It's a bit of a cliche to warn every December that online security faces tougher challenges than ever in the year ahead. But for the past few years, it's been true every time. Across 2020, we saw rises in cybercrime threats and dollars lost to hacks, leaks, and ransomware attacks.
The numbers are still trickling in, but some sources say that 80% of firms saw an increase in cyberattacks across 2020, with attempts occurring every 39 seconds and a total impact affecting 700 million people living across 21 countries.
In the next year, we may see a total cybercrime toll hitting $6 trillion in damages annually.
How can we know what to expect? By taking a closer look how online security suffered in the (very) recent past. Here's how the changes of 2020 will create the cybersecurity world of 2021.
Phishing Attacks Will be Huge
At the end of December, market research agency Savanta found 57% of the US working population currently works from home.
That number will drop once the pandemic's over, as 39% of those working from home today say they're happy or excited to return to work once it's safe. Still, it's a noticeable shift that will almost certainly see far more flexible and fully remote work positions sticking around for years to come.
More than 80% of all cyberattacks are phishing attempts, making them the lion's share of the problem. And with workers at home, the potential for human error or exploitation from phishers is sky-high. The pandemic led to a jaw-dropping 667% spike in spear-phishing attacks in March, compared to the previous month's numbers.
James Carder, Chief Security Officer for LogRhythm, predicts another coronavirus-related phishing front to watch out for in 2021: He thinks attackers will leverage the COVID-19 vaccine in their efforts.
“In 2020 we saw hackers leverage COVID-19 to distribute a plethora of phishing scams to unsuspecting victims. The number of legitimate emails sent on the topic allowed phishing emails to hide in plain sight. As the race to secure and distribute a vaccine continues, the public will once again seek information on new developments. Attackers will purchase domains and craft emails with this in mind,” he says.
When it comes to the vaccine, phishers have two factors working in their favor: People have limited knowledge about the vaccine, and they're very interested in getting it. But whatever causes the increase, you should batten down the hatches — by which I mean invest in a secure VPN.
Data Breaches will Drop, but Healthcare Remains a Target
The good news is that data breaches on the whole will be down in 2021, for the simple reason that they don't earn hackers as much money as phishing or ransomware. Breaches dropped 30% in 2020, with the number of impacted individuals down over 60 percent year-over-year.
The news isn't great for one high-risk industry, though. Jumping off our last point about the vaccine serving as a lightning rod for phishing attacks: The entire healthcare industry is an appealing target for data breaches in the new year.
“Cybercriminals will continue to target healthcare and clinical trials organizations for sensitive data on vaccines and healthcare data,” says Alex Jones, Information Security Manager at security platform Cobalt. “COVID has created massive new high-risk data sets and attack scenarios.”
COVID technology has expanded at a breakneck pace, with evolving healthcare measures including temperature/thermal screening, contract tracing apps and data, and COVID clinical trials and the vaccination data that goes along with them. That's a lot of sensitive data that we didn't need to worry about before 2020.
Ransomware will Grow More Sophisticated
Here's possibly the most frequently predicted trend in 2021 security news: Ransomware will be huge. The crime, which refers to malware designed to block access to a computer system or database and ransom it off, is popular because it's such a lucrative one.
“To counter this threat,” says Manoj Nair, General Manager at Metallic, “expect to see enterprises move to quickly put in place Defense-In-Depth strategies that use a combination of attack detection, data security, and data backup to fend off and (in the worst case) rapidly recover from a growing number of sophisticated ransomware and other cyberattacks.”
And, since ransomware targets databases, Nair predicts we'll see widespread adoption of Backup as a Service (BaaS) solutions, which help companies quickly recover their data.
The US saw 145.2 million ransomware attacks in Q3 of this year, a 139% year-over-year rise. We even got ransomware in the guise of a beta release of Cyberpunk 2077 for Android. Expect similar costly bait-and-switches in the next year.
The Government will be Slow to Regulate Data Privacy
Data privacy in tech has been a hot-button topic for years, with massive giants like Google and Facebook facing antitrust cases as they enter 2021. But while we'll see a lot of state-level action, the federal government may still be dragging its heels.
Jedidiah Yueh, Founder and CEO at Delphix, foresees that industries everywhere will get more siloed state-level data privacy regulations, but the feds will be slow to respond with unified regulation.
“Balancing the benefits of data-driven innovation while navigating the risks of violating data privacy regulations is not new, but we may be heading toward a tipping point. Following GDPR and more recently, the CCPA, we may start to see individual states implement customized regulations,” says Yueh. “If regulations increase in a widespread and non-uniform manner, businesses will be hamstrung trying to interpret ever-changing, overlapping regulatory requirements, which will significantly slow down how companies can access and use data across territories.”
The takeaway here: Businesses must take action to explore how to best preserve data privacy without hurting rapid digital innovation. Even the best remote access software can't fully ensure data will stay safe. Getting scalable automation to play nice with compliance is tough, but it'll be a must.
Security Pros will Revisit Previously Rejected Solutions
Cybercrime may be evolving, but so are the good guys: Caroline Wong, Chief Security Officer at Cobalt, foresees that 2021 will be the year the industry solves the unsolvable.
“Advances in technology will present solutions to problems that security professionals had previously given up on,” Wong states.
One example Wong gives is pentesting. Short for “penetration testing,” this refers to simulated cyberattacks aimed at evaluating the vulnerability of the system. Organizations had given up on the process, finding it too expensive and complicated to implement broadly or frequently. But now that cybercrime is rising, they'll rethink their priorities.
Wong has another example: “Similarly, sensitive data in big data platforms is often stored ‘in the clear' because encrypting it would cause unacceptable damage to performance times for queries. 2021 will be the year when solutions to this ‘given up on' problem emerge.”
These types of trade-offs — swapping fast performance for better encryption — will become more common across tech in 2021, making security healthier overall.