Organizations will increase focus on application and cloud security-focused programs. They will enable the remote workforce, Data Protection Programs, CMMC Certifications
Organizations will improve their Incident Response process and conduct more IR Workshops and Tabletops
Organizations will focus on more services around DevOps, CI/CD pipeline vulnerability testing, and vulnerability management programs
Products and solutions will be more cloud/SaaS focused, primarily due to COVID
Clients will be more focused on outsourcing services with minimal products
2021 will see many moving more systems to the cloud and SaaS solutions
Organizations need to assess themselves with a risk-based focus – this will include building out a risk register and performing more threat modelling exercises to identify the organization's overall true risk posture
I predict the ransomware attacks to climb as the nation-states are using it to fund their operations. And because of this, the security budgets will increase.
2021 will also see Organizations focus more on a Zero Trust model
There is not going to be much change in 2021 with the WFH aspect. People feel safe sitting at home. But they are more likely to be a bigger target and easier to access. Those companies that didn’t plan to secure their workforce at home better will need to and, if not, will find themselves in a bad spot
Other Predictions About #CyberSecurity
Security Analyst - CSW
Organizations will give more importance towards weakly maintained information exposed to the Internet which cyber criminals can take advantage of targeted information to deliver more relevant Targeted attacks, phishing campaigns, malwares - to explore more insights and devise new infiltration techniques
Chief Growth Officer, Privasec
With our world shifting into the virtual landscape, this can only mean that more information will be made even more available to the public, and it will be unsurprising for cybercrime to evolve and manifest in different creative forms.
CISO, Executive Advisor - EVOTEK
2021 will be the year of SOAR and investments in enhanced detection technologies including deception. I am cautiously optimistic that the improvements in security automation, the outstanding work in discovering zero-day vulnerabilities, and other software flaws will improve such that we'll see real reductions in dwell time. I also predict that cybersecurity as a topic for the board of directors will continue to be front-and-center - notably for public companies who are required by the SEC to provide accurate and complete disclosures related to their cyber risks. This focus will drive enhancements as to how organizations address patching and vulnerability management for their technology stacks. Sadly, we will also see the loss of life where OT or healthcare-related technologies are compromised, exposing new levels of liability for organizations in critical sectors.
Team Lead, CSW
Corporate networks or devices which can be connected by employees from outside, for example, the company's intranet or security infrastructure from coffee shops, restaurants, railway stations, hotels, and other public wifi access will be more open and prone to cyber-attacks.
Security Analyst - CSW
Spear phishing, password spraying, and exploiting internet-facing assets, are the most popular infection vector when it comes to nation-states actors' activity and will continue to dominate in 2021.
Technical Project Manager - CSW
Deep fakes will be the next threat on which cybersecurity has to act on.
Senior Director, Systems Engineering - Asia Pacific & Japan - ForeScout Technologies Inc.
Organizations will need to determine how they will adapt to this new world, now that it has become clear that working remotely is not only possible for many but, in some cases, preferred. This means that Zero Trust capabilities will be more important than ever as corporate laptops connect to home, coffee shop and hotel networks around the world, mingling corporate devices with riskier ones that are no longer controlled by enterprise cybersecurity teams.
CTO | Engineering, Technology & DevOps Leader | Cloud Operations
CISOs, IT and Product leadership of SaaS providers will explore Governance & Operational transformation while shifting-[Security]-left through automation, adopting SecDevOps methodologies, and imbibing a balanced Risk-Based Vulnerability Management philosophy to prepare themselves against increased product security incidents which are impacting millions of customers, not to mention corporate & government embarrassments and losses.
Global Board of Directors at OWASP & InfosecGirls
Prediction for next year is the companies are adopting and understanding the importance of security in the cloud, at the same time DevSecOps with chaos engineering is becoming an important thing with a pinch of automation and AI.
CISO, Essar Oil (UK)
More Companies will be impacted by cyber threats, and many of them will start investing in Cyber Security. It will take another year though to improve their posture.
System/Software Engineer and Author
As recognition of the importance of resilience engineering increases, cybersecurity's contribution to resilience will become increasingly recognized. However, while cybersecurity is an essential part of resilience, it will become increasingly recognized that the adversities that can disrupt critical capabilities extend well beyond cybersecurity threats and attacks. Resilience also involves adversities associated with capacity, interoperability, longevity, robustness, safety, and survivability.
DevSecOps Enthusiast | CyberSecurity | CloudSecurity
Indian startups will start to look into the security maturity and data privacy concerns to avoid future data breaches.
Adv Rajas Pingle
International Cyber Law Expert | Cyber Crime Lawyer | Advocate | Professor | Privacy & Data Protection
Year 2020 has seen a considerable increase in data breaches and further upsurge is expected with the rise of unemployment across the globe due to the pandemic. In this context, the Indian Personal Data Protection Act which is to be enacted by 2021, will increase personal data consciousness among the masses, compel the corporates to take adequate measures to safeguard user data and increase cybersecurity to avoid hefty penalties. The silver lining in this is that the PDPA might act as a stimulus in reducing overall cyber security incidents in India.
Security Advocate, Public Speaker, Advisor, KnowBe4u
Consumers will see an increase in Whatsapp and SMS fraud. Not only will the number of scams increase, but cybercriminals will become bolder by asking for higher amounts of money and using more forceful and devious techniques to manipulate people into paying.
Founder & Managing Director Mnemonic Identity Solutions
“I would predict that 2021 will be the year that the global population will start to discover the real value of 'hard-to-forget', 'hard-to-break' and 'panic-proof' secret credentials for secure and sustainable digital identity."
Director, Cyber Security
We have seen that there is an increased adoption of SaaS and the pandemic has further propelled this adoption. Data protection, strong authentication and visibility into the SaaS configuration will be critical to the firms.Insider abuse to misconfiguration in SaaS can be equally disastrous. The enterprises will start building the controls from protection to visibility to remediation to have a more holistic approach when it comes to SaaS.
Wai Kit Cheah
Director, Security Practice at Lumen Technologies
With remote work, employees are no longer within the safety and confines of their corporate network. In a home environment, they would not be protected from malicious websites, drive-by downloads, malvertisements, as they would be in their corporate network behind security policies and protection layers. Chances are much higher that endpoints could inadvertently download a malicious malware or be infected with ransomware.
Founder and Chairman, The Santa Fe Group
In 2021 we will continue to see concerns about supply chain management and the management of risk when outsourcing. Location risk, geopolitical risks and reputational risk issues will be at the forefront along with cybersecurity risks, where adversaries will focus on the weakest link…the third and fourth party suppliers.
Prof John Walker
Nottingham Trent University
Successful Cyber Attacks will continue with more high-profile companies falling to compromise. Sadly, 2021 will not be the year we see real steps taken toward Cyber Resilience - but it will be the year in which we encounter a more serious mindset toward addressing the aspect of Cyber Security. We may have to wait for 2022 and beyond to see those thoughts formulate into tangible action.
SVP & CISO, Gojek
Very large fines will be levied on firms due to data breaches that compromise the privacy of customers / consumers. Cybersecurity skills gap will continue to grow and force security programs to outsource and/or train incumbent staff to upskill even more. Nation states will continue efforts to embed backdoors at the hardware layer. The majority of successful hacks is achieved by the compromise of user accounts or credentials (vs. exploiting a vulnerability)
CTO & Founding Partner SecurityCurve
Passwords are a challenge, no one likes having to remember a lot of different ones and stolen passwords lead to account compromise. This is why I expect 2021 to see consumers adopting password wallets/managers that generate unique passwords for each account and then store them safely. Enterprises will continue to move towards “passwordless” strategies and both consumers and enterprises will implement MFA (multi-factor authentication) such as one-time use codes via text and biometrics to improve password-only security.
Founder & CEO Secure Blink
CISO & CSO are transitioning towards a durable cybersecurity solution in compliance with the zero-trust strategy, and SASE occupies right into that space substantially.
Director at Cyber Consultancy Services (CCS) Limited
Attacks against 3rd party suppliers will increase as hackers look for smaller, softer targets that are either connected to or share Personal Identifiable Information (PII) with larger corporates, but do not necessarily have the highest levels of security protection. Without knowing the security and compliance risks that your 3rd party suppliers have you will be blind to the risks that they pose to you
Security Awareness Advocate, KnowBe4