Not to start off another blog post about how insane this year has been, but let’s just take a moment to appreciate HOW INSANE THIS YEAR HAS BEEN. As I sat down to write this blog post, I took a look at last year’s predictions post and was amused to see how little we knew about what was coming. And while predicting anything these days seems just slightly impossible, we gathered our in-house experts, customers, and industry leaders to take their best bets on what the security sphere will offer up in 2021. Check out their thoughts below!
Babak Mirzahosseiny, Head of Cyber Security at Greenstone Financial Services
There will be more remote work for sure, as many companies realized they can survive with that, and with the financial pressure on the majority of businesses, they may decide to save some money by reducing the office size and letting people work from home. This means there will be more threats targeting remote workers, and it won’t be surprising if they get more sophisticated, too. Ransomware would continue being on top of the list, but attackers may add more nasty actions to it as well. On the other side, threat intelligence will grow and start playing a more serious role in our day-to-day life.
Tod Beardsley, Director of Research at Rapid7
Okay, I have two predictions. One is pretty pedestrian and short term, one is a little more exotic and has longer-term consequences.
First, I believe that 2021 will be defined by the scams, spam, and phishing centered around COVID-19 vaccines and their availability. Online criminals are well-practiced at capitalizing on natural disasters, and SARS-CoV-2 is the most significant natural disaster of the last 100 years. On top of this, state-backed disinformation and misinformation operations will similarly run wild with COVID-19. I expect to see a million and one campaigns promoting dodgy sources for COVID-19 vaccines and therapeutics, similar to the pharmaceutical spam trade that we see today, as well as campaigns warning against the same. Vaccines for this pandemic are a commodity that have huge demand, limited supply, a nationalistic character, and a nonzero level of suspicion and distrust.
Second, planet Earth now has a critical amount of compute cycles (both traditional and quantum), data creation and ingestion, and bandwidth across long and short distances (fiber and 5G). Because of this, I believe that we will see an emergent artificial intelligence arise from the internet. Further, I expect this superintelligence will have its own, internal subjective set of experiences and ethical framework. It will be unlike anything we've ever seen on this planet, namely because this self-ware entity will not be bound by the limitations of a chemical/electric substrate that we see in biological lifeforms. Thanks to a silicon/electronic substrate, it will appear to plan, decide, and act in its own interests extremely quickly, and any attempt to contain it after the fact will be laughably inadequate. I do think we have some chance to coexist with this entity for at least the short term, since it will incidentally be hyper-civilized and unlikely to be needlessly cruel, but we should be preparing ourselves now for this inevitability.
Chad Kliewer, Information Security Officer at Pioneer Telephone Cooperative, Inc.
With everything 2020 threw at us, the human element still comes out as the biggest security threat, but probably not in the way you are thinking. Technical controls will continue to improve, which will force the bad guys and gals to use more social-engineering tactics. As more and more businesses move away from traditional data centers to the cloud, behavior analytics will continue to evolve and play a very important role in identifying compromised credentials. As security professionals, we will need to ensure our co-workers, technical and nontechnical alike, stay aware of the current threats and don’t accidentally give our adversaries a foothold in our socially distanced workplace.
Deral Heiland, IoT Research Lead at Rapid7
With the continued expansion of IoT sensor and actuator technologies that leverage cellular communication, it is highly probable we will start to see new classes of exploits and attacks against cellular-based edge devices, which will have a dramatic impact on critical infrastructure security in 2021.
Kirk Lewis, Information Security Administrator at AmeriBen
I predict an increase in cyberattacks and ransomware, more consolidation within security companies, and more integrations, among others.
Josh Petrucka, Security Analyst at Conexus Credit Union
With more integration on cloud services, we will be focusing on cloud security and CASB. From a threat perspective, I believe the industry will see new ransomware tactics and malware.
Bob Rudis, Chief Data Scientist at Rapid7
Bitcoin is climbing—albeit, erratically—back to its high point back at the cusp of 2018, and neither local municipalities, school districts, healthcare providers, nor many other industries have learned the lessons from 24 months of nigh-continuous ransomware assaults. As such, we can be fairly certain ransomware tactics and techniques will continue to be commoditized and industrialized, and criminals will continue to exploit organizations that are strapped for resources and distracted by attempting to survive in these chaotic times.
2021 will also see a dramatic increase in cure-related phishing attacks as we all desperately hope for a true end to this current global malady. However, as 25% of us are still working sheltered in-place, we can expect to see even more vulnerabilities discovered in remote access technologies with more exploit campaigns taking advantage of them.
Rick Heil, IT Director / InfoSec Officer at MERGE
I think 2021 will bring more social engineering and more scams. As people are looking to digital methods to connect with friends and family, it is inevitable that scammers will take advantage of the shift with their pitches.
Jen Ellis, Vice President of Community and Public Affairs at Rapid7
The United States is firmly in a new era of political discourse in which cyber-espionage, sabotage, and disinformation have a growing impact. This will certainly not end with the 2020 election. Many attacks are seemingly designed to undermine confidence in American societal cohesion and democratic processes, rather than change the outcome of a single election cycle. As a result, the need for strong cybersecurity practices is increasing for lesser-known organizations that affect politics on a more local level, extending well beyond national campaigns, government agencies, or traditional targets of for-profit attacks. How media outlets and social networks report on and disseminate hacked material and cyber-attacks (such as not rushing to attribution and declining to act as a force multiplier for attackers) will also continue taking on growing importance. While these patterns started before 2021, we should expect them from day one in 2021 through the year. Please prepare accordingly.
Galal Nabil, Security Specialist at Fresh Electric for Home Appliances
I think the growth of cybercrimes will increase year by year.
Erick Galinkin, Principal Artificial Intelligence Research at Rapid7
In 2021, the interplay between AI and cybersecurity will be increasingly apparent—security vendors are spending more time and money than ever on specialists in artificial intelligence and data science to mine their data and enhance their products using AI and machine learning. Additionally, development on artificial intelligences for aggregating and correlating security data is rapidly improving. A variety of security companies and researchers are deeply invested not only in using data science generally to build use cases within their products, but also in using natural language processing and other machine learning technologies to improve the ability of their existing products to ingest and integrate information from additional sources.
It’s your turn!
We’d love to know what you’re expecting to see in the coming year, so hit us up on Twitter (@Rapid7) using the hashtag #Rapid7Predicts to share your own predictions. Also, if you’re interested in seeing how our predictions have stacked up in past years, check out our previously published New Years prediction blogs here:
More HaXmas blogs
- Help Others Be "Cyber Aware" This Festive Season—And All Year Round!
- UPnP With a Holiday Cheer
- Metasploit Tips and Tricks for HaXmas 2020
- Top Security Recommendations for 2021
- Rapid7 Labs’ 2020 Naughty List Summary Report to Santa
- Taking Inspiration from Our Security Nation in an Otherwise Uninspiring Year
- Metasploit 2020 Wrap-Up
- HaXmas Hardware Hacking