Cyber security trends for 2021

Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.

2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.

Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world

Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”

In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.

DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.

One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.

Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.

Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.

The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)

Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.

Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.

A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.

Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.

Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.

Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.

7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.

IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.

172 Comments

  1. Tomi Engdahl says:

    https://cybernews.com/editorial/the-worlds-most-dangerous-state-sponsored-hacker-groups/

    Cozy Bear (APT29)
    Lazarus Group (APT38)
    Double Dragon (APT41)
    Fancy Bear (APT28)
    Helix Kitten (APT34)

    Reply
  2. Tomi Engdahl says:

    Here’s What the Big Tech Companies Know About You
    https://www.visualcapitalist.com/heres-what-the-big-tech-companies-know-about-you/

    The novelty of the internet platform boom has mostly worn off.

    Now that companies like Facebook, Amazon, and Alphabet are among the world’s most valued companies, people are starting to hold them more accountable for the impact of their actions on the real world.

    From the Cambridge Analytica scandal to the transparency of Apple’s supply chain, it’s clear that big tech companies are under higher scrutiny. Unsurprisingly, much of this concern stems around one key currency that tech companies leverage for their own profitability: personal data.

    Reply
  3. Tomi Engdahl says:

    8 Google Drive Settings You Should Change Right Now
    BY JOE KEELEY
    UPDATED SEP 17, 2020
    https://www.makeuseof.com/tag/google-drive-settings-change/

    You might not be getting the most out of Google Drive. Change these defaults and become a more efficient user. These Google Drive settings could save you hours of your time.

    Reply
  4. Tomi Engdahl says:

    World’s Greatest Hacker on Taking Over a Cellphone | Airplane etc
    https://www.youtube.com/watch?v=Y-tu0rxpZNM&feature=youtu.be

    Reply
  5. Tomi Engdahl says:

    Running a fake power plant on the internet for a month
    https://grimminck.medium.com/running-a-fake-power-plant-on-the-internet-for-a-month-4a624f685aaa

    People think of the internet as a host for services like banking websites, blogs and social networks. However, this is only a small part of everything connected. The internet is home to a big range of IoT systems and machines as well. These vary from simple “smart” light switches, to machinery used in industrial plants.

    Reply
  6. Tomi Engdahl says:

    How to Clean Your Windows Computer: The Ultimate Checklist
    BY DAN PRICE
    UPDATED OCT 08, 2020
    https://www.makeuseof.com/tag/clean-windows-ultimate-checklist/

    Spending some time cleaning up Windows can yield vast performance improvements. Here’s the ultimate checklist for cleaning your Windows computer.

    Reply
  7. Tomi Engdahl says:

    12 Unnecessary Windows Programs and Apps You Should Uninstall
    BY BEN STEGNER
    PUBLISHED DEC 09, 2019
    https://www.makeuseof.com/tag/10-windows-programs-uninstall/

    Wondering which Windows 10 apps to uninstall? Here are several unnecessary Windows 10 apps and programs you should remove.

    Reply
  8. Tomi Engdahl says:

    6 Ways to Find All Accounts Linked to Your Email Address or Phone Number
    BY SHUBHAM AGARWAL
    PUBLISHED DEC 10, 2019
    https://www.makeuseof.com/tag/find-all-accounts-linked-to-email-address/

    Find all accounts linked to the email address or your phone with these methods and ensure your data does not get misused online.

    Reply
  9. Tomi Engdahl says:

    What’s CNAME of your game? This DNS-based tracking defies your browser privacy defenses
    Study sees increasing adoption of cloaking to bypass cookie barriers
    https://www.theregister.com/2021/02/24/dns_cname_tracking/

    Reply
  10. Tomi Engdahl says:

    These four new hacking groups are targeting critical infrastructure, warns security company
    https://www.zdnet.com/article/these-four-new-hacking-groups-are-targeting-critical-infrastructure-warns-security-company/

    Researchers identify four more cyberattack operations targeting industrial networks, utilities and other critical infrastructure, as malicious hacking operations receive a boost in resources – but simple attacks still work.

    Reply
  11. Tomi Engdahl says:

    There was a time when Google was a small, quirky company with a single product so awesome that it blew away the competition. That time is long gone.

    These days Google is a gigantic multinational mega-corp. But that’s understating it a little. Think of Google as a kind of Godzilla that slurps up data about its users at one end and craps out gold ingots at the other. It does both of these at huge scale.

    Google Analytics: Stop feeding the beast
    February 25, 2021
    https://casparwre.de/blog/stop-using-google-analytics/

    Reply
  12. Tomi Engdahl says:

    A new technique can detect newer 4G ‘stingray’ cell phone snooping
    https://techcrunch.com/2020/08/05/crocodile-hunter-4g-stingray-cell/

    Security researchers say they have developed a new technique to detect modern cell-site simulators.

    Cell site simulators, known as “stingrays,” impersonate cell towers and can capture information about any phone in its range — including in some cases calls, messages and data. Police secretly deploy stingrays hundreds of times a year across the United States, often capturing the data on innocent bystanders in the process.

    Little is known about stingrays, because they are deliberately shrouded in secrecy.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*