Cybersecurity CEO: 5 Cybercrime Trends to Watch for in 2021
December 16, 2020
Cyber Predictions for the C-Suite to Keep Top of Mind Next Year
Los Angeles, Calif. – Dec. 16, 2020
As we close out 2020, it's no secret that this year has had more than its fair share of challenges. At the onset of the year, we predicted that the top priority for any CISO or CIO will be to manage the risk associated with digital transformation and enhance their security programs in order to keep up with new technological complexity. Looking back, that was an understatement!
This year has upended lives and completely transformed the way businesses and entire workforces operate. I’ve said it before and I will say it again – digital transformation is now a requirement for survival, and the pace of our industry, including the sophistication of the actors and groups that threaten it, has only been accelerated.
As we look ahead to 2021, what trends can we expect to emerge and continue when it comes to cyber? What should C-suite executives account for in their cybersecurity roadmaps and risk registers? Here are my top 5 predictions:
Work-From-Anywhere Will Continue to Expose Cyber Gaps
The move to remote working happened practically overnight, forcing many enterprise cybersecurity teams to work hard to catch up and ensure their cybersecurity infrastructure was aligned with the new work environment. This transition is still in effect for many companies and includes the often-rushed transition to cloud-based systems, opening the door to cloud-based attacks. Not only that, as organizations transition (partially or fully) back to the office, executive security leaders need to consider how their teams will handle this shift, securing devices that may be out of compliance, or compromised after having been used in remote settings.
Ransomware, the fastest-growing type of cybercrime, will claim a new victim every 5 seconds by 2021. Sadly, in 2020, we saw the first instance of human loss as a direct result of cybercrime – ransomware to be exact. New, sophisticated ransomware attacks have already begun to surge, including variants that not only steal data, but threaten to publicly expose it, in addition to self-destructing backups and keys. This level of sophistication imposes even more incentives on businesses to pay up. As we move into the new year, CIOs, CISOs and IT security teams need to heighten their awareness and response plans around ransomware.
More than half of data breaches over the past year involved insider threats. This includes employees who have unintentionally allowed a breach because of bad cybersecurity hygiene. From using unauthorized devices to falling for increasingly sophisticated phishing scams, there are numerous ways employees can be the weak link in even the strongest cybersecurity infrastructure. As enterprises continue to navigate the remote work environment, the internal cybersecurity threat will only increase. Prioritizing cybersecurity awareness and education amongst enterprise teams will be key to protecting your organization against cyber-attacks in 2021.
Automation and Machine Learning
As businesses and cybersecurity firms (the good guys) continue to adopt and improve upon service offerings with the use of automation, we’ll also see malicious actors and threat groups (the bad guys) enhance the sophistication of their attacks by leveraging machine learning and AI. In our endless game of cat-and-mouse, organizations will see weaponized machine learning help attackers identify patterns of defenses and find vulnerabilities in tools and technology faster than ever before.
Increased Spending on Compliance
The privacy landscape has shifted drastically in the last 12 months, including the implementation of the California Consumer Privacy ACt (CCPA) and New York's Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act"). US states like Maine and Nevada have already passed a state data privacy law or have it scheduled for 2021. To avoid costly consequences, including regulatory penalties and lawsuits - enterprises will prioritize cybersecurity compliance in their 2021 budgets. Here are some of Herjavec Group's recommendations on how to safeguard the personal data you have access to.
As I close out my last Cyber CEO for Cybercrime Magazine, I will leave you with this: Tough times never last, but tough people do. It is my great hope that you've advanced your cybersecurity posture, and your organization is better prepared now than it was 36 months ago when I penned my very first Cyber CEO. While 2020 has been full of challenges, I look forward to 2021 and the innovation and advancement that will continue in this amazing industry of ours.
To Your Success in 2021 and beyond,
Originally posted on Cybercrime Magazine