Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
The Great InfoSec Divide & Other Cybersecurity Trends CISOs Need to Watch
By Gaurav Banga, founder and CEO of Balbix
2020 was an unprecedented year for
many reasons, and the spike in cyberattacks that we saw during the pandemic has
changed the security landscape forever. During this tumultuous year, malicious
actors took advantage of the population's general fear and anxiety around COVID-19, and cybersecurity
professionals were stretched thin due to budget cuts and urgent projects
to secure remote workforces.
While security professionals adapted quickly to this new
normal, they must look ahead and take a proactive approach to safeguard against
the new threats 2021 will bring. The four emerging cybersecurity trends below need a
close watch in the next year.
1) 2021 Will Reveal "The Great InfoSec Divide"
Due to 2020's disruptions, the gap
between cybersecurity-mature organizations and security unready organizations
will widen significantly and become a major competitive disadvantage factor.
Cybersecurity-mature companies are
those that have already made investments to
prevent cyberattacks before they happen. On the other hand, security unready
organizations have yet to implement proactive security controls and practices
and as a result can only respond to breaches after they happen. In 2020, many
security unready organizations pushed out critical projects to enhance cybersecurity
posture visibility due to budget squeezes and tactical priorities.
The primary consequence of being
on the wrong side of The Great InfoSec Divide is that it makes it more
difficult to secure new customers and retain existing ones. Your customers
worry if you can keep their data safe. At the macro-level, The Great InfoSec
Divide will slow innovation, as startups and smaller faster innovating
companies will struggle to gain customer trust. We will see the reemergence of
the phrase "No one ever got fired from hiring Microsoft," but for cybersecurity
reasons.
2) Expect Deeply Personalized Phishing Attacks
In 2021, we expect to see an
increase in personalized phishing attacks. Bad actors will use AI and
automation at a large scale to collect information about you from social media
and dark web sources, and craft very believable "lure" messages. For example,
you may receive a fake Google Drive invitation from a colleague. Clicking on
this link might prompt you to download a plug-in, which can be ransomware.
Businesses will need to train
their employees to recognize personalized phishing attacks. Some attacks will
succeed despite all our efforts. Therefore, it will also be critical for
enterprise cybersecurity teams to invest in backup technologies such as
two-factor authentication and adaptive trust to minimize successful phishing
attacks. Think layered defenses.
3) IoT Everywhere Means More Danger of Hacked Lives
More IoT devices mean more attack
surfaces. While IoT adoption provides better living and working experiences for
people across all walks of life, attackers see them as easy pickings to
perpetrate attacks.
In 2021, expect to hear about a
jaw dropping data breach of consumer information due to poorly secured smart
devices associated with some fast-growing or well-known company. Due to the
nature of personalized data that IoTs have access to, this incident will make
the Equifax breach look like some minor event.
4) Quantum Computing Will Become the Next WannaCry for
Malicious Actors
Quantum computing is likely to
become practical soon, with the capability to break many encryption algorithms.
Organizations should plan to upgrade to TLS 1.3 and quantum-safe cryptographic
ciphers soon. Big Tech vendors Google and Microsoft will make updates to web
browsers, but the server-side is for your organization to review and change.
Kick off a Y2K like project to identify and fix your organization's encryption
before it is too late.
##
About the Author
Gaurav Banga is the Founder and CEO of Balbix, and serves
on the boards of several companies. Before Balbix, Gaurav was the Co-founder
& CEO of Bromium and led the company from inception for over 5 years.
Earlier in his career, he served in various executive roles at Phoenix
Technologies and Intellisync Corporation, and was Co-founder and CEO of
PDAapps, acquired by Intellisync in 2005. Dr. Banga started his industry career
at NetApp. Gaurav has a PhD in CS from Rice University, and a B.Tech. in CS
from IIT Delhi. He is a prolific inventor with over 70 patents.