New Cybersecurity Challenges in 2021 And Beyond
The reason there is so much debate over the seemingly endless cybersecurity challenges of recent years, and especially right now, is that the internet is essentially like a living organism. It can be likened to the largest organism in the world, the fungus, which is practically everywhere and interconnected while constantly spreading and growing. The internet, like fungus, is growing exponentially, to the point where its size cannot be accurately estimated. It is impossible to govern, control or filter what happens on the internet.
An article by the Scientific American speaking to head of Bell Labs Research Mark Hofman 8 years ago states, “The number of smartphones, tablets and other network-connected gadgets will outnumber humans by the end of the year”. Even almost a decade ago, IT specialists were worried about the state of the internet, “We know there are certain limits that Mother Nature gives us - only so much information you can transmit over certain communications channels. That phenomenon is called the nonlinear Shannon limit [named after former Bell Telephone Laboratories mathematician Claude Shannon], and it tells how far we can push with today’s technologies. We are already very, very close to this limit, within a factor of two roughly”. The article continues to confirm that fact that now, in 2021, we have probably surpassed this limit, “Put another way, based on our experiments in the lab, when we double the amount of network traffic we have today - something that could happen within the next four or five years - we will exceed the Shannon limit”.
Along with the fact that there is so much data on the internet that it threatens instability and disruption, there is cybercrime too. Today, the cybersecurity solutions industry is straining from the overwhelming amount of online cybercrime issues. Why is there so much strain all of a sudden, and why are we not able to control this successfully? A survey by ESG found the following causes and attempts to answer these questions;
- More state sponsored attacks by cybercriminal groups are a crushing reality
- A growing sophistication of cybercrime attacks is straining cybersecurity
- Cybercriminals are taking advantage of social media via social engineering
- As data grows, manual cybersecurity processes cannot keep up anymore
- The amount of alerts (as well as false positives) is overwhelming the industry
- Lack of skilled manpower in organizations is making it difficult to keep up
- A growing threat landscape is posing new threats every day
What is Cybersecurity?
Cybersecurity is fundamentally the defense against cyberthreats, also referred to as internet safety or internet security solutions. Cybersecurity is a broad concept, in that it also refers to the assortment of software and tools to fight cybercrime, as well as meaning the education and knowledge base surrounding defense against internet threats, and threat mitigation. An antivirus or antimalware program is considered a cybersecurity solution just as much as the training of employees for cyber awareness is. So, it is an entire industry/sector dedicated to stopping threat ‘actors’, mitigating vulnerabilities and educating the masses about the very real gamut of threats to both individuals and the largest organizations/governments.
What Will 2021 And Beyond Pose For Cybersecurity?
Now as we are already deep into 2021, cybercrime is at full power and the battle to defend even the most secure levels of government is taking place. The biggest change in this decade is the historical shifts that the pandemic has caused, in every imaginable industry there is a decentralization taking place. Cybercriminals are overjoyed and are taking advantage of exploiting the corona pandemic. IT has become the binding glue that facilitates business and the world, so it is the number one priority to understand the sorts of cybersecurity risks we are looking at going forward. What does the industry have to say about their predictions for cybersecurity threats in 2021? Here are the subjects at the top of the list;
- Cloud storage vulnerability
- Ransomware attacks
- Phishing scams
- Supply chain attacks
- State sponsored APTs (Advanced Persistent Threats) attacks
- Data breaches
- Increased attack surface
- Lack of end-point security and access control policies in the remote environment
The above cases are going to be rampant in the 2020s, until we as a society have better threat detection and get ahead of the cybercriminals and their sophisticated, persistent arsenal. Let’s look at what it is going to take the cybersecurity industry to prepare and battle upcoming cyberthreats.
Mitigation And Preparation For A Risky Cyber Future
In order to mitigate and prepare for new cybersecurity threats, the industry is going to have to take several substantial steps;
- Improved threat intelligence
- End-point security
- Access control policies
- Improved device and IoT security
- Implement multi-factor-authentication
- Use AI and ML based Cloud SIEM
- Improve human controlled threat hunting
- Real-time automated cybersecurity monitoring
- Cloud security solutions
- Managed Detection and Response (MDR) methods
- Implement incident response plans
- Putting in zero trust models
The takeaway from all of the above subjects is the following: the best type of defense in the future against neo-cyber threats is going to be a system that extracts the best potential from a combination of human and machine factors into a perfect security solution that transcends what humans are manually able to do. This means that automated processes are going to lessen the load so that humans can focus more on threat hunting and analysis.
The situation is indeed, dire. The cybersecurity industry is predicting that about $6 trillion of damage is going to be caused by cybercrime by the end of 2021, and there will be a cyberattack every 11 seconds which is twice that of 2019’s data (four times that of 2016). Over 20 percent of organizations around the globe do not have a cybersecurity strategy, and a lot of organizations have cloud security misconfigurations. Most cyberattacks will come in the form of social engineering phishing attacks which will deliver a malware payload (mostly via email), while a much smaller percentage will be direct brute force attacks and zero day exploits to high-profile organizations and governments. Looking on the bright side, cybersecurity professionals are hard at work on developing systems that will filter out most attacks as we speak, and the fact that awareness of this subject has reached so many people introduces a lot of hope for the future.