes digital ecosystems more complex – and this, in turn, increases attack surfaces and makes defense that much more difficult.
4. IoT Threats
The Internet of Things (IoT), or the integration of physical devices into digital networks, is yet another factor that increases the possible number of attack vectors.
For instance, in the remote work world, employees may need to access their employer’s network through devices that include:
- Laptops and home computers
- Mobile devices
- Mobile point-of-sale (POS) devices
- GPS devices, such as those used for geofencing
While these devices can naturally improve operational efficiency, they also increase the avenues through which an enterprise can be attacked. As these devices grow in number, organizations should take corresponding measures to improve their security.
5. The Supply Chain
Closely related to IoT security is supply chain cybersecurity – the more digital the supply chain becomes, the more it exposes itself to potential cyber threats.
According to IBM, the top supply chain security concerns include:
- Data protection and secure data exchange
- Data locality
- Data visibility and governance
- Fraud prevention
- Third-party risks
To address concerns such as these, it is necessary to take a comprehensive approach that combines multiple layers of defense.
To be effective, those defenses should include measures such as data encryption and identification, permissioned controls for data exchange, third-party risk management strategies, and incident response plans.
6. AI-Powered Cyber Threats
Artificial intelligence (AI) is becoming more sophisticated by the year and it should be a real concern for many businesses.
Here are a few examples of how AI can – and has been – used to commit cybercrimes, according to the World Economic Forum:
- AI can impersonate users at scale, making it easier to commit crimes that rely on social engineering, such as phishing and ransomware attacks
- AI can “learn” how systems operate, making it easier for them to blend into and navigate communication channels
- Today, cyber attackers must spend significant time researching and analyzing targets, but AI will be able to do that much more quickly
While these types of threats are certainly serious, AI also presents a solution.
When used in defense, for instance, AI can proactively adapt to offensive AI, better identify anomalies, and more.
7. Cybersecurity Talent Shortage
Another trend that should be concerning is the lack of digital talent, especially in the security industry.
This drought of security professionals will, in the coming months and years, fuel the need for:
- More talented security engineers
- Increased organizational investment in cybersecurity
- More CISOs, CROs, and security leaders
To keep up with this shortage, organizations should proactively hire talented professionals, create a organizational culture that promotes security-conscientiousness, and continually address this issue with boards and the C-suite.