The US Treasury, the COVID-19 vaccine makers, and the cybersecurity company FireEye were just a cherry on the cake for cybercriminals, who have been attacking governmental institutions and private companies alike in 2020 – a year that no one will want to remember but find it very hard to forget.
In 2020, cybersecurity came under the spotlight as we moved our offices to our homes, as classrooms moved online, and some people, mostly newly unemployed and desperate, chose the cybercriminal “career.”
The attack surface for malicious actors is broader than ever. In 2021, problems already faced by security experts will be here to stay, while new undesired issues will arise. All that, of course, is up to speculation. Nevertheless, many experts try to predict the future so that companies and governments could better prepare for the risks ahead.
Ludmila Morozova-Buss, International Cybersecurity Woman Influencer of the Year and a Ph.D. student and researcher at Capitol Technology University , has recently published her book ‘Raise the Cybersecurity Curtain. Predictions 2021’. In the book, she shares the predictions of, as she has put it, cyber warriors.
“We are living in a complex and messy system which cannot be controlled. Where every solution creates a NEW problem,” Ludmila says in the afterword of her book.
According to her, cybersecurity is hard for several reasons.
1) It’s not just a technical problem.
2) The rules of cyberspace are different from the physical world.
3) Cybersecurity law, policy, and practice are not yet fully developed.
4) There’s not enough manpower in the world to make sure networks are 100% secure 100% of the time, especially with the prevalence of a cloud-based infrastructure.
5) The people making the decisions often do not understand the nature of the problem nor the technical issues at the lowest level.
Ludmila agreed to share some of her e-book content with CyberNews. So, CyberNews chose the predictions by Dr. Ian McAndrew from Capitol Technology University, Thomas Harrer, a CTO at IBM, and Stéphane Nappo, CISO at SEB. The rest can be found in Ludmila’s e-book (check the link above).
Dr. Ian McAndrew, Capitol Technology University
Cyber risk is a major risk for all organisations nowadays. This risk will compound more in 2021 to the extent that we are likely not even to control the risk ourselves.
Almost all Cyber Risks fall within one of the 16 US-defined Critical Infrastructures and it is a collective responsibility to do our most.
These all in turn link to satellite communication and current international treaties are obsolete, ineffective and possibly ignored.
Cybersecurity in space must now be considered as critical as our own systems to maintain robustness in our operations. Space wars are real, the risks and consequences potentially changing all parts of our lives.
Cybersecurity is a subject that requires logic, knowledge, thought and commitment. It can be applied or research based. It is a true leveller for all to enter, be successful and lead the future of cybersecurity. The modern world is a dangerous cyber world for the innocent now and cyber experts are needed more than ever.
The education of the next generation of cyber experts must start now, including all those that have historically been limited to be part of this defence of our ways of life.
Thomas Harrer, CTO IBM Systems EMEA
In the current times, organizations enjoy large opportunities to innovate the business based on Data and AI.
A hybrid cloud platform architecture enables agile development combining mission critical data with new and unstructured data. New business services can leverage more information, insights, knowledge and automation to increase the efficiency of digital business processes and solutions.
While the chances are tremendous, there is also a very dark side of the digitalization – organizations depend more on their data and securing and protecting systems and data becomes a strategic must.
Cybercriminals have evolved their resources and skills to compromise nearly every organization no longer restricted to technical exploits but also by social engineering and by applying specific understanding of the target organizations.
The probability of a data breach is increasing because hackers are becoming smarter and more competent. The average cost of a data breach is about $3.86 million in 2020 (Ponemon Study). It is therefore wise to apply encryption to the data – mitigating the damage if the data gets stolen.
It is important to protect the data and establish an air gap to the backup copy in case the hackers destroy the operational data after having destroyed the backups. A comprehensive security strategy helps to mitigate the rising cyber-risks.
Stéphane Nappo, 2018 Global CISO of the Year, Vice President & Global Chief Information Security Officer (CISO) Groupe SEB
One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks.
The digital world is in constant transformation and there is no way of predicting what the world will look like in five years and who the new conquerors of the digital space will be. Cybercrime and cybersecurity follow ineluctably this trend, therefore, “if you think you know-it-all about cybersecurity, this discipline was probably ill-explained to you.”
The dependence of the physical world to the digital one will increase with an extension of the cyber risks impact to environment and people; the adjustment of industry to the structural change generated by digital technologies and the transformation of society.
Acting both as cyber warrior and profit enabler, the CISO 2021 will have to meet unexpected challenges and meet the boards’ expectations to secure the value chains beyond the company boundaries and the technical dimension.
What 2021 will bring:
- Boosted by the pandemic, the direct-to-consumer shift ‘from offline to online’ will increase the attack surface of the retail realm.
- Data sovereignty will become a major concern for nations and their economies.
- Large number of Internet of Things (IoT) devices will turn into Internet of Threats after being hijacked in public areas, at home or at enterprises.
- Classical cryptography will lose the ground in front of quantum computing weaponization.
- Post quantum cryptography will emerge (from theory to reality) as a necessary solution.
- “Technology trust is a good thing, but control is a better one.”
- Fix the basics, protect first what matters for your business and be ready to react properly to pertinent threats. Think data, but also business services integrity, awareness, customer experience, compliance, and reputation. And do remember:”Threat is mainly the reflection of our weaknesses.”
- Rather than fearing or ignoring cyber-attacks, ensure your cyber resilience to them. In times of hyperconverged infrastructure platforms and technologies, hyperconverged problems, strive to create hyperconverged solutions!
- “Security, like life, has the colors that you give it.”