What does the future of infosecurity entail?
Article by DigiCert vice president of IoT security Mike Nelson.
2020 has presented the world with constant changes, curveballs and shifts in business strategy.
This has caused the infosecurity industry to implement real-world solutions which are likely to remain beyond the end of this global pandemic and into 2021. While predictions are hard to make after the year that’s been, the below trends outline areas that will be a key focus in 2021:
Prediction: Socially engineered attacks will get more complex
According to Verizon’s Data Breach Investigations Report for 2020, social engineering is a top attack vector for hackers, likely to continue leveraging current events to unprecedented levels:
Unemployment fraud: With unemployment fraud at an all-time high, there will be an increase in these attacks as pandemic-focused unemployment programs from governments have lowered the barriers to collecting benefits, and security methods have not been able to keep up.
COVID-19: Free COVID-19 tests will be leveraged heavily by threat actors in the New Year. Scammers will utilise social engineering to dupe consumers into providing a mailing address, phone number and credit card number with a promise to qualify for a free COVID-19 testing kit.
More COVID: The offer of fake, ‘government-approved’ cutting edge technologies to fight COVID-19 and take the temperature of those in proximity will trick users into downloading malicious apps on their smart devices that can be leveraged for nefarious activities by threat actors.
Tax deadlines: With JobKeeper and JobSeeker payments being extended into the new year, expect threat actors to leverage this to their advantage in 2021. Phishing around tax season will drastically increase.
Prediction: Shortcomings in data security are going to cause a slowing effect on telehealth organisations due to an increase in targeted attacks
Telehealth providers are opening themselves up to cyber-attacks on an unprecedented scale. Before the pandemic, telehealth comprised only a small fraction of medical visits. However, beginning in March 2020, much of medicine suddenly shifted to the telehealth model – as many GP’s are independently owned and operated, data security needs to be a major consideration.
The value of a single health record is high, and this will become a growing target for fraudsters looking to take advantage of this situation. It’s a perfect storm.
Healthcare providers are rushing to set up systems and keep up with exploding telehealth appointments, while hackers are looking for soft, high-value targets. As news of successful attacks spreads, this will result in eroding patient trust.
Prediction: The ‘new normal’ will be under attack
The new normal will result in an increase in travel, a reduction in unemployment, and a transition for workers to return to the office, leading to threat actors’ attacks on the following:
Travel: Fraudsters looking to take advantage of the new normal will target holiday-starved travellers looking for good deals online or via email. Phishing attacks will be the tool of choice and will be leveraged successfully by fraudsters.
Back to the office: There will be a steady crescendo of applications offered by threat actors with the promise of increased productivity tools to ease the transition back to the office. Expect new attackers to target common home devices that are used for workers splitting time between home and the office.
Data Breach News: News of data breaches will increase in 2021 as the public learns of exploits on companies that haven’t done a good job securing their remote workforce.
Prediction: 2021 will bring increased focus on automation and efficiency solutions in the security market
As organisations work to keep the lights on and scrutinise the bottom line, there will be a resulting push for efficiency in security technologies. Security teams will be asked to do more with even fewer resources. 2021 will bring an emphasis on technologies that allow organisations to do more with less, and automation will play a significant role in terms of security innovation in the new year.
A consolidation of security vendors will take place in 2021 as businesses look to reduce the number of vendors within their environments. Trusted vendors with leading global technology and local resources where their customers live will be valued, as will be their emphasis on automation of security tasks.
As security investments focus on immediate value, Quantum Computing will continue to move forward. As Quantum Computing allows for tasks to be more efficient, organisations will prioritise its continued development. Improvements and efficiencies are recession-resistant.
Prediction: Staying safe online
Identity and consumer accountability of their permissions and controls over data will lead to a new interest in how to stay safe online and with connected devices.
Concerns over contact tracing and other government intrusions of personal privacy will lead to a public appetite for ways to identify organisations with which they connect online and for better assurances of the security of the connected devices in their everyday lives.
As organisations look to the future, protection in the present needs to be considered. Bring on 2021.