What a year 2020 has been. As we look ahead to 2021, we have been discussing our thoughts on what might lie ahead for the cyber security world.
Ransomware & Insider Threats
Ransomware will continue to be a significant threat throughout 2021. We will see increased targeting of larger organisations. As well as more creativity when it comes to initial access, potentially with insiders or Azure Active Directory being used to bypass the perimeter and get the ransomware in.
The current ransomware model of publishing part of the sensitive data stolen to pressure the affected organisation to pay the ransom means we should expect the quantity of reported data breaches to continue in an upwards trajectory too.
Alternate Phishing Approaches
We will see a surge in non-email based phishing (e.g. SMS and other mobile messaging services). Email phishing will definitely remain, however, the lifetime for a phishing website is now relatively short. This is not the case for non-email based phishing where limited detection capability hinders a response.
Greater Scrutiny over Security Spend
The biggest, but probably least visible, change that we will see this year is much greater scrutiny over security spend. A lot has been spent on “silver bullet” tooling that has not really delivered in line with its price tag. Consequently, we will see organisations starting to approach things a little differently, a confidence to focus on getting their security posture right rather than being swept along with what everyone else is doing in order to be seen to be doing security.
Predictions aside, what we would really love to see more of this year is organisations talking publicly about security incidents and challenges in detail. Removing the pretence that they do not happen, pooling knowledge, lessons learned, and effective countermeasures will do more to boost security than all of the products about to hit the cyber security market this year.