6 min read
Summary: The COVID-19 pandemic ushered in an era of innovation that saw the rapid adoption of computing technologies in every facet of life. However, these innovations are not without challenges as unscrupulous agents are taking advantage of digitisation to carry out malicious activities. The global community must rise to face this emerging threat.
YEAR 2020 was a significant one for all people worldwide with the outbreak of the COVID-19 pandemic. It was a year in which all aspects of our lives were drastically affected, exposing our collective fragility and increasing feelings of fear and uncertainty. The arrival of COVID-19 forced people’s lives to move online, both at work and in person, and digital transformation accelerated. Technology helped to maintain social and emotional well-being and helped many organisations stay afloat. However, this new reality has also led to an increase in the number of cyber-attacks.
As cyber-attacks increase and new cybersecurity trends continue to emerge, organisations must take a proactive IT security stance to keep their operations safe. They must become more agile, flexible, and collaborative as they strive to protect their critical assets and infrastructure. They need to increase their digital security initiatives, change strategies, and educate employees about cybersecurity to deal with this increase in cyber-threats.
The year came with an optimistic outlook considering the current strides in developing vaccines for COVID-19. As businesses seek to transition to a new normal in 2021, we will examine some of the projections and expectations in the cybersecurity landscape and what will underpin organisations’ cybersecurity priorities in 2021.
There will be increased demand for remote working security. As organisations embrace remote and smart working, remote access to corporate environments brings quite significant constraints for enterprises to protect and ensure secure access to their networks. There is an urgent need for organisations to reimagine their cybersecurity approaches and evolve countermeasures of protecting teleworkers in the emerging future of work. In 2021, there will be increased adoption of remote and smart working models, and organisations must proactively embrace the zero-trust architecture to combat remote working threats.
Multi-Factor Authentication, MFA, will be critical. Nowadays, there are daily occurrences of authentication attacks and cybercriminals have perfected measures of using stolen usernames and passwords on underground forums to compromise organisations, using password spraying and credential stuffing attacks. Over time, cybercriminals have perfected the act of syphoning billions of credentials from breached interactions and systems across the dark web and underground forums.
These databases, paired with the ease of automating authentication attacks, means no internet-exposed service is safe from cyber intrusion if it is not using MFA. MFAs will be mandated as authentication requirements by regulators in many countries in 2021 and will be used to enforce and maintain security levels. Organisations should, therefore, make adequate preparations for implementing different variants of MFAs to cope with emerging trends and challenges.
The challenges around cloud security will increase. Even though organisations were gradually migrating to cloud before 2020, the advent of the COVID-19 pandemic accelerated cloud adoption and empowered remote working and online collaboration. This rapid migration and cloud adoption opened up new security threats and vulnerabilities across different computing systems, though the traditional cloud technology was premised around functionality and convenience and not security. Cybercriminals exploit these gaps to perpetrate all kinds of havoc, including espionage and cross country cyber attacks. To protect their information assets, organisations will have to focus efforts on improving cloud security initiatives.
Prevention and detection strategies will be crucial for all organisations, large or small, to protect themselves against these threats. Expanding the use of the cloud will require organisations to improve the visibility of their cloud presence, assets and vendor relationships to manage risks.
The adoption of technology-driven security tools will be rapid. Today’s most effective cybersecurity measures centre around insight and response. The mechanism for providing spontaneous response and data-driven insights rests on technology. These technologies, including automated security tools and advanced machine learning technologies, support decision making and provide alerts on risky thresholds in tackling threats and vulnerabilities. In 2021 the use of these technology-driven security tools will be at the centre of cybersecurity implementation.
With growing data privacy awareness and the adoption of the GDPR globally come greater scrutiny from clients and consumers, who demand their sensitive information be kept safe. Legacy technologies built on static rules can simply not stand up to this pressure, and we are instead going to see even greater adoption of intelligent security technologies that use contextual machine learning to keep data safe. Organisations will need to make conscious efforts to create security strategies and implement the same with intelligent technology-driven security tools and advanced machine learning technologies.
There will be an increase in ransomware attacks. COVID-19 brought some social challenges, including latent economic exposures across the globe. Individuals who hitherto were dedicated to specific employment relinquished these jobs or earned less than required. Of course, this increased the number of cybercriminals who attack databases and block user accesses to demand ransoms before providing access to legitimate users. These ransomware attackers will be targeting corporate entities, holding the company’s databases in exchange for crypto-currency or other forms of financial compensation.
[ALSO READ] 2023: Igbo presidency will end agitations for secession— Udeogaranya
The greatest challenge with ransomware attacks is the reputational dent on the organisation and the transit data accumulated by the attackers. Even when the accesses are restored, the attackers can still use the retained data to blackmail the organisation, make financial demands and publicly expose the organisation. Ransomware is becoming more technically advanced and sophisticated. In 2021, ransomware attacks will be the most rampant attack across organisations.
Several entities will be targeted and compromised. Organisations, therefore, must prepare for ransomware prevention and recovery. Networks should be segmented and components hardened. Disaster recovery, business continuity, and data recovery plans should be in place and tested periodically.
New forms of 5G vulnerabilities will emerge; 5G technology will be one of the greatest drivers and revolutions of this decade, enabling the fastest and broadest connectivity for humanity. As the 5G technology adoption set in as the standard form of cloud-based data transfer and communication, more vulnerabilities, compromises, and new cybersecurity threats will also emerge.
In 2021, the 5G broadband will provide cybercriminals and hackers with the capability to inject data packets across networks using high-speed data transfers and conduct corporate espionage with limited interference without these companies knowing. Organisations will need to prepare specially for the 5G technology adoption and provide higher security scrutiny and monitoring levels. Training and awareness will be supreme in this crusade to provide the capacity and know-how within the organisation.
The number of Advanced Persistent Threats, APT, groups will continue to grow. There have been increased hackers and cybercriminals’ activities across the clear, deep, and dark web using Advanced Persistence Threat, APT, with new groups emerging every day. The dark web, for instance, allows cybercriminals and hackers to have access to sensitive information and corporate networks, transact on stolen credit four cards, etc.
More actors are joining the foray, and these groups are continuously growing across different sectors and interests. This year, organisations will increase their digitalisation processes using social media, web sites, mobile phones, and cloud. It is essential that they keep tight control over their digital footprint and keep track of it in real-time and control all activities within the outlying borders of their extended organisation.
Smart phones and mobile devices will be a target in 2021. The proliferation of mobile connectivities across many networks in itself is a major cybersecurity challenge. Such mobile devices are being used directly to connect to corporate networks even in this remote working era. The attention in 2021 will be on mobile device attacks. The presence of advanced spyware and vulnerabilities in many mobile software applications will give cybercriminals access to valuable data. Organisations should create comprehensive cybersecurity programmes to include accurate inventory to protect their information assets, including non-traditional assets such as BYOD, IoT, mobile and cloud services.
Organisations will pay more attention to cybersecurity. With the expansion of remote working and increased digital transformation adoption triggered by the COVID-19 pandemic, executive management has seen the reality of cyber risks and the implications to business continuity. This has elevated cybersecurity conversation to a board room agenda, and most organisations are giving adequate consideration to information security as a strategic component of the business strategy. In 2021, many organisations will be very deliberate in managing cybersecurity, including appointing the chief information security officer, CISO, as a C-suite within the executive management.
Cybersecurity automation will increase. Cybercriminals have devised several ways of stealing and accessing corporate databases and networks, and these techniques are being improved daily. Cybersecurity automation simplifies organisations’ response in providing a faster response and efficient containment mechanism. With the growth in the number of cyber-attacks and the increasing accuracy of cybercriminals in gaining access to systems, cybersecurity automation is a safe solution to prevent cyber-attacks and data breaches.
In 2021, the focus of cybersecurity automation will include automation of threat correlation, automated enforcement of MFA on any resource, authentication five sequence, vulnerability scanning, Penetration Tests, security patch management, traffic logs, etc.
In 2021, organisations will scramble to deal with the far-reaching effects while striving to stay secure as online dependency grows. These suggestions and recommendations are not only plausible but should also be anticipated. We looked into the drivers of cybersecurity’s near future and how organisations will have to adapt as threats and technologies exert their influence.
It is pertinent that organisations and decisionmakers frame a proper and strategic response that can withstand change and disruption. Organisations need to be proactive in managing cybersecurity initiatives, including beefing up cybersecurity programmes, implementing cybersecurity systems, managing vulnerabilities and risks, testing incidence response and business continuity plans.
• Organisations should implement different types of Multi-Factor authentication(MFA) to guard against data breaches.
• Organisations have to focus on improving the security of their cloud-based solutions.
• Organisations should consider adopting machine learning tools and automated security tools which provide support systems, cyber threat alerts and other tools for
early detection and prevention of security breaches.
• Organisations need to set up proper prevention and recovery strategies against ransomware attacks.
About the Author: Jason Ikegwu is a Partner of Phillips Consulting and the first indigenous payment card industry qualified security assessor (PCI-QSA) in West Africa. A top-performing business and technology professional with over 16 years working experience and strong track record of achieving demonstrable results in business strategy, programme management, process improvement, enterprise business transformation, business innovation, information security implementation, information technology, digital and operating model design and big data analytics.
Keywords: Security, Cybersecurity, Authentication, Multi-Factor Authentication, Technology, Cloud security