Top Cybersecurity Trends For 2021 and Beyond

Abstract 

This article provides an overview of the cybersecurity landscape and how it was dramatically  shifted due to the COVID-19 pandemic. In addition, it provides a look into the future with the  top 10 cybersecurity trends and predictions for 2021 and beyond. The pandemic response  caused massive disruptions to the way we live, work, and conduct business. Organizations  rapidly shifted to online operations and remote working to maintain normalcy during the  pandemic. These transitions will continue into post-pandemic and beyond as the new normal.  Cybercriminals have responded and will use this opportunity to launch a new breed of cyber  attacks in 2021. The article outlines the top cybersecurity concerns for 2021 and beyond. 

Introduction 

Along with every other discipline, the cybersecurity threat landscape was completely  disrupted in 2020 due to the pandemic. The COVID-19 pandemic was a central theme last  year and caused significant disruptions in the way we utilize technology to conduct business.  The response to work-from-home and lockdown orders forced organizations to reconsider  how and where they conduct business and cybercriminals took advantage of increased  remote work and cloud adoption. 

Holistically, organizations have become security conscious and have taken an initiative to  increase their defense against threats. Cyber Awareness campaigns have been successful  in increasing basic cyber hygiene practices. National campaigns such as the Cybersecurity  and Infrastructure Security Agency’s “Stop, Think, Connect”¹ and the National Initiative for  Cybersecurity Education (NICE) have produced positive cybersecurity industry outcomes.  However, the pandemic and the rapid shift to remote, online, and cloud services have disrupted  not only 2020 but also the future cybersecurity trends in 2021. 

I have been in the technology industry for 20+ years and specializing in cybersecurity for most of  my career. I have graduate degrees in technology and cybersecurity, and my Ph.D. dissertation  research involved cybersecurity and cloud computing. Currently, I am utilizing my skills,  expertise, and experience as a professor of practice and associate program director for Tulane  University’s technology and cybersecurity programs. Additionally, I am active in many national level cybersecurity organizations as a subject matter expert. As such, I typically receive emails  and requests for “What is coming next for cybersecurity?” and “What are my cybersecurity  predictions for the upcoming year?” Due to the technology response to the pandemic last  year, I believe that in 2021 we will still be in a biological pandemic but also a Cyber Pandemic.² The evolving business and IT landscapes have created new cyber exposures and increased attack surfaces. The volume, range, and types of cybersecurity attacks will potentially be vastly  different next year. Below are my Top 10 Cybersecurity Trends for 2021 and beyond. Although  every cybersecurity threat identified in this report should be considered significant, the threats  are ranked in order of priority and potential risk levels, starting with the highest risk items first.  

Cybercriminals Will Continue to Exploit The Pandemic for Cybersecurity Attacks 

During 2020, we saw a 600% plus increase in COVID-19-related cybersecurity attacks.³ This  trend will continue in 2021 as the pandemic will be at the top of everyone’s minds and on  news coverage. Continual news of vaccine developments or new national restrictions will cause phishing attacks to increase throughout the year. Attackers will look to seize the opportunity  to exploit the keen interest in the ongoing pandemic and will continue to exploit this public  interest to gain a foothold in target systems. Pandemic social engineering attacks in 2021 will  likely focus on government-issued stimulus checks and vaccine information. Criminals have  worked quickly to take advantage of the vaccine rollout to trick users into clicking on malicious  links in emails and SMS messages. Since the pandemic began, there has been a 300% increase  in cybercrime.⁴ The FBI is already tracking social engineering attacks that utilize the public’s  interest in the COVID-19 vaccine. ⁵ In 2021, cybercriminals will use the pandemic to their  advantage, and we will see an even larger increase in cybercrime.  

Home Offices Will Be Top Cyber Targets 

The boundaries between home and office blurred last year, and cybercriminals realize that home  offices are not only easy targets but accessible gateways into the corporate network. Work will  continue to be performed over home internet connections. Many home routers lack advanced  security features and remain unpatched and even outdated. In 2021, we will see increased attacks  on home networks. Cybercriminals will begin to use home network devices as launching pads to  attempt to gain access to other higher targets. The most extensive vulnerabilities will be exploited  on home internet routers and connected Internet of Things (IoT) smart devices. 

Additionally, with more employees working from home, cybercriminals will focus on  vulnerabilities in personal computers, especially the software and operating systems. As a  pandemic response, over 80% of organizations allowed employees to use personal devices.  However, over 70% did not have adequate security configurations and lacked enterprise  malware protection, and relied on the basic software included with the endpoint device.⁶ It is  essential to reflect that the rise in remote work is happening during the same year Microsoft  has ended support and stopped issuing security updates for Windows 7, which is still the most  popular home operating system. Hackers will seek to exploit the increasing flaws in Windows 7  because many home users will not easily update their devices. I predict that at least one major  corporation will suffer a cyber breach due to a corporate employee’s home network.

Ransomware Will Remain A Top Threat 

Ransomware has increased 239% since 2019, and it is nothing new to learn that ransomware was  near the top of many security threats lists in 2020. In 2021, it is not surprising to anticipate that  ransomware attacks will only continue to increase. The ransomware damage costs are predicted  to be $20 billion USD of the overall $6 trillion USD caused by cyber incidents by 2021. A business  will fall victim to a ransomware attack every 11 seconds at that time,⁷ and the cost to recover  from a ransomware attack has increased by 228%.⁸ Ransomware attacks will continue to evolve to  become even more technically advanced by using Advanced Persistent Threat (APT) techniques to  explore, probe, and map the entire network to locate the most valuable and vulnerable systems  before starting the enterprise-wide encryption. The new breed of ransomware will change  administrator accounts before the final attack and utilize blitz attacks to encrypt multiple devices  simultaneously. The new variants of ransomware will also encrypt and destroy data, threaten to  leak potentially compromising data, and put additional pressure on victims to pay ransom fees.  A common strategy to mitigate the risks associated with ransomware has been to keep a copy  (backup or primary) of the data in a cloud file sharing service. In 2021, we will see ransomware  attacks expand to cloud data shares as well as on-premises hard drives.  

The Rapid Shift to Cloud Will Expose Security Risks  

The pandemic caused organizations to quickly pivot to cloud services, online business, remote  work, and home offices. The deployment of these emerging technologies like cloud and online  operations was implemented at a rate never seen, and this trend will continue into next year.  Experts predict cloud deployments to increase by over 35% in 2021.⁹ Unfortunately, many of  these services were implemented with security as an afterthought. While the quick pivot to cloud everything did enable operations to continue functioning during the pandemic and extended  the organization’s borders, it also introduced many new security risks. More importantly, most  new cloud deployments were implemented with default configurations or improper settings  for fast and easy use. Many of these misconfigurations are still in place, and hackers will exploit  these vulnerabilities. Virtually every high-profile cybersecurity breach with a cloud deployment  was due to misconfigurations caused by the inexperienced cloud end-user. Even veteran IT  professionals need additional skills and training to configure and secure cloud resources properly.  The responsibility of where the cloud service provider’s responsibility ends and the organization’s  responsibility starts is often misunderstood by new users of expanded cloud services. Many new  cloud adopters make the incorrect assumption that cybersecurity is the complete responsibility of  the cloud service provider.¹⁰ 

In 2020, we saw threat actors take advantage of these insecure cloud deployments, but the  majority of hackers have only done footprinting and recognizance exercises. In 2021, we will  see a plethora of cloud security holes exposed and organizations compromised due to the rush  to cloud in 2020. Enterprise applications and cloud software implemented will be continually  hounded by hackers. The rapid acceleration of cloud adoption during the pandemic will  shift the cybersecurity landscape dramatically.

The primary issue is that traditional IT methods cannot respond to the speed and agility of the  cloud, and IT professionals and end-users alike have more power than ever in their hands with  the cloud. Additionally, cloud infrastructure is growing in complexity requiring specific skillsets. Because of the ease of availability, many IT professionals are experimenting with public cloud  services without fully understanding the complete details from a security perspective. This  vastly increases the overall risk profile. Virtually every security breach involving data hosted in  public clouds exposing information or other critical assets was caused by incorrect configuration  by humans. The common mistake is that most organizations still use traditional IT tools and  techniques to manage cloud security and compliance. Cybersecurity has traditionally been  based on physical security concepts. I have often used the example of a medieval castle to  explain traditional cybersecurity methods. The purpose of a castle was to keep the people and  contents on the inside safe. The defenders would build strong high walls, towers, a moat, and  other layered perimeter defenses. The castle defenders would build a drawbridge to control  and limit the access into the castle’s interior from a single point. This is like cybersecurity  professionals installing a firewall and IPS/IDS at the network border and control ingress/egress  to the protected assets inside the network. This type of security architecture is fundamentally  at odds with today’s cloud and edge architecture. Applying tried and true traditional cyber  defense methods will not be successful in the new computing beyond the perimeter wall in an  edge-computing environment.  

Vulnerabilities Targeting 5G Connected  IOT Devices will Increase 

The completely connected, fast digital reality promised by 5G also gives cybercriminals more  access and opportunities to launch attacks targeting all devices connected to the new 5G  network. As 5G networks begin to be implemented nationwide, the numbers of connected  IoT devices will also immensely expand, considerably increasing 5G-connected network  vulnerabilities to large-scale, multi-vertical cyberattacks. Botnets and Distributed Denial of  Service (DDOS) attacks have reduced somewhat in recent years due to emerging cyber defense  technologies. However, the 5G expansion will fuel the botnet armies and increase attacks.  

Implementing ways to secure 5G effectively will be a concern in 2021, and the quality and  integrity of the IoT devices themselves will continue to be a threat next year. Cybersecurity  professionals are looking at new IoT devices’ internal workings for signs of implementation  

problems, cryptographic discrepancies, and even backdoors.¹¹ Hackers will perform their own  testing on legitimate IoT devices to look for undiscovered vulnerabilities that they can exploit.  I predict that we will see several high-profile IoT-related hacks in 2021.

Legacy Technical Architecture Will Be  The Weak Link for Many Organizations 

Any legacy technology, including servers, network infrastructure, workstations, and especially  software applications, have always been prime targets for threat actors. These legacy devices  and endpoints are usually not maintained as much as modern deployments. In many cases, the  original vendor no longer supports or provides updates and patches to the legacy equipment.  In these cases, vulnerabilities will go unmitigated for long periods of time, allowing hackers  easy access. The focus during 2020 was all about the response to the pandemic and for remote  access. Many projects to upgrade legacy systems were put on the back burner because the  pandemic response took priority. Vulnerable legacy systems remain at corporate offices. This,  combined with the fact that most employees will continue to work from home with equally or  more outdated technology, is a cybersecurity disaster recipe. One glaring example is Windows  7 and Server 2008 operating systems. Specialized hardware and legacy equipment also prevent  many organizations from upgrading away from legacy operating systems because the underlying  equipment is not compatible with the newer operating systems. A significant portion of  business and home users will continue running outdated and legacy operating systems that are  long past their expiration dates. Cybercriminals will see this as an opportunity and look for ways  to take advantage. I expect that we will see several new vulnerabilities surface that will result in  significant security breaches as hackers will ramp up targeting these legacy systems. 

In addition to the legacy endpoints, many organizations rapidly deployed legacy security  architecture to deliver virtual operations and remote as soon as possible. Some of these  examples included allowing Remote Desktop Protocol (RDP) sharing through the corporate  firewall and legacy Virtual Private Network (VPN) services. In contrast, these services make for  fast and easy deployments and configuration for remote services. It also comes with serious  security risks, and even novice-level hackers can easily exploit these types of configurations.¹² With more than 400 million businesses using these services, we will likely see an increase in  VPN and RDP attacks during 2021.¹³ 

Social Engineering Attacks Will Increase  and Become More Sophisticated 

For years, social engineering has been one of the top tools in the hacker’s toolbox. Webroot  describes social engineering as the art of manipulating people, so they give up confidential  information.¹⁴ This is usually done with carefully crafted emails or text messages tricking victims  into clicking on a malicious link. The malicious links may contain malware or take the user to a  website for more advanced social engineering tactics to gain access to passwords or other sensitive  information. Social engineering attacks account for more than 80% of reported security incidents. ¹⁵ Organizations can have a healthy security posture, but social engineering methods involve deceiving  users into unknowingly breaking the standard security practices. With over 50 million social engineering attacks, nearly 90% of all organizations worldwide experienced a social engineering  attack within the last year.¹⁶ The volume of cybersecurity social engineering attacks will exponentially  increase in 2021. In addition to the number of social engineering attempts, the sophistication of the  attacks will increase as well. Email filters have matured and use technologies to identify and block  social engineering and phishing emails. Cybersecurity user awareness campaigns have increased,  as has end-users’ knowledge of how to spot suspicious emails as phishing attacks. Criminals will  continue to modify their attacks in response to the defense measures. Social engineering attacks in  2021 will be challenging to identify by both email filters and human perusal.  

Emergence of Cybercrime Gangs  

Criminals working together to commit crimes is not a recent phenomenon. Criminals have had a long  history of joining together to commit organized crimes. Traditionally, hackers and cybercriminals have  worked independently or in smaller groups. Threat actors have been quite segmented, specializing  in one type of malicious hacking activity. Last year, we started to see the beginnings of cybercriminal  organizations collaborating and even coordinating attacks. Some cybercrime groups are coming  closer and closer together. One example is ransomware developers working with botnet operators.  A recent threat assessment report said the popular malware variants of Emotet, Trickbot, and Ryuk  are now so close that they should belong in the same group. They have become more competent at  working together.¹⁷ I believe that this type of collaboration between cybercrime groups forming into  organized cybercrime gangs with a formalized hierarchy of leadership and strategic plans enacting  advanced, simultaneous attacks will be a common theme in the future. 

Outside-Out Architecture and Focus  on Users  

Due to the cloud, virtual, and remote expansion of 2020, the future state of Information  Technology will see an increased expansion in Shadow IT. Shadow IT environments will continue  to proliferate throughout an organization’s enterprise as the employees or groups within a  department will explore and find new ways to work around enterprise IT restrictions. Cloud and  Software-as-a-Service make it easy for end-users to bypass enterprise systems and spin up their  own environments. These environments are loosely monitored and provide expanded attack  surfaces for cybercriminals.  Along with Shadow IT, the increased usage of mobile devices such  as smartphones, tablets, and IoT devices all represent network devices that are increasingly  difficult to secure, and most end-users are constantly connected via multiple devices. 

We will see a cybersecurity architecture focus evolution from IT assets to user analytics, access,  and authentication during the following year. Historically, cybersecurity has primarily focused  on securing technology components, such as databases, processes, services, hardware, network  infrastructure, and other devices. However, if the end-user remains the weakest link in the  cybersecurity chain, I predict more emphasis on identity and access management will become the  future trend. With modern cloud deployments, most organizations’ data and critical assets are  outside the traditional network perimeters, and end-users are on a separate outside network.

As Development and Operations (DevOps) have become mainstream, the future trend will be  Development, Security, and Operations (DevSecOps). DevSecOps will focus on the user and  privileged access management to resources wherever they are located. Advanced technologies,  such as AI and intelligent authentication, will ensure that the specific end-user will have the  appropriate level of authentication to a digital asset at the correct time. A global leader in  Privileged Access Management, BeyondTrust, refers to this emerging security practice as  Identity-Centric Security.¹⁸ Regular business and technology will continue to move out of the  traditional, on-premises environment. Security defense measures will focus more on the proof  of identity rather than securing network devices. 

Maintaining Operational Balance In The New Normal  

These cybersecurity threats and trends identified should be balanced with the increasing  demand for continuous delivery of valuable business services in a disruptive technology  environment. The year 2021 will usher in a new norm of doing business and utilizing technology.  The focus of cybersecurity issues in 2021 and onward should evolve from a control mindset into  a governing mindset. Cybersecurity professionals will govern access to resources, especially user  privileged access. They will work out ways to achieve the business’s desired outcomes versus  locking everything in the network down. 

Notes 

1. “STOP. THINK. CONNECT. ™,” Cybersecurity and Infrastructure Security Agency (CISA), accessed March 10, 2021,  https://www.cisa.gov/stopthinkconnect. 

2. Robert O’Brien, “The Next Global Crisis: A Cyber Security Pandemic,” MetaCompliance, September 15, 2020,  https://www.metacompliance.com/blog/the-next-global-crisis-a-cyber-security-pandemic/. 

3. “Coronavirus-Related Spear Phishing Attacks See 667% Increase in March 2020,” Security Magazine RSS (Security Magazine, April 15, 2020), https://www.securitymagazine.com/articles/92157-coronavirus-related spear-phishing-attacks-see-667-increase-in-march-2020. 

4. Jenna Walter, “COVID-19 News: FBI Reports 300% Increase in Reported Cybercrimes,” IMC Grupo, May 2, 2020,  https://www.imcgrupo.com/covid-19-news-fbi-reports-300-increase-in-reported-cybercrimes/. 

5. “Federal Agencies Warn of Emerging Fraud Schemes Related to COVID-19 Vaccines,” FBI (FBI, December 21,  2020), https://www.fbi.gov/news/pressrel/press-releases/federal-agencies-warn-of-emerging-fraud-schemes related-to-covid-19-vaccines. 

6. “Bring Your Own Device,” Total Cloud Security, https://pages.bitglass.com/cd-fy20q3-bringyourowndevice_ lp.html. 

7. Steve Morgan, “Cybercrime To Cost The World $10.5 Trillion Annually By 2025,” November 13, 2020 Cybercrime  Magazine, January 22, 2021, https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/.

8. Elizabeth Gow Content Creator, “Must-Know Ransomware Statistics for 2021,” EMPIST, January 9, 2021,  https://empist.com/must-know-ransomware-statistics-for-2021. 

9. “Forrester Predictions 2021 – Read All Forrester Predictions For 2021,” Forrester, accessed March 10, 2021,  https://go.forrester.com/predictions/. 

10. John Edwards, “7 Steps to a Well-Architected Cloud,” CIO ( March 20, 2019), https://www.cio.com/ article/3373837/7-steps-to-a-well-architected-cloud.html. 

11. Authors GReAT et al., “Advanced Threat Predictions for 2021,” Securelist English Global securelistcom, https:// securelist.com/apt-predictions-for-2021/99387/. 

12. Liam Tung, “VPN Warning: REvil Ransomware Targets Unpatched Pulse Secure VPN Servers,” ZDNet (ZDNet,  January 6, 2020), https://www.zdnet.com/article/vpn-warning-revil-ransomware-targets-unpatched-pulse secure-vpn-servers/. 

13. GWI, “VPN Usage Around the World Infographic,” GlobalWebIndex, https://www.globalwebindex.com/ reports/vpn-usage-around-the-world. 

14. “What Is Social Engineering? Examples And,” Webroot, 2019, https://www.webroot.com/us/en/resources/tips articles/what-is-social-engineering. 

15. Josh Fruhlinger, “Top Cybersecurity Facts, Figures and Statistics,” CSO Online (CSO, March 9, 2020), https:// www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html. 

16. “State of the Phish,” State of the Phish, Proof Point, 2020, https://www.proofpoint.com/sites/default/files/gtd pfpt-uk-tr-state-of-the-phish-2020-a4_final.pdf . 

17. “Internet Organized Crime Threat Assessment,” Europol, 2020, https://www.europol.europa.eu/activities services/main-reports/internet-organised-crime-threat-assessment-iocta-2020. 

18. Person, “Top Cybersecurity Trends Tor 2021: The Hacking of Time, M/L Data Poisoning, AI Attacks, & More,”  BeyondTrust (BeyondTrust, October 23, 2020), https://www.beyondtrust.com/blog/entry/top-cybersecurity trends-to-watch-in-2021.