2021 is already shaping up to be a year of continued technological transformation and advancement, especially regarding the remote work sector. On the other side, bad actors are not slowing down. Cyber attacks continue to be on the rise, getting even trickier to spot. The beginning of a new year is the optimal time to bring your business up to speed with the latest cyber security threats and see what’s in store for tech trends in the year ahead.
“Predictions about digital and cloud transformation, 5G, cybersecurity, mobile banking, biometrics and more are all there in black and white from 2019 (and sometimes even before), but what no one predicted was the unprecedented hyper speed at which these technologies came at us. The pandemic turbo charged the entire technology engine with the seismic and sudden shift to a remote and mobile world.
Trends that emerged in 2020, along with some new predictions, will have a huge impact on 2021 as these technologies continue to evolve and deploy even more quickly. Adoption of emerging tech will be even faster next year and securing data in these environments must finally move to the top of the priority list because more depends on security than ever before.” Security Magazine
Computers Nationwide has done extensive research from a variety of credible sources and we’re ready to share our findings! Curious what 2021 has in store for the tech world? Let’s dive in…
“Cybercrime Rings Will Be Well Funded and Motivated: As organizations – including hospitals and other healthcare entities – struggled to contend with the global pandemic, organized cybercrime rings wreaked havoc. Ransomware-as-a-Service rose up with an alarming potency that crippled government agencies, schools and businesses. Unfortunately, one of the biggest threats in the New Year will be devastating: The United Nations estimates that organized cybercrime will cost the global economy around $5.2 trillion between now and 2025.
In Response, Businesses Will Take the Fight to the Hackers: It was predicted that the volume and efficacy of cyberattacks would increase in 2020, but no one knew the true extent and speed to which malware and ransomware would explode. In 2019, there was a 41% increase in ransomware attacks, and this number skyrocketed this year. For 2021, Cybersecurity Ventures predicts that a business will fall victim to an attack every 11 seconds, and the estimated cost to businesses will be around $20 billion. In the New Year, business will finally take the fight to hackers and go on the offensive by using deceptive technology to proactively set traps and allow access to fake data to frustrate attackers. These tactics, along with multi-factor authentication and access management controls, will reign supreme.
Increased social engineering attacks: Social engineering, a non-technical strategy that relies on human interaction and often involves deceiving people into breaching standard security practices, will only increase in the new year. In fact, Microsoft reports that social engineering attacks have jumped to 20,000 to 30,000 a day in the U.S. alone. And as criminal groups gain more and more monetary success, they will improve their engineering techniques and procedures. Common tactics will become more advanced and increasingly enable attackers to gain access to confidential information. Social engineering attacks like phishing, fraudulent communications that are disguised as legitimate; spear phishing, highly targeted attacks that use personal information to gain trust; and pretexting, a series of lies pretending to need sensitive information from a victim to perform an urgent task, will only become more prevalent and dangerous.”
“Cyber-criminals’ ability to pivot remains a threat: Back in March Barracuda Networks recorded a 667% spike in COVID-themed phishing emails. Although that number subsequently fell back, it showed us something very important: that cyber-criminals really are past masters at adapting their campaigns for maximum results. Thus, we saw attempts to steal personal data using pandemic-themed lures like fake government and WHO notices. We saw multiple attempts to scam users into sending money for ‘charities’ and other organisations fighting the virus. And we even saw attempts to utilise the event to launch BEC attacks.
Ransomware attackers have no shame, and are on the hunt for big game: The term “big-game hunting” was actually coined in 2019 to refer to ransomware gangs going after larger firms in more targeted attacks reminiscent of APT campaigns. However, with the advent of the pandemic, we’ve seen an increasing array of such groups targeting remote endpoints like RDP to gain a foothold in organisations. Many took advantage of security teams distracted by other tasks during the pandemic, or of organisations like hospitals focusing all their efforts on saving the lives of infected patients. One ransomware attack may have even resulted indirectly in a patient’s death. Attacks may use “living off the land” techniques to stay hidden, steal internal credentials for lateral movement and exfiltrate data for a “double extortion”. Some victim organisations have admitted attacks could cost them tens of millions.
A long tail of COVID threats: Malicious COVID-themed email activity may have died down from a peak in early 2020 when Barracuda Networks detected a 667% spike. But it is still a threat, comprising scams designed to trick users into handing over money and/or financial details; phishing attempts to harvest personal info; extortion; BEC and more. COVID-19 will be the gift that keeps on giving for cyber-criminals over the coming year. Localised news events and breaking stories such as the availability of new vaccines will continue to be hijacked and used in malicious email campaigns. For IT security leaders, layered email security including AI-powered tools and behavioural analytics to spot sophisticated threats will become increasingly important. As will cloud-based deployment to protect the remote workers targeted by these threats. Enhanced phishing training will also go a long way.”
According to Accenture’s State of Cybersecurity Report 2020: “At first glance, the basics of cybersecurity are improving and cyber resilience is on the rise. Our latest research shows that most organizations are getting better at preventing direct cyberattacks. But in the shape-shifting world of cybersecurity, attackers have already moved on to indirect targets, such as vendors and other third parties in the supply chain. It is a situation that creates new battlegrounds even before they have mastered the fight in their own backyard. At the same time, cybersecurity cost increases are reaching unsustainable levels and, despite the hefty price tags, security investments often fail to deliver. As a result, many organizations face a tipping point.”
“A Distributed Workforce is Here to Stay and Will Evolve to Arenas Never Imagined: The remote work trend, already steadily increasing pre-pandemic, accelerated exponentially in 2020 as a result of the pandemic Some workers will return the office, but many will indefinitely continue to work from anywhere. The lessons learned in 2020 will force IT organizations to invest more in physical and digital security to address new threat vectors resulting from a remote work culture. With more and more devices connected to networks, employee cybersecurity training will become a top business initiative as individual accountability increases. Organizations will require more cyber distancing to reduce the mixing of personal devices and corporate data to support compliance requirements. There will also be a new wave of remote workers. While the first wave was white-collar workers in the service industry, the second wave will include supply chain and manufacturing workers made possible because of technologies such as telexistence. “
“Permanent move to remote work: Many big firms have already committed to homeworking. In October, Dropbox said all of its staff could work from home and Twitter has the same policy. Microsoft and Facebook have also said a significant number of their staff can permanently work from home. That is a juicy new market for tech firms to exploit. You can expect more special work from home packages to be offered by internet service providers and other tech firms.
“Security is definitely part of our predictions when it comes to working from home activity, and that could be a package. Not just an extra line, but maybe a separate router, maybe a router with security, maybe some other services on top, even things like IT support because a smaller company might not have a remote IT support person,” says Marina Koytcheva, vice-president of forecasting at CCS Insights. Watch out as well for extra features when it comes to software to help people collaborate while working from home. So-called digital whiteboards like Miro and Mural have seen a surge in popularity – Mural has added more than a million active users this year.”
“Technologically simple: The digital transformation due to the pandemic has led companies to use up to 6 communication apps to carry out their activities. Therefore, the integration of different tools in a single platform will be one of the biggest trends in remote work in 2021, given that 66% of employees declare that having their applications in a single space would help them achieve a better workflow, increase their productivity and reduce the feeling of “technological fatigue” during working hours. Monday.com for example, allows teams to sync each of the apps used in their workspace: Google, Microsoft, Slack, Hubspot, and Salesforce.
Collaborative work will be the key: 2021 will be full of challenges, mainly tighter budgets and talent drain. It is for this reason that the management of collaborative work will be more important than ever for managers or project leaders. That is why, properly managing the flows and responsibilities of the teams, through technological tools , will be key to increasing the levels of engagement of employees with the company, as well as to reduce their workloads that allow them to take advantage and enjoy as long as possible at home, as 77% perform better when the company takes seriously the balance of collaborative work and the equitable distribution of work.”
According to Forbes: “The world witnessed a historic shift in the 2020 job market due to the Covid-19 pandemic. While some companies used to offer the ability to work from home as a perk, it has now become the norm for most businesses. By 2025, an estimated 70% of the workforce will be working remotely at least five days a month. While 2020 may be considered the year of remote work, it is just the beginning as we see the trend continuing in 2021.”
“The Password Will Finally Disappear as Digital Identity Becomes a Great Equalizer: As mobility reached a new level of critical need in 2020, the need for digital identity capabilities also crystalized. Lockdowns and remote work on a global level meant strong identity verification became the lifeblood for enrolling new customers, payment data encryption, and multiple authentication schemes, including biometrics. In the New Year, digital identity capabilities will become the great equalizer in the fight against fraud. Financial services, healthcare, government, mobile and other industries will need to build and maintain trust as data breaches continue with regularity and compliance mandates get more stringent.”
“Cloud innovation: Whether public, private, or hybrid, cloud has proven a game-changer for business continuity. Globally distributed businesses will increasingly rely on the cloud to support their operations and workforce, the greater part of which is working from home. Cloud-enabled solutions will range from the on-premise public cloud, Internet of Things (IoT) edge cloud, 5G mobile edge cloud, and the global network edge cloud. According to McKinsey, cloud spend is expected to grow at more than six times the rate of general IT spending through 2020 and is expected to continue growing next year.
Everything-as-a-Service (XaaS): The massive shift to the cloud has made XaaS emerge a top tech trend for 2021. As-a-service model has the potential to drastically cut costs and simplify tech deployments. Considered to be the pillars of cloud computing, services like Software-as-a-service (SaaS), Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) mean reduced on-premise costs and more value-added projects for the business. The fundamental benefits of the ‘as a service’ model mean a shift from capital to operational expenditure, access to the latest technology, and scalability. Adapting to XaaS also translates to faster implementation turnaround time for new applications and business processes; and higher ROI margins.”
“VPNs are out, zero trust is in: As mentioned, VPNs have had a bad pandemic. Overwhelmed by the sheer number of users, many systems proved to be a security bottleneck rather than an enabler of secure business, as performance stuttered. As well as delaying in-bound traffic headed for centralised corporate security controls, they also held up delivery of vital security updates to remote workers. One vendor claimed that 43% of IT operations leaders had problems patching remote endpoints, thanks in part to overwhelmed VPN tunnels. In some cases, cyber-criminals even targeted vulnerabilities in VPNs to gain a foothold in corporate networks. It’s also true that VPNs could be accessed by a hacker who managed to steal (phishing) or brute force (credential stuffing) a user’s credentials.
That’s why increasingly organisations are looking to zero trust to support their new cloud-first IT infrastructure and distributed workforce. Based around the notion of “never trust, always verify” zero trust is built on multi-factor authentication (MFA) and least privilege policies to ensure only legitimate users and devices get access to the corporate resources they need, and no more. It also supports the flexible, remote workforce of today by working anywhere, anytime, on any device.”
“The Fight for Data Privacy Will Make Bigger Headlines: Demand for privacy protection, snowballing for years, stole much of the spotlight in 2020 as data breaches soared. Global Data Protection Regulation (GDPR) fines added up and the first company to be fined under the California Consumer Privacy Act (CCPA) surfaced, all while individual states continued to refine their privacy laws. The sudden invalidation of the legal framework known as Privacy Shield, by European Union ruling called Schrems II, dealt a blow to nearly 6,000 companies in the U.S. who rely on trans-Atlantic data flows, renewing debate over whether and when a federal privacy law might come into existence. With consumers’ heightened awareness of their privacy rights, companies that leverage data discovery technologies and protect sensitive data (with encryption) will keep themselves out of unwanted headlines in 2021.”
“Cybersecurity will define the business: Greater reliance on the cloud and a continued shift to distributed work will exacerbate cybersecurity threats — there will be a bigger attack surface than ever before, with multiple new points of entry. At risk of massive fines and loss of customer trust, advanced cybersecurity will be the top priority for prudent businesses. The cybersecurity tool and solution marketplace will answer with increasingly competitive and dynamic products. Given that the cybersecurity industry is facing a widening skills gap, we can reasonably expect investments in ‘intelligent’ cybersecurity systems to be the next best course of action.”
2020 was a tumultuous, exciting, intense, and unprecedented year for those working in cybersecurity AND those working from home for the first time. IT professionals were constantly figuring out how to adjust to the new, ever-changing tech climate. Employees had to learn new tools for communication and collaboration. SMB’s quickly adjusted to the do’s and don’ts of remote work and protecting their valuable data from hackers.
“A full 94% of employers surveyed said their company productivity was actually the same (67%) or higher (27%) than it was before the pandemic, even though so many of their employees have been working remotely this year. Looking ahead, 73% said they expect a quarter or more of their workforce to continue working remotely post-pandemic. And one in three expect half or more of their employees to do so. That’s a huge switch from pre-pandemic days, when only one in 30 employers allowed for that.” CNN
While many businesses struggled to stay afloat or fell victim to attacks, there were also a lot of invaluable positive outcomes that came out of those experiences, urging organizations to level up their IT infrastructure and business practices. COVID-19 proved that teams are able to adapt to new technology quickly when necessary and the businesses that innovate will be successful.
“The rapid shift to remote working and adjustments that many companies were forced to make to continue serving customers highlighted the importance of digital transformation. But they have also hopefully reminded business leaders of the critical need for effective cybersecurity baked-in from the start. The stakes couldn’t be higher: cyber risk in today’s environment represents nothing short of an existential challenge for organisations.”
What has your business learned over the past 12 months that can make for a more secure, successful 2021? Are you aware of key trends we haven’t mentioned? Feel free to reach out, we’d love to start a conversation!
Don’t get left behind this year! Computers Nationwide wants to make sure your SMB is proactive about your cybersecurity posture in 2021.
Ready to invest in your IT infrastructure for a successful digital transformation? Let’s connect: (847) 419-9900.