Cyber Security Predictions for 2021

Pravin Madhani, CEO, K2 Cyber Security
Pravin Madhani, CEO, <a href='https://www.k2io.com/' rel='nofollow' target='_blank' style='color:blue !important'>K2 Cyber Security</a>

Pravin Madhani, CEO, K2 Cyber Security

As 2020 comes to a close, we can only look back with amazement at everything that has happened this past year.  It was certainly a year no one could have predicted.  Yet every year around this time, we try to predict what is in store for us in the coming year.  Here at K2 Cyber Security, we are no different, and we are going to take a stab at what we think will happen in the world of cyber security in 2021.

First, we know that the pandemic rages on, and in many parts of the world, we have gone back to more restrictive lockdowns as we approach the end of the year.  That means “Work From Home” is not going to go away any time soon and that very fact provides a lot of the basis for the predictions we have for 2021.  We have also seen some unprecedented attacks in 2020, including most recently the breaches involving SolarWinds and the SUNBURST vulnerability. The scope and depth of this attack naturally leaves an impression on our predictions for 2021. 

Here are our top 5 predictions for 2021:

1. The move of business applications to cloud will continue to accelerate.  Organizations will continue to have a need to cut costs so moving from CAPEX to OPEX will continue and public infrastructure clouds will help with this.

2. Major security breaches will continue and cyber criminals will have more targets than ever.  Organizations are continuing to rush their applications to production using legacy code, open source code, and 3rd party code, all of which have more vulnerabilities than the average, enabling these breaches to continue.

3. We will see a major breach in an organization using an application hosted in one of the major cloud vendors.  This seems inevitable given the continued move to cloud, which typically has less security; the rush to get applications out (resulting in more vulnerabilities); and the increased cybercriminal activities we are seeing because of the pandemic.

4. Runtime Application Self-Protection (RASP) and Interactive Application Security Testing (IAST) will start gaining traction in 2021.  With the inclusion of RASP and IAST in the NIST SP800-53 Revision 5 final document(if you have not started planning for these, 2021 is the time to start).  RASP and IAST, while not common words in security circles, should see pick up, now that they are included as requirements in the security framework outlined by the finalized release of SP800-53 Revision that came out on Sept 23, 2020.  These technologies should start to help to reduce breaches based on the exploit of vulnerabilities in web applications.

5. Overall, we will see an increase of attacks on web applications, phishing attacks and ransomware attacks, and we expect these to hit record highs in 2021.  These types of attacks have already hit record highs in recent years, and are the most prevalent types of attacks being used by cybercriminals. Specifically, web applications will continue to be breached, the breaches will use more sophisticated exploit methods, including new zero day attacks that target multiple applications simultaneously, and we will see increased numbers of attacks with the prevalence of exploit kits that let attackers who are not sophisticated cyber criminals create attacks on web applications. Attacks will get more sophisticated in part because easily targeted vulnerabilities will now be discovered in development by IAST and better testing methodologies along with move to shift left as part of DevSecOps. 

And with these predictions we wish you the best for the coming year. May some of these predictions spur you and your organization to take another look at your security posture, and inspire a move to strengthen your security and defense-in-depth posture for better protection in 2021.