Cybersecurity has become a priority for many companies this past year. This difficult time has shown us that whether you are a small or a big company you are not immune to vicious cyberattacks. The far-reaching cybersecurity breaches of 2020, culminating in the widespread Solarwinds supply chain attack, were a reminder to CEOs of the heightened importance of cybersecurity.
According to the World Economic Forum’s Global Risks Report 2021, cyber risks continue ranking among global risks. It is true that COVID-19 pandemic has accelerated technological adoption, but also exposed cyber vulnerabilities and unpreparedness.
Top cybersecurity challenges for 2021
So, what can we expect for 2021? Here is a list of the top cybersecurity challenges that decision makers should consider in 2021:
- Digital transformation
- Evolution of different cybersecurity threads
- Complex regulations
- Dependence on other parties
- Lack of cybersecurity experts
- Difficulty detecting cyber criminals
COVID-19 has accelerated the Fourth Industrial Revolution, expanding the digitalization of human interaction, e-commerce, online education and remote work. Large scale adoption of remote work, the widespread use of cloud technology, the rise of 5G and IoT devices are all helping edge computing become an attractive value proposition for several companies.
If digital transformation is rushed without embedding security from the ground-up or is bolted-on to existing legacy systems without due consideration to cybersecurity, then it can introduce new risks to the business.
Evolution of different cybersecurity threads
- Exposure of known and unknown internet-facing vulnerabilities: Any network connected to the internet is exposed to internet-facing vulnerabilities. Therefore, remote workers using a VPN, Remote Desktop Protocol (RDP) or other access tool are at risk. In 2021, cybercriminals will continue using tactics that focus on compromising internet-facing infrastructure – exploiting vulnerabilities in unpatched servers with stolen credentials or identify potential victims with exposed RDP connections or FTP servers.
- Ransomware attacks: the wave of ransomware attacks on healthcare systems to the pervasive impact of a compromised provider of widely-adopted network management systems are proof that this could only get worse . There are 3 ways through which ransomware can enter a system: email phishing, social media phishing and exploit kits. To convince users to click, cybercriminals are using extensive research and intelligence to find tactics that will be effective on the victim. Only on 2020, ransomware attacks resulted in $1 billion in financial damages.
Cyber adversaries do not stop at countries’ borders, nor do they comply with different jurisdictions. Organizations, meanwhile, must navigate both a growing number and increasingly complex system of regulations and rules, such as the General Data Protection Regulation, the California Consumer Privacy Act, the DFS 23NYCRR 500 Cybersecurity regulation and many others worldwide.
Privacy and data protection regulations are necessary, but can also create problems for businesses. Within organisations’ budgetary boundaries, companies have to defend and protect against attacks while they also seek to comply with complex regulations.
Dependence on other parties
Connected devices are expected to reach 27 billion by 2021 globally, driven by trends such as the rise of 5G, the internet of things and smart systems. The concentration of a few technology providers globally can also be translate in many entry points for cyber criminals throughout the digital supply chain. The attack against SolarWinds was a clear proof of the sensitivity of supply chain issues and dependence on Managed services providers.
Organizations must demand from their providers answers to these types of questions: Do we have the information we need to oversee cyber risks? How effective is your cybersecurity strategy at addressing business risks? How are you protecting my sensitive information?
Lack of cybersecurity experts and monitoring of critical systems
The lack of monitoring of critical systems can be due to several factors, like alert fatigue and overload, or poor automation. However, is generally a gap in cybersecurity skills. Decision makers must invest more in education, awareness, training and scholarships – leading the way for new generations to tackle the cybersecurity threats of tomorrow. Organizations that adopt cybersecurity and more importantly improve their cybersecurity infrastructure are more likely to be successful.
Organizational priorities should include a plan for each business to build its own cybersecurity workforce or hire a cybersecurity expert. Organizations must also recognize that mobility is implicit in the modern technology workforce. It will be important to plan for the expected tenure of experienced professionals and recognize the long-term benefits that will accrue from a reputation for cultivating this expertise, transmitted from veterans to newcomers entering the field.
Difficulty detecting cyber criminals
The likelihood of detection and prosecution of a cybercriminal was estimated to be as low as 0.05% in the US. This percentage is even lower in many other countries. Even when not obscuring criminal activity through techniques such as dark web tactics, it can be very challenging to prove that a specific actor committed certain acts.
We need to continue to adapt and take cyber risks seriously by planning, preparing, and educating. Remember It Support is not Cybersecurity but At Motiva, we specialize in protecting businesses just like yours from falling victim to increasingly complex threats and cybercrime.