2020 has been a year like no other in living memory. Hardly any facets of our lives have been spared the effects of one of the worst public health crisis in decades. The COVID-19 pandemic exposed our collective fragility and immensely heightened our sense of uncertainty, bringing in a paradigm shift of incomprehensible magnitude.

Some of the seismic shifts put in motion by the pandemic involve our embrace of technology as the global emergency has helped push some of the previously offline “touchpoints” into the online realm. This begs the question of what may be in store in 2021, including when it comes to threats and risks lurking in the digital realm.

Even prior to the outbreak of COVID-19, cyberattacks were already on the increase, the pandemic and resulting lockdown have only heightened this risk. From phishing scams to malware to ransomware, cybercriminals have leveraged the innate vulnerabilities of dispersed workforces and their IT systems in order to find cracks in the glass to break.

Remote working has brought flexibility, but it has also dramatically altered business processes and systems in order to cater to a distributed workforce. Employee access to IT departments, and vice versa, has changed. Some of the baseline security measures taken for granted in the office must be compensated for at home, such as requiring home workers to use multi-factor authentication or a VPN to access internal networks. Reminding workers to enable automatic updates and check the security of their own Wi-Fi networks is also crucial as the first line of defence against cybercriminals.

The key part of an organisation’s approach to fending off malware in 2021 involves strengthening internal processes and procedures that allow integrating technologies and people in order to monitor the entire lifecycle of a threat, from the moment an attacker seeks initial access into a system all the way until achieving data exfiltration or some other type of heinous action. These types of capabilities are achieved with technologies such as endpoint detection and response (EDR), which enhance the defenders’ visibility into what is happening within a network.

Fileless threats have been evolving rapidly and it is expected that in 2021 these methods will be used in increasingly complex and larger-scale attacks. This situation highlights the need for security teams to develop processes leveraging tools and technologies that not only prevent malicious code from compromising computer systems, but that also have detection and response capabilities – even before these attacks fulfil their mission. On the horizon are threat detection and response solutions that automate the monitoring, collection and correlation of data gathered from multiple IT security tools — this will not only improve, but also automate, threat detection performance while adding and accelerating incident response capability.

The pandemic made organisations more vulnerable as they scrambled to cope with the fallout. That made 2020 a boom year for ransomware attacks, mostly in terms of increased volume. Attackers have shifted tactics recently to raise the stakes for their victims. They’ve improved the implementation of their encryption schemes, making them harder to crack. Further, the attackers threaten to disrupt a targeted victim’s network with a DDoS attack if a ransom is not paid, sometimes in sync with a “teaser” attack that causes minor disruption. That makes it critical for CISOs to ensure they follow best practices for mitigating ransomware risk in 2021.

To cope with these permanent changes and enhanced threats, companies are looking at several technologies to pilot or implement in 2021. Organisations are now looking for long term enhancements to their overall cybersecurity program and not just current response mechanisms. New trends such as the Internet of Things (IoT), AI/ ML and a multitude of cloud computing models, promise increased productivity and business agility and hence are attracting the modern CISOs.

DevSecOps is another avenue that should pick up the pace and ensure cybersecurity fully integrates into the DevOps lifecycle. Organizations that want to integrate security into their DevOps pipelines should adopt tools and practices that unite application development, IT operations, QA testing, and security teams under a common DevSecOps rubric. The goal is to make security part of the software development workflow, with secure coding best practices and testing automation.

2021 looks promising for 5G technology that will introduce a wealth of benefits that will pave the way for new capabilities and applications, transform the digital landscape and be a catalyst for innovation, new markets, and economic growth. These benefits will pave the way for additional new capabilities and support connectivity for applications like smart homes and cities, industrial automation, autonomous vehicles, telemedicine, and virtual/augmented reality. 5G technology promises to completely transform telecommunication networks, introducing a heap of benefits such as faster download speeds, decreased, increased network capacity.

Cloud security is gaining traction as on-premises data centres are becoming a thing of past with more and more organisations moving their operations to cloud servers. With the introduction of new and stringent data protection laws all over the world, cloud security has become the prime concern for most organisations whose data resides on the cloud. Hence, a multi-dimensional approach is required to not only fight cyberattacks, but to be equipped enough to ensure full-proof confidentiality, integrity and availability of data stored, and also be able to recover from a data/ information loss.

COVID-19 has forced organisations to accelerate their digital agenda. Organisations are expanding their use of AI and ML-powered analytics to grow their businesses, and are increasing the cloud adoption to achieve innovation, faster time-to-market and quicker scalability. Also, AI-driven cybersecurity solutions will continue to drive automation and technology that can evolve with advances in cyberattacks.

Further, it is anticipated that data privacy will continue to be in the spotlight and become a Digital Rights Management issue. Regulations will continue to put pressure on organizations to adopt adequate data privacy and cybersecurity measures. Organisations that operate in multiple geographies will have to consider how they centralise their data privacy programs to cater to all regulations and build data subject’s trust

Cybersecurity has changed throughout 2020 and many trends that we have seen in 2020 are likely to spill over into 2021 as well. With the ever-changing situation, organisations need to be more strategic with their security controls and ensure that they make security the starting point and not an afterthought in all endeavours.

