When the topic of 2021 security predictions came up at a recent meeting of top cyberindustry executives, several leaders starting laughing.
Really? After we completely blew it last year? said one chief strategist.
Wow! Were not even out of the woods yet with COVID-19, said a marketing expert. How can we talk about the post-pandemic world with credibility?
I doubt many cybersecurity companies will fully participate right now Dan. So many moving parts, industry disruptions, budget challenges, political issues, new tech unknowns and more.
The many bah humbug thoughts and opinions shared about even attempting to look at upcoming online cybertrends reminded me of this 2016 Computerworld editorial on the folly of cybersecurity predictions and my response in CSO Magazine explaining why we continue to have more security predictions and how you can benefit.
But despite some naysayer forecasts assuming a lack of interest in security predictions for the coming year, I can definitively announce another growth in new security industry predictions, forecasts and related trend reports (with new lists) for 2021.
In the past two months I have received a deluge of emails with interest from small, medium and large companies who want to get on board the prediction/forecast train now. Many others are back for more.
Some cybersecurity findings that will impact next year require digging and Google searching. Nevertheless, there are more companies participating, with more interest, more forecasts, and bolder statements about future cybersecurity directions and our coming online life after the pandemic recedes.
Yes, we are seeing some new twists, as we do every year. More companies are renaming these reports away from the traditional predictions or forecast. White papers and reports are using words like trends, findings, cyberissues, recommended solutions, actions required, themes or other words that still point to their desire to describe what happened, what is coming next and what needs to be done now to prepare for 2021 and beyond.
A few companies, like McAfee, decided to hold off and issue their prediction reports in January, so they are not included. But no matter which words are used, all of these organizations seek to be seen as thought leaders and/or trend-setters for new, global cybersolutions and even crisis imperatives.
Whos right? Who should we listen to after 2020? Where are the true thought leaders? You will need to decide, but without a doubt, these lists can help. I urge you to follow the links and dig much deeper into key topics.
Last week, I released my roundup of 2020 cybersecurity trends, which describes how COVID-19 brought a global cyber pandemic. Shortly after that year-end report was released, we learned about the massive scale of the SolarWinds breach, which even impacted the U.S. nuclear weapons agency. Therefore, the cyber pandemic was even broader and deeper than previously revealed while the headline topic remains the same.
Reviewing 2020 Predictions Good, Bad and Ugly
Last December, in The Top 20 Security Predictions for 2020, we reported this about the new decade: Common prediction themes across vendors include the 2020 elections in the U.S., more targeted ransomware, more ways to attack the cloud, and an explosion of problems with deepfake technology.
Theres disagreement on the most important cyberthreats to focus on as we head into 2020, even though everyone agrees that cybersecurity is more important than ever before. Just as in 2019, we have the continuation of arguments for and against AI (i.e., how helpful is AI really and will our enemies use it or not?). Also, the continued disagreement on whether cloud versus mobile threats are more of a challenge.
Of course, there is no mention of a global pandemic and the impacts that it would have regarding an explosion of security issues from more staff working from home. I did write this: Finally, will cyber terrorism reemerge? Very few dire predictions (again) about Cyber 9/11s or Cyber Pearl Harbors or even people dying in hospitals from cyberattacks.
Little did we know that a cyber pandemic would be the top year-end summary story for 2020, which would include ransomware, data breaches, health-care attacks impacting patients and now the SolarWinds data breach. In June 2020, I published this mid-year set of blog predictions in a special coronavirus edition with select vendors.
2021 Security Industry Prediction Trends
Moving on to predicting 2021, here are some major trends that cut across a large number of cybersecurity industry prediction reports:
The Top 21 Security Predictions by Security Industry Companies
Important Note: I urge readers to visit these company portals, read their full prediction reports and see the details on each research item. Our goal is to point you in the right direction for more details and solution specifics.
1) Trend Micro takes the top prize (again) for another outstanding research report with so much more packed into an easy-to-access document with references as well as great summaries and sub topics.
Turning the Tide: Trend Micro Security Predictions for 2021 starts with the summary: In 2021, organizations will scramble to deal with the far-reaching effects while striving to stay secure as online dependency grows. We discuss the developments that are not only plausible but ones that should also be anticipated. We look into the drivers of cybersecuritys near future and how organizations will have to adapt as threats and technologies exert their influence. Our report aims to empower organizations and decision-makers to frame a proper, strategic response that can withstand change and disruption.
This year, Trend Micro offers details on:
Specific Trend Micro security prediction highlights:
2) Watchguard once again issued a great report entitled 2021 Cybersecurity Predictions with videos and much more. In 2021 and beyond, we predict that cyber criminals will find new and innovative ways to attack individuals, their homes and devices, in order to find a path to your trusted corporate network. The global pandemic has rapidly accelerated the existing shift toward remote work, where employees operate beyond the protection of the corporate firewall. In turn, hackers will exploit vulnerabilities found in the gaps between people, their devices, and the corporate network.
Watchguards top eight predictions include:
3) FireEye FireEye always offers an excellent set of helpful materials in their report. This year the report is called A Global Reset: Cyber Security Predictions 2021. The 12-page FireEye/Mandiant forecast addresses these topics:
Heres an excerpt:
Despite the urgency of their work, threat actors will continue to target healthcare providers and vaccine makers. In the near term, the coronavirus will likely continue to have a significant impact on normal business operations, with a focus on supporting remote work, virtual events and new productivity platforms. The pandemic forced almost every organization to become better at operating under significantly changed working conditions and in the wake of a changing environment, IT and IT security challenges will most likely persist throughout 2021 .In the longer term, technology solutions will step in to facilitate the return to work, school and other activities, potentially introducing new risks for privacy, personally identifiable information (PII) and protected health information (PHI). Similarly, the desire to reduce the risk of human exposure may further accelerate the shift to autonomous vehicle and robotic solutions in transportation, manufacturing and other fields.
4) Splunk has again produced an impressive (21-page) pdf/ebook with some excellent analysis and their Data Security Predictions for 2021. Here are a few:
The sheer amount of security alerts, of potential threats, is too much for humans to handle alone. Already, automation and machine learning help human security analysts separate the most urgent alerts from a sea of data, and take instant remedial action against certain threat profiles. A July article in VentureBeat noted that Chase is using machine learning not only to target customers with more appealing marketing campaigns; the banking giant uses supervised and unsupervised machine learning algorithms to identify known and novel security threats.Ram Sriharsha, Splunks head of machine learning, expects AI/ML security tools to grow in their sophistication and capability, both in terms of flagging anomalies and in automating effective countermeasures.
5) Kaspersky Labs Kaspersky always produces a ton of great material regarding cyberthreats for the coming year, threat reports, detailed analysis of risks, and so much more from all over the world in different sectors. The problem (and reason they are not higher on this list) is that it is hard to find and very segmented and targeted towards many different audiences. While this may be a deliberate marketing tool that works for them around the world (and they are much bigger outside the U.S.), it is tough to find one solid list of all their predictions.
The good news is that I have pulled from different lists and provide links here.
First, start with these Kaspersky Advanced Threat predictions for 2021 (see report for more details under each item):
Second, there are some great ICS-CERT threat predictions here:
Finally, see this Kaspersky list that reviews 2020 predictions and adds more 2021 predictions on cyberthreats to financial organizations:
6) Check Point Check Point again offers a very solid list of predictions in a variety of categories. I must give credit to Check Point for their extensive coverage of cybersecurity during the pandemic, which is highlighted here with best practices under the headline of Cyber Pandemic.
Heres their list with more details in the link:
Pandemic-Related Developments
Malware, Privacy and Cyberwar
New 5G and IoT Platforms
7) Gartner Most security and technology pros are aware of the outstanding content and analysis offered by Gartner. However, most of their reports and analyses come with a hefty price tag, which is why they seldom rise to the top of my annual list of security predictions, trends and forecasts. (Reminder: I do review materials that ask for contact information to download, but I do not review materials that cost users money to read.)
For 2021, I was pleasantly surprised by Gartners security trends and other materials in report format that are available for free if you know where to look. Although there are pointers to plenty of subscriber content and the items below are in non-typical formats; nevertheless, the material is excellent and very helpful for security analysis and planning for 2021.
First, we have Gartners cybersecurity research for the top 10 security project priorities for 2021. Here are the first seven of those with details in the link:
Second, we have this excellent (and free to download) 2021 Planning Guide for Security and Risk Management. There are numerous pieces to this guide, but I am only focusing on the trends for 2021:
8) Forcepoint Forcepoint offers several intriguing 2021 predictions in a series of blog posts available at their x-labs portal. The last item on insider threats is an eye-opener. Here are their top predictions with a few summaries:
With the move to mass remote working and accelerated digital transformation in 2020, cybersecurity has moved up the foodchain. Cybersecurity is now a business differentiator, and it needs a category disruptor. The need for a converged, digital, cloud-delivered platform means well see the emergence of the Zoom of Security a high-tech system that just works and is easily accessible for the everyday consumer.
In the past weve thought of insider threats as disgruntled employees who walk out of the building with proprietary information hidden in their briefcases. But today, your employees may be scattered around the world, you may hire them after only meeting via Zoom, and they may never step foot inside one of your offices. And today, you can buy almost anything on the dark web, including trusted insiders. In 2021, I expect to see organized cells of recruitment infiltrators offering specifically targeted means for bad actors to become trusted employees, with the goal of exfiltrating priceless IP. These bad actors, literally, will become deep undercover agents who fly through the interview process and pass all the hurdles your HR and security teams have in place to stop them.
9) Fortinet New Cybersecurity Threat Predictions for 2021 and the well-written and unique FortiGuard Labs Cyber Threat Predictions for 2021 offer the following predictions under three main headings (with many more details in the report links):
The Intelligent Edge Is a Target
Innovations in Computing Performance Will Also Be Targeted
Artificial Intelligence Will Be Key
10) Crowdstrike Crowdstrike was one of several companies that came out with an excellent report that uses new words besides predictions or forecasts, but essentially offers many of the same concepts with a product focus. Crowdstrike calls their insights themes, but they also use words like findings and trends in the beginning.
Their new 38-page report is entitled Crowdstrike Services Cyber Front Line Report: Incident Response and Proactive Services from 2020 and Insights that Matter for 2021. It offers an excellent forward by company President Shawn Henry (who is a former FBI lead on cyber.)
Some findings and trends:
Here are Crowdstrikes top themes, with more details and recommended responses under each heading available in the report.
11) Forrester Similar to Gartner, there is more free Forrester prediction content this year than I have ever seen. I am impressed with the number of predictions and scope of coverage that can be found on their Predictions 2021 website. After you download their free report (contact information required), here is a sample of what you will find related to security in some respect (with many more details in the report):
Other Forrester security predictions can be found here and here. Here are some excerpts:
12) AT&T Threat Traq Security Predictions (see their video for highlight details)
AT&T Cybersecurity also released an impressive report entitled 5G and the Journey to the Edge, which has some implied predictions for 2021 but is mostly a solutions guide to moving to 5G. It contained the following takeaways (with details in the report):
13) LogRhythm Labs six 2021 security predictions with some helpful infographics at the end. Again, see the report for details under each item.
14) The Enterprisers Project released these 7 security trends to watch in 2021, which includes items from IBM, Red Hat, Sungard AS, Veracode, SAS, Kenna Security and AttackIQ. I encourage readers to go to the article and read the details, but here are the headlines:
15) Proofpoint offers these Seven 2021 Security Predictions and Trends to Watch with some different twists, but with familiar themes.
16) BAE Systems According to BAE's 2021 Cyber Security Predictions, from the rise of ransomware to remote working, it is time to shore up your defenses (Note: The U.K. spelling in the report has been changed to U.S. spelling for these excerpts.) In the report, James Muir of BAE Systems Applied Intelligence lays out his 2021 cybersecurity predictions on ransomware, synthetic media, hacking for hire and remote working for organizations and financial services organizations.
17) Symantec/Broadcom Symantec 2021 Cyber Security Predictions Looking Toward the Future.
Symantec prediction reports are nothing like they were back in 2017 when they set the prediction standard, but they do offer a glorified blog on key topics this year. Here are their top three:
18) Bitglass Anurag Kahol, CTO of Bitglass, offered these seven cybersecurity predictions in Security Magazine with helpful backup material and links with more details in the article. No huge surprises here.
19) TechBeacon offers an excellent piece in The future of DevOps: 21 predictions for 2021.
Here are their six cybersecurity items:
20) Thycotic again offers an intriguing and sophisticated list of predictions from my respected friend and global cyberexpert Joseph Carson. Ive been on numerous panels with Joseph, and his cyberexpertise and stories in many areas are exceptional. The piece is called Cyber Security Trends and Predictions for 2021, and Reflections on 2020.
Here are some of Thycotics security prediction highlights:
21) Imperva offers another good list of 2021 predictions with details in this video.
Here are their top five security predictions:
Bonus Items: Take a Close Look at These Four More Security Predictions Lists
- Bugcrowd offers an excellent infographic with their security prediction items from Casey Ellis:
- Netskope: I really like these two prediction lists (five safe bets and five long shots) created by Netskope Chief Strategy Officer Jason Clark.
Here are three of the ten:
- Information Security Buzz has a great list of cyberindustry leaders and other experts with random security predictions worth studying. Here are a few:
- InfoSecurity Magazine offers these 10 security predictions for 2021. Here are their top three:
Honorable Mentions
- Synopsys 2021 software security predictions:
- Computer Weekly Top IT predictions in APAC in 2021
- Security7.net 7 Cybersecurity Predictions for 2021 ...
- Digicert 2021 Security Predictions. I think they read my unemployment fraud blog, because I not only agree, but this is a huge underreported issue.
- IronNet IronNet's top 10 predictions for 2021
- Forbes There are several Forbes lists, and this one was compiled by Jeff MacMillan, Forbes council member.
- Another Forbes List By Louis Columbus: Top 20 Predictions Of How AI Is Going To Improve Cybersecurity In 2021
- One More Forbes List The Best Cybersecurity Predictions For 2021 Roundup
- Radware Public Cloud Down Again? Predictions for 2021
Radware also offers this video with their 2021 security predictions:
- Mondaq.com: (Australia predictions) Our Top 10 Digital Law Predictions For 2021
We expect the increase in the frequency and severity of cybersecurity incidents, particularly ransomware and phishing attacks, to continue unabated in 2020. However, we expect this will lead to increased innovation in legal actions around these issues, especially relating to customers suffering from a cybersecurity incident impacting a vendor or supplier of theirs, where the customer is subject to extreme limitations or exclusions of liability in their contract with that vendor or supplier.
- SME10x A Global Reset: Predicting Cybersecurity Trends in 2021
- Checkmarx: 2021 Software Security Predictions: Our Experts Weigh In
- WhiteHat Security WhiteHat Security Unveils Top Application Security Predictions for 2021
- Jumio - Enterprises Step Up Identity Verification to Combat Rising Account Takeover, Identity Fraud and Credential Stuffing Attacks in 2021
- AttackIQ 5 Accelerating Digital Trends That Will Impact Risk Management in 2021
Read the rest here:
The Top 21 Security Predictions for 2021 - Government Technology
Read More..