Cyber trends to watch in 2021
Looking back at 2020 it’s difficult to see past the elephant in the room. For the majority of the last calendar year, the COVID-19 pandemic has defined our everyday lives, the way we work, socialise and stay active. It also shaped the cybersecurity landscape.
From Zoom security concerns and cyber-attacks against vaccine research centres, to anxiety about remote working security vulnerabilities and an uptick in pandemic-related phishing attacks, COVID-19 left its mark on the cybersecurity industry.
In 2021, we’re still in the grips of the pandemic, but with the vaccine rolling out, we can look ahead to a year of new challenges and some old ones too. Here we explore some of the trends that are likely to define the year ahead.
Feeling the heat of SolarWinds
SolarWinds was one of the most significant security events of the last decade, and the aftermath of the attack is likely to be a major cybersecurity trend in 2021. The industry is still coming to terms with an incident that should never really have happened.
Cybersecurity experts worldwide have long sounded the alarm about vulnerabilities in the software supply chain, a problem that has caused havoc for countless businesses, and billions in financial losses. Most worrying of all is that the authorities still can’t, with any certainty, claim to know the full extent of the exposure. But just how deep does the rabbit hole go?
Today, they say software is eating the world, and if the supply chain was its physical embodiment, it’s fair to say it would be a bit of a whopper! One would hope that the risk it poses to global businesses, when not given due consideration, should now be etched into the brains of the C-suite, because you can bet your bottom dollar that, in the wake of the SolarWinds attack, hackers will feel emboldened in their endeavours to infiltrate the supply chain.
Analysis and commentary on high-profile cyber events proclaim incident after incident to be a ‘wake-up call’ for the industry, yet many experts labelled the SolarWinds hack ‘unsurprising’. With each increasingly severe incident what is it going to take for companies to take the cyber threat seriously?
World at war (in cyberspace)!
Another revelation that could send ripples through the cybersecurity ecosystem this year is the alleged involvement of Turla, a hacking group that operates on behalf of Russia’s FSB security service, in the SolarWinds attack. Nation state cyber activity is happening constantly, but Russian involvement in such a brazen assault on US government departments and private companies sets a dangerous precedent, and the world now waits, with some trepidation, to see how the Biden administration will respond. To put yet another cat among the pigeons, it was reported this week that suspected Chinese hackers also exploited a flaw in SolarWinds to help break into US government computers last year.
I’ve always found the idea that cyber warfare is constantly raging both fascinating and alarming. Underneath the surface, but relentlessly, countries are attacking countries, attempting to steal and disrupt for the advancement of national interest. Tense and complex geopolitical dynamics influence these events to the point where state sponsored hacking has almost become the norm. The stage is set for what could be a highly volatile year of cyber espionage in 2021.
Ransomware gangs having it large
The next trend is one that we’re all familiar with – ransomware. If we can make it a week without news of another incident, it will be a minor miracle. Last year was one of the most prolific on record for hackers. According to Chainalysis, ransomware gangs made at least $350 million in 2020, a 331% increase over payments recorded in 2019. Given its profitability, I can’t see cybercriminals being in a hurry to move onto pastures new this year.
One thing that could shift that dynamic is the question of whether ransomware payments should be criminalised. The former CEO of the UK National Cyber Security Centre, Ciaran Martin, spoke recently on the ransomware issue, arguing it is being fuelled because there is no legal barrier to ransomware victims paying up and then claiming back the expense on insurance. He argues that this means victims are incentivised to pay and believes that the time has come to look at changing the law on insurance to ban ransomware payments.
To pay or not to pay, that is the question. Either way, I expect ransomware to remain a major challenge for the foreseeable future.
Data privacy strikes back
One security trend that is set to make a comeback in 2021 is the focus on data security. The arrival of GDPR in 2018 was rightly lauded as a landmark development and set strong foundations for good data practices going forward. The COVID-19 pandemic forced regulators to show a degree of leniency, reducing several high profile fines because of financial hardship, although overall data protection penalties climbed 40% last year. As normal service resumes in 2021, I expect the full weight of GDPR to come crashing down on the worst offenders.
Across the pond, the US is slowly but surely getting into gear. Although talk of federal regulation may be premature, the California Consumer Privacy Act, which has been credited with empowering residents of the Golden State to limit how their data can be used, provides a decent framework for nationwide privacy regulation in the US.
Globally, consumers have shown that they consider privacy to be an important issue. Following WhatsApp’s cavalier decision to tweak its privacy settings in favour of its parent company, Facebook, the tide of public sentiment has turned, and privacy savvy users are flocking to alternative messaging apps, such as Signal. It’s only a matter of time before elected officials seize on the current climate to bring data security back to the fore in 2021.
At Babel, we’re proud to work with some of the businesses at the forefront of cybersecurity. Our expertise in building and implementing impactful campaigns on behalf of our security clients is unmatched. As we exit lockdown, businesses will need to start assessing security posture and consider their options. If you’d be interested in learning how an integrated PR and communications programme can help you be a part of those conversations, we’d love to hear from you.
And don’t miss our #BabelTalks cybersecurity event on 9th March. Join the aforementioned former CEO of the UK National Cyber Security Centre, Ciaran Martin, and New York Times Cybersecurity Reporter, Nicole Perlroth, for a live-streamed panel discussion on the impact of COVID-19 on the cybersecurity landscape. Register for free now