This blog post was contributed by Matthew Gardiner, Principal Security Strategist at Mimecast.
We can all agree 2020 has been one for the books. And for many, books we would actually like to see burned. The pandemic has disrupted nearly every industry and cybersecurity has taken on its fair share of new challenges. Looking back on the year and forward on the next one, I surveyed my colleagues at Mimecast to get their thoughts on what we might see in 2021 and beyond as a result of the major changes we’ve been living through over the past nine months.
From increased regulations targeting payments to cybercriminals and budget impacted digital transformation efforts, to growing supply chain threats, here’s what they’re predicting:
Shrinking budgets will lead to an increase in cyberattacks – especially against smaller businesses
The impact of COVID-19 will continue to pose challenges for companies of all sizes and across industries, especially in the smaller business segment where a shrinking IT budgets and limited security expertise means IT teams will try to play catch up when it comes to security. As such, cybercriminals will take advantage of the “weak” security of smaller organizations as a means of gaining access to the networks of large organizations (We have recently seen this with the SolarWinds enabled breaches). For example, a phishing email can lead to an account compromise which can be used as a gateway to breach the larger organization. - Raafat Kastoun, Cybersecurity Expert at Mimecast
Connected devices in remote work environments will be the entry point for attackers
A material increase of cyberattacks exploiting consumer grade home networking vulnerabilities will negatively affect businesses globally that have not yet adapted their network security posture to align with the new hybrid work scenarios. These types of attacks will increase faster for smaller businesses than for large businesses. Large businesses, on the other hand, will increase their uptake of cyber insurance as a risk mitigation strategy. - Brian Pinnock, Senior Director, Sales Engineering EMEA at Mimecast
Digital transformation will slow to ensure security catches up with the times
The pandemic is accelerating digital transformation and securing these projects is front of mind. At the Board of Directors level, organizations will be forced to make tough decisions about where to allocate security budget and where risks are acceptable. In the EU, for example, GDPR dictates “security by design,” so it is essential that CISOs align the cost of securing a project with its overall cost and ROI to ensure each project is successfully secured. - Duncan Mills, Product Marketing at Mimecast
Regulators will sharpen their teeth to stem the flow of funds to cybercriminals
The work to do this will start in two ways – cryptocurrencies and payment to sanctioned organizations and criminals. Cryptocurrencies, other than creating investment bubbles, help people channel funds to criminals, causing their utility to be in question. Governments will move to outlaw or control these currencies in an attempt (likely unsuccessful) to turn off the tap. In regards to payments, Garmin, for example, got a light slap on the hand for paying out following a ransomware attack, but, going forward, the U.S. government will harden its stance on payment to sanctioned organizations and many other governments will follow. - Garrett O’Hara, Principal Tech Consultant at Mimecast
While 2020 has taught us that you can’t always predict the future, it is expected that the “new normal” will result in significant cybersecurity implications, some of them actually quite positive. By looking back at this past year, cybersecurity experts can anticipate these trends and potential risks to accelerate, so getting ahead of them will be a key priority in 2021.