2021 predictions
I started a tradition when I blogged last year about security predictions. Hopefully my third kick at the prediction can yields better results! Obviously last year’s list missed a global pandemic, subsequent lockdown, and a major shift in how people work. This event cascaded into all facets of life and resulted in a number of fundamental changes to workflows and securing them. My predictions were techcentric and my crystal ball was foggy on the pandemic front, hopefully this year’s list is a bit more accurate. Here’s a recap of last year’s list.
The number of insider threats will grow immensely. The rapid unplanned move to work from home made insider threat issues spike last year and this upwards trend will continue.
More privacy laws and regulations will be created. Politicians were understandably busy with COVID-19 in 2020 but given the explosion of work from home and insider threats, this one seems like a no-brainer.
California passed a Consumer Privacy Act before the pandemic and is starting to implement it now.
I hoped ransomware protection would proliferate but it didn’t work out this way at al!. Fingers crossed that this happens eventually.
The rapid shift to remote work at the beginning of 2020 created lots of new challenges but the latter half of the year did bring improvements to identity management, including passwordless options. In fact not only did passwordless and zero trust options gain popularity but so did multi-factor authentication and other similar systems. Makes sense given the remote work shift.
We will see more new named attack vectors. And we did… but not as many as I anticipated.
The Solarwinds/Fireye sprung a few new names like Sunburst and Supernova to name a few. Second APT group was involved. Some new malware families have been discovered as well. Microsoft called their threat’s solorigate.
Zoom had quite the year. Huge increase in usage brought security researchers along discovering many weaknesses. Zoombombing and cryptography issues. Check out our blog on Zoom for an overview.
What are my predictions for 2021?
Python 4
The official end of life announcement of Python 2 makes room for Python 4 roadmaps. Discussions are already in progress about what Python 4 should look like but, the difficulty is, how do you improve perfection?
Quantum computing breaking security
Quantum computers are now available for purchase so it’s just a matter of time before we have to rethink everything we’ve come to rely on for security. This will be difficult to pinpoint because you won’t know exactly when it happens. Fortunately there are talented people working on this problem so fingers crossed we have a solution before we have a real problem. Internally we have followed Cisco’s crypto guide to becoming ‘quantum resistant’.
Phishing improvement
One of the key reasons current phishing campaigns fail is because their simple grammar and spelling mistakes are easy to detect. Phishers will start paying more attention to these details making it far more difficult to detect phishing. It’s a cat and mouse game and it’s their turn to make a move.
Major cloud services outage
We often see short (a few hours) outages affecting many websites at once. Remember when Slack started off 2021 with an outage. & AWS outage in Nov 2020. We will see a larger outage in 2021 that will force cloud availability tests into the forefront of every network team’s mind. This may even come with a major data breach that will force cloud security tests into the forefront of every security team’s mind, though who are we kidding here, cloud security should already be a priority.
Cyber cold war
This is not a great prediction because it’s already in progress. Look no further than the attacks on Chinese tech like Huawei and Tiktok or antitrust actions against US tech companies like the 46 states suing Facebook for antitrust and the myriad antitrust lawsuits against Alphabet aka Google around the flat earth. The cyber cold war is already on but it’s going to see some serious changes in scope this year.