Cyber security predictions 2021 – view from the experts

With the Covid-19 outbreak causing serious security concerns for businesses around the globe and companies struggling to properly protect devices and networks from outsider threats, The Commentator interviewed an array of leading cyber security experts to uncover the biggest challenges this year and the impact they will have on business confidence and security over the next 12 months

by Patrick Sullivan, Political Editor on 26 January 2021 11:54


The Coronavirus outbreak has forced millions of workers around the world to operate remotely, making it easy for hackers and fraudsters to impersonate and penetrate company security systems. For hard-pressed IT managers, juggling the responsibility of remote access.

Here, we speak with key figures in the cyber security industry about the biggest issues which could put organisations at risk.

The rise of Artificial Intelligence (AI) will play a crucial role in protecting businesses from outsider threats.

Security expert Hatem Naguib, COO, Barracuda Networks says, “AI is a key tool in the arsenal against cyber attackers. The ability to leverage algorithms against massive data sources to determine aberrant patterns is one of the most important ways we determine the new type of phishing and spears phishing attacks that are based on social engineering. This is especially useful in attacks on two key email vectors, email and applications.

"For email, originally, AI and ML (machine learning) can be used to stop attacks that mask as inquiries and updates asking you to click or share credential information. More recently we have used AI/ML to learn patterns of email communications to determine when an email account has been hijacked and is used to send to attacks to other victims. For applications with internet-facing interfaces are constantly responding to bots to get up-to-date information on the application.

“Many attackers use bots as attackers to search for unauthorised access to applications. There are millions of these bots running at all time on the internet and AI is used to determine which are malicious and which are benign.

Naguib added, “In the coming year we will see more use of AI as many people have shifted to remote office and online services to key areas where attackers are looking for vulnerabilities.”

According to other experts, identity is a new and important security focus throughout 2021. "Between the public cloud adoption trend, remote work explosion, and corporate data dissemination, the need to focus on user identities is essential. Companies should be asking who these users are, what their access is and whether they should have access at all.

"Some may wish to adopt Zero Trust strategies in order to secure their hybrid cloud journey but there is no one-size-fits-all strategy. Whatever they decide, identifying user account identities will be a key trend in 2021.” said Jérôme Robert, Managing Director North America, Alsid.

Mr Robert also suggested that hybrid and public clouds will see an uptick in attacks. He continued, “Despite the ubiquity of cloud application use across enterprises – an average of 200 SaaS applications are used in companies with 1000+ employees – cyber attacks aimed at the cloud are still relatively rare. Heading into 2021 we expect this to change with hackers using cloud API paths to move laterally across organisations. Expect to see much more of these types of attacks in 2021.

Other industry figures see the focus shifting towards training workers instead of simple standard tech investment. “I believe that in 2021 and beyond, CIOs must focus on training people, rather than an over-reliance on security tools,” says Matias Madou, co-founder and CTO at Secure Code Warrior.

Madou continues, “Scanning tools and the like have their place in a DevSecOps process, for example, but security at speed is made possible by producing secure code in the first place. It’s kind of a “humans vs. robots” approach - the human element is often left out, when in fact automation is not getting the job done. Headlines uncovering new data breaches every other day are evidence of that.”

“We must get to a point where developers - those who touch code most - are given the knowledge and tools to play a greater role in software security. Ideally, those tools are best placed in their workflow, getting closer to their day-to-day activities until security is second-nature.”

Security company Centrify has identified multi-cloud environments as a key area for protection from outsider threats. Its recently published predictions state that

“Nearly every business will be cloud reliant, leveraging multiple cloud providers. When COVID-19 hit, many organisations moved their workloads into the cloud for better resource availability and business continuity. In fact, a recent Centrify study revealed the remote work shift rapidly accelerated half of companies’ cloud transformation plans. For those who were not cloud-first, the pandemic revealed a glaring reality: businesses must embrace the cloud as a necessity in the modern tech landscape rather than view it as an option.

"Looking to 2021 and beyond, almost all businesses will rely on cloud storage, infrastructure, and workloads to survive. Mid-size, large, and global enterprises will look to leverage multiple cloud providers to meet a range of requirements for both centralised and per-business-unit priorities. Utilising an approach centered around increased efficiency, agility, and security, businesses can be better-equipped for this inevitably multi-cloud focused future.”

Meanwhile Max Locatelli, Regional Director, Western Europe at Infoblox told us, “The combination of COVID-19 and Brexit has created the perfect storm for data privacy issues in 2021. Cybercriminals are exploiting the vulnerabilities brought about by the pandemic, whilst Brexit will put a question mark over data sovereignty laws that is likely to linger well after the December 31st cut-off.

“From a legal standpoint, organisations need to be especially cautious about where they’re holding their customer data and be ready to adapt once new regulations have been laid out. When it comes to security, the new found chaos will mean investing in solutions that are going to protect data in network environments that are increasingly de-centralised by expanding security to the edge to accommodate the explosion of end-points outside the traditional security perimeter. Traditional firewalls and VPNs that protect the core network are no longer fit for purpose. Organisations need to be looking at SaaS-based DDI security solutions that extend visibility to all devices connected to the network to ensure security from anywhere in the world,” he added.

Additionally, email security company Tessian, headed up by CEO Tim Sadler, has posted the prediction that the traditional corporate network will disappear this year.

The company says, “Remote work – or hybrid work – will stay. Businesses simply can’t go back to the “old” ways of working. Why? Because employees expect to work both from home and in the office. In fact, 89% of employees said they no longer want to work exclusively from the office every day of the week. This shift will completely transform the concept of a network, at least as we’ve come to know it in the traditional workplace. Today, company security is very much in the hands of the employees.

“That’s why CISOs need to consider how their 2021 security strategies will protect and secure their people – not just endpoints and networks. This is especially important because people make mistakes, break the rules, and can be tricked or deceived by cybercriminals. To put it simply: Not protecting people means that company data and systems are at risk. But it’s important that security doesn’t impede employee productivity or interrupt their daily workflow.”

“According to Tessian research, 54% of employees say they’ll find a workaround if security software or policies prevent them from doing their job and 51% say security tools and software impede their productivity. “So, what can you do to protect your people, without getting in their way? Remove the sharp objects, protect them wherever (and however) they work, and make sure your security solutions stop threats and not business. This is what we call Human Layer Security.”

blog comments powered by Disqus