# 1 | Sustained remote working provides new challenges
As a result of the Covid-19 crisis, increased home and remote working, decentralized workforces, and outsourcing of skillsets are all contributing to a huge increase in connected devices. This in turn increases the number of risks associated with centralized data and infrastructures, as well as vulnerabilities around multiple access points. In 2021, cybersecurity will be even more difficult to ensure as the attack surface is bigger and the measures to implement and control security and data policies are often lacking in a remote environment.
# 2 | Death by cyber-attack
A major concern is that we may start to see the first deaths associated with a cyberattack, as hospitals are stretched and attackers are continuing to target healthcare. The sector is particularly at risk due to the massive economic and operational impacts it is currently suffering – sadly we have already seen such a case in Germany. A homicide investigation was launched after a patient died in a Düsseldorf hospital that had its systems knocked by a cyber-attack. If this leads to a prosecution, it would be the first confirmed case in which anyone has died as the direct consequence of a cyber attack.
# 3 | The evolving threat
Another impact of remote working will be more organizations relying on IoT devices for measuring and monitoring processes. With the continued expansion of IoT, along with the rollout of 5G, cyber attackers will be relishing the growing opportunity to compromise systems and networks, as even more devices become connected to the internet. Organizations still need to adequately segregate insecure IoT and 5G-enabled devices from the rest of their network. In healthcare, for example, wearable IoT sensors enable remote patient monitoring, so unsecure devices could facilitate the misuse of sensitive patient data.
# 4 | Detection, not just protection
Despite these new threats, there are hopeful signs that the sophistication of defensive security will finally catch-up with its offensive counterparts due to new innovation and capabilities. Technical cyber-defense will still be of uppermost importance, along with the need to focus on detection of cyber-threats, not purely protection and prevention. Over the next year, there is likely to be an acceleration in the use of Cloud SIEM (Security Information and Event Management), with human-guided threat hunting, supported by machine learning-powered SIEM tools like Azure Sentinel, helping to uncover infiltrators before they access sensitive data.
This will be augmented by SOAR (Security Orchestration, Automation and Response) software programs that enable businesses to collect data about security threats, and automatically respond to low-level attacks. We also expect to see more use of UEBA (User and Event Behaviour Analytics) which uses machine learning and deep learning to model the behavior of users on corporate networks and detect behavior that could be the sign of a cyber attack.
# 5 | Defending aviation from attack
Cybersecurity has been spotlighted by the World Economic Forum (WEF) as one of the biggest issues facing the aviation industry. The economic and operational impacts it is currently suffering mean this sector will be particularly at risk over the coming months. The most likely threats to aviation are from the same sorts of threats as other businesses, may they be phishing attempts, data breaches or ransomware. Although cybersecurity is being taken seriously in the boardroom, much work is still to be done to bolster aviation businesses cyber-defenses.
# 6 | Business Email Compromise (BEC) isn’t going away
EC will continue to be one of the most financially damaging online crimes and one of the most popular methods for criminal groups to make money. BEC scams exploit the fact that so many of us rely on email to conduct business, both personal and professional. We’ve likely all been targeted by this kind of attack in the past – an email message that appears to come from a known source making a legitimate request, such as a supplier a company regularly deals with sending an invoice with an updated mailing address. Employees need to be constantly vigilant for this type of attack.
#cybersecurity #hacking #security #hacker #technology #infosec #ethicalhacking #cybercrime #linux #hackers #tech #informationsecurity #cyber #programming #kalilinux #cyberattack #malware #privacy #coding #ethicalhacker #pentesting #cybersecurityawareness #hack #dataprotection #datasecurity #it #python #informationtechnology #computerscience