5 cybersecurity threats to watch in 2021

There’s no doubt 2020 will go down as a watershed year in history. On one hand, the global health crisis radically transformed the way we live and work while on the other, organized crime capitalized on the disruption, chaos and uncertainty. As the world becomes increasingly hyper-connected and automated, the threat landscape continues to evolve, and risks continue to multiply. Looking ahead from a security perspective at what the next 12 months might bring, here are the top five threats to watch for in 2021:

1. CAAS: Cybercrime-as-a-Service

It’s probably a no-brainer that cybercrime will continue to reign as one of the biggest threats of 2021 and beyond. Per recent estimates, cybercrime will probably cost the world a whopping $6 trillion in 2021, making it the third-largest economy after the U.S. and China. Ransomware has quickly become the most prevalent form of cybercrime and has become even more commoditized with the emergence of cybercrime-as-a-service.

In 2020 alone, ransomware attacks resulted in $1 billion in financial damages. Cybercriminals are going after crown jewels like user data and intellectual property. Pharmaceutical research related to vaccines, treatments and testing are increasingly targeted by state-sponsored attackers. Healthcare is another sector that continuously made headlines in 2020 and saw a 45% spike in attacks since November 2020. Phishing emails continue to wreak havoc, with almost two-thirds of all businesses expecting a rise in COVID-19 themed phishing attacks in 2021.

2, Insiders

 Insiders have always posed a risk to businesses historically. Whether it’s malicious insiders who knowingly try to harm the business or negligent workers who circumvent or ignore existing processes. With the pandemic still looming large and workers being stressed and distracted, accidental insiders have come to the spotlight — such as workers who are unable to think through effectively, probably because they are tired, under stress or operating in an unfamiliar environment. Studies have shown that stressed workers are the cause of at least four out of 10 data breaches.

3. The digital generation

With Gen Z joining the workforce in 2021 and beyond, businesses need to start reimagining cybersecurity around this digital generation. They have been exposed to social networks and mobile systems since childhood and are extremely comfortable sharing information online. Organized criminals and hackers can exploit Gen Z’s naive and trusting nature by employing sophisticated social engineering tactics and luring them into divulging their employer’s sensitive information. Recent research has revealed that older generations have better cybersecurity knowledge and practices than newer generations. Such a lack of security awareness and value for information security can pose considerable risks to businesses in 2021 and beyond.

4. Edge computing

Large scale adoption of remote work, the widespread use of cloud technology, and the introduction of 5G and IoT devices are all helping edge computing become an attractive value proposition and architectural choice for several businesses. Forrester predicts that 2021 will be an inflection point for edge computing. This increased adoption of edge computing will expand the attack surface and extend the opportunity for attackers to come in through the various entry points of the extended architecture. Unless businesses have insight into every device being connected to this extended network, edge computing can pose some serious cybersecurity risks for the business.

5. Digital Transformation

Post COVID-19 organizations have realized that the way they have had to work during the pandemic will probably be the way they choose to work going forward. In a recent Deloitte survey, 77% of CEOs revealed that the pandemic has accelerated digital transformation in the workplace. If digital transformation is rushed without embedding security from the ground-up or is bolted-on to existing legacy systems without due consideration to cybersecurity, then it can introduce new risks to the business. According to a Ponemon study, 82% of respondents indicated having a data breach during the digital transformation process. Supply chains and third parties involved in digital transformation can also expand the attack surface significantly. Currently, 40% of cybersecurity attacks are said to originate within the extended supply chain.

Key considerations for cybersecurity in 2021

Developing and maintaining a robust cybersecurity strategy is hard but not impossible. When done right, it’s one of the most worthwhile investments. Here are some key considerations for 2021 and beyond:

• Establish a cyber resilience framework: Businesses must establish a robust cyber resilience foundation that not only helps predict and prevent cyber threats but also prepares for any potential impact. This means starting with situational awareness of people, processes and technology and then building a resilience posture based on your organization’s goals. Remember that this isn’t a static thing. As the business and industry evolve, threats are evolving too, and your security must evolve alongside these dynamic changes.

• Develop a cybersecurity advisory board: All major business functions (finance, legal, HR, sales and marketing, etc.) have a key role to play in cybersecurity, not just the IT or the security team. Rolling out a water-tight cybersecurity strategy involves engagement across all different levels of the organization, from the board right down to the last employee.

• Keep technology risks within acceptable limits: Get your basics right. Focus on some traditional things that security does (i.e., stress testing data centers and implementing a hybrid cloud approach). Supply chain integrity should follow suit and implement security processes as well.

• Focus on your workforce: You must pay special attention to cyber fatigue and mental health since your workforce isn’t coming back to the office anytime soon. Security teams should work closely with business leaders to roll out simulation exercises and tests in a bid to improve cybersecurity awareness and also monitor for any potential insider threats.

Steve Durbin is CEO of the Information Security Forum, an independent, not-for-profit dedicated to investigating, clarifying and resolving key issues in information security and risk management. ISF membership comprises the Fortune 500 and Forbes 2000. Contact him at steve.durbin@securityforum.org.

 Related:

• Pandemic should prompt insurers to reexamine cybersecurity
• What has COVID-19 taught us about cybersecurity?
• 5 ways to maximize a cybersecurity exercise
• 5 cybersecurity events that keep CEOs up at night