Cybersecurity in 2021: 3 Key Trends CISOs Need to Know

So far, 2020 has seen its fair share of security news. Barely a day goes by without news about ransomware attacks, malware and phishing scams stemming from coronavirus-related domains – which, incidentally, are 50% more likely to be malicious. 

In a world threatened by cybercrime, different vectors for attacks have emerged, thanks to a dramatic shift in business operations. The crisis forced businesses to rapidly evolve to enable remote work and quickly scale the infrastructure to ensure the company could operate effectively and with minimal impact. 

However, the downside is that because of the less-than-ideal patching protocols exacerbated by the shift to remote work, there has been an unexpected growth in breaches from misconfigurations, missing patches and poor cyber hygiene.  

Further, the healthcare industry faces added pressures due to these gaps. Organizations need to recognize their vulnerabilities and address them head-on.  We look back on 2020 to find the top trends this year and key focus areas for cybersecurity leaders to focus their defenses. 

2020’s cybersecurity trends will cast long shadows, making the following three areas critical for 2021 and beyond.  

Learn More: IT Budgets 2021: More Tech Dollars Will Go to Cloud & Hardware 

1. Attackers Start Weaponizing Emerging Technologies Like AI, IoT, and 5G

Technology has always been a double-edged sword, and this will continue to apply in 2021. Technology advancements like artificial intelligence (AI), the Internet of Things (IoT), and high-speed 5G connectivity promise to transform user lives for the better. 

But malicious entities are already looking at exploitation tactics. 

• Artificial intelligence – AI-powered deepfakes could fool users into revealing their credentials. For example, hackers might use AI to create a fraudulent video of a team manager innocuously calling an employee because they forgot a password. 2020 saw deepfakes become alarmingly realistic (for instance, the clipOpens a new window of Belgium’s Prime Minister speaking on COVID-19 and the climate). 

AI can also be leveraged to launch large-scale attacks with little manual effort, making things more convenient for hackers. 

• Internet of Things – IoT is becoming increasingly pervasive across industries, from healthcare to retail and manufacturing. It also forms an integral part of the smart city infrastructure. However, IoT cybersecurity lags behind the rest of the technology. Nokia found that IoT comprises one in three infected devices as per its threat intelligence reportOpens a new window . 

With remote work, remote education and remote healthcare taking off and reliance on IoT systems increasing, this is a critical attack vector for 2021. 

• 5G – 5G is yet to go mainstream, but regulatory bodies are already calling for security controls. Recently, the U.S. Government Accountability Office released a studyOpens a new window that calls for coordinated monitoring across the wireless ecosystem to find threats in near-real-time. There are concerns that carriers may not promptly report incidents unless there is a government oversight. 

Companies like A10 Networks and Ericsson are already in the initial stages of rolling out 5G security solutions. 

AI, IoT, and 5G could potentially allow attackers to scale their campaigns, hack previously secure devices, and transfer data at lightning speed before preventive mechanisms can kick in.

In 2021, it is important to diversify your cybersecurity portfolio beyond the basic core and perimeter. Acknowledging these emerging vectors and tactics is the first step to building new-age firewalls that can withstand even the most sophisticated threats. Instead of a one-size-fits-all, consolidated platform, it might be a smarter idea to stitch together a modular, agile cybersecurity solution ready to take on tomorrow’s challenges. 

2. The Field of Cyberchology Sees Rising Interest

According to a new report, CISOs have witnessed a 63%Opens a new window increase in cybercrime during lockdowns. Experts trace this back to individual psychology, blindspots, and stress, causing risk-prone behavior. Indeed, the link between specific employee types and propensity for data theft can be observed across several incidents in different companies. 

In 2020, cyberchology as a field of research (a result of the joint efforts by ESET and The Myers-Briggs Company) gained prominence. 

The two organizations investigatedOpens a new window the personality traits of 2000+ consumers and 100+ CISOs in the U.K. and how this was linked to cybersecurity.  The research found that 80% of businesses were at risk due to human error, often due to work stress, COVID-19-related uncertainty, and inherent personality tendencies. A similar theme was discussed in this year’s Occupational Psychology Annual Conference by the British Psychological Society. 

Personality-related vulnerabilities must be identified and plugged in 2021 due to two continuing trends: 

• Remote work will be the norm rather than the exception. This means that each employee is empowered to make their own security decisions based on their level of risk averseness, compliance-friendliness, and overall security education. 
• Social media, which saw an unprecedented rise during the pandemic, can be used by hackers for social engineering tactics. FacebookOpens a new window found that digital tools were “very important” for 70% of users, and 86% of these respondents plan on staying engaged at the same level or more in 2021. 

You can undertake several preventive measures, gaining from cyberchology research. 

The first step is to deploy purpose-built psychometric tests that highlight dominant personality traits with strong correlations to risk appetite/averseness. You can also conduct training sessions to teach users how hackers might exploit their personality or attitudes to extract sensitive information. 

Learn More: Top 7 Cybersecurity Trends CISOs Must Watch Closely in 2021 

3. Healthcare Is a High-Risk Vector & There is No Going Back

This year, attackers perceived an outsized value from targeting healthcare organizations, and this trend will intensify as we get closer to an effective vaccine. 

“We’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States,” writesOpens a new window Tom Burt – Corporate Vice President, Customer Security & Trust, Microsoft. 

Another report Opens a new window analyzed the world’s twelve largest biopharma companies and eight COVID-19 vaccine researchers. There was evidence of malicious inbound traffic for every single organization. 

Given the severity of this issue, attack frequency could increase as successful treatments come to market, becoming more innovative, cost-effective, and thereby more valuable with time. A major problem is the lack of budgets. A typical healthcare organization allocates 6%Opens a new window of its IT budgets to cybersecurity or less, which simply isn’t enough to tackle these new, unfamiliar threats. 

A recent report predicts that data breaches in healthcare could triple Opens a new window by 2021, making it imperative to take the following preventive measures:

• Upskill in-house IT talent – Third-party solutions can be time-consuming to implement, configure, and adopt. In the meantime, existing IT staff must keep a sharp eye on digital transactions and anomalies. 
• Plan for cybersecurity investments – High-value data and legacy IT systems are sure to attract attackers. The healthcare industry must first spend on IT modernization and then on stronger cybersecurity to stay safe. Analysts estimate that healthcare organizations will spend around $125 billionOpens a new window for this purpose between now and 2025. 

Preparing for a New Year, and the Long Haul

The trends that gained momentum in the last few quarters will galvanize further next year, requiring swift and strong action from enterprise CISOs, the public sector, and cybersecurity consortiums around the world.  

What are the other focus areas that need attention in 2021? Comment on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!