The Information Security Forum (ISF), the trusted source that senior security professionals and board members turn to for strategic and practical guidance on information security and risk management, has announced the organization’s outlook for the top global security threats that businesses will face in 2021. Key threats for the coming year include:
Cybercrime: Malware, ID Theft, Ransomware and Network Attacks
Insider Threats are Real
The Digital Generation Becomes the Scammer’s Dream
Edge Computing Pushes Security to the Brink
Rushed Digital Transformations Destroy Trust
“If COVID-19 has taught us anything, it is that there is a very real need to anticipate threats, to develop scenarios for handling them and to test our response before they destroy our businesses,” said Steve Durbin, Managing Director, ISF. “As data breaches increase, new technologies emerge, and the geopolitical landscape becomes more complex, business leaders need to rethink cyber. Increasingly they need to view it as one that, if left unguarded, can wreak significant damage.”
The top threats identified by the ISF for 2021 are not mutually exclusive and can combine to create even greater threat profiles. The most prevalent threats include:
Cybercrime: Malware, ID Theft, Ransomware and Network Attacks
We have seen an increase in cybercrime targeting the COVID-19 “opportunity”. Not restricted to ransomware attacks on hospitals, this has also seen targeting of remote workers who are accessing corporate systems. Setting up fraudulent charities, fraudulent loans, extortion along with an increase in traditional phishing and malware are all on the increase. The changing threat landscape requires risk management and security practitioners to pay close attention to how exposures change over the coming months and the circumstances that influence the level of protection.
Insider Threats are Real
The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2021.
The Digital Generation Becomes the Scammer’s Dream
The next generation of employees will enter the workplace, introducing new information security concerns to organizations. Their attitudes toward sharing information will fall short of the requirements for good information security. Reckless attitudes to sharing information online will set new norms for security and privacy, undermining awareness activities; attackers will use sophisticated social engineering techniques to manipulate individuals into giving up their employer’s critical information assets.
Edge Computing Pushes Security to the Brink
Edge computing will be an attractive architectural choice for organizations; however, it will also become a key target for attackers. It will create numerous points of failure and will lose many benefits of traditional security solutions. Organizations will lose the visibility, security and analysis capabilities associated with cloud service providers; attackers will exploit blind spots, targeting devices on the periphery of the network environment, causing significant downtime.
Rushed Digital Transformations Destroy Trust
Organizations will undertake evermore complex digital transformations – deploying AI, blockchain or robotics – expecting them to seamlessly integrate with underlying systems. Those that get it wrong will have their data compromised. Consumers and dependent supply chains will lose trust in organizations that do not integrate systems and services effectively; new vulnerabilities and attack vectors will be introduced, attracting opportunistic attackers.
“Attackers will continue to be presented with the tools and opportunities to target and exploit those who are unprepared,” continued Durbin. “The coming year will once again be volatile, but targets will be predictable. The organizations that see security as a strategic business issue, one in which people throughout the enterprise have a role to play, will be the organizations that prosper going forward.”
ISF Threat Horizon Reports
Each year, the ISF releases their latest ISF Threat Horizon series of reports, aimed at both senior business executives and information security professionals. These reports are designed to help organizations take a proactive stance to security risks by highlighting challenges in the threat landscape and identifying how the confidentiality, integrity and availability of information may be compromised in the future. For more information, please visit the ISF website.
About the Information Security Forum
Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. The ISF is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.
ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. By working together, ISF Members avoid the major expenditure required to reach the same goals on their own. Consultancy services are available and provide ISF Members and Non-Members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products.
For more information on ISF membership, please visit https://www.securityforum.org/.