What will happen in the area of security in 2021? The experts from various security companies forecast new developments, among other things, on the following topics: Use of AI by cyber criminals, challenges of smart cities with regard to climate change, new waves of Emotet attacks, Establishments of digital identities for citizens.
YesWeHack, Rayna Stamboliyska
The number of cyber attacks continues to grow - fortunately, so does the number of cybersecurity experts
“The digital change means even more 'cloudification' and the increase in connective devices. For cyber criminals, there are more and more points of attack. As 'Cybercrime-as-a-service' is becoming more and more professional, the financial losses for companies of all sizes and industries will increase significantly. But security checks are still largely based on year-end penetration tests or automated vulnerability scans. So what is to be done? No product will ever be free from security vulnerabilities. Uncovering them is therefore the quickest way to fix them. In order to combat cybersecurity problems from the 2020s with methods from the 2020s, companies must rely on innovative approaches to vulnerability management. " www.yeswehack.com
BullGuard, Stefan Wehrhahn
New challenges in the home office
“In the coming year, too, many people will work from home. Therefore, the associated additional IT security risks remain. Not just the company itself, but every single employee is now a potential target. Phishing emails and bogus websites are particularly common at the moment. However, many smaller companies in particular are still not sufficiently aware of this threat situation. To be on the safe side, effective security software on every employee device as well as employee awareness and the use of a VPN should be standard. There are now also solutions specially tailored to small and medium-sized companies - inexpensive and easy to manage. " www.bullguard.com
Malwarebytes, Pieter Arntz
Emotet must continue to be feared
“We expect a large number of Emotet attacks again in the coming year. Despite a longer hiatus at the beginning of the current year, Emotet is still one of the most feared threats. The malware cleverly spreads malware and ransom demands again and again. Its counterpart Trickbot, a banking Trojan, should also become very active again. In order to provide the best possible protection against Emotet and other cyber attacks in terms of IT security, a preventive security concept and a clearly structured plan will continue to be essential - this is the only way to minimize the possible consequences of a successful attack. We see a lot of need for action here in the new year as well. " www.malwarebytes.com
AXIS Communications, Jochen Sauer
Climate change, smart cities and “green” security solutions
“Climate change is one of the greatest challenges cities face today. Extreme weather, rising water levels and dwindling resources are affecting urban areas more than ever. Smart cities enable greener targets to reduce their ecological footprint, as well as technologies to monitor the threat and impact of extreme weather conditions. Smart solutions such as air quality control, optimized energy use and tracking power, water and waste are on the rise as cities strive to shoulder the burden of climate change. Instead of IoT solutions, cities will focus on the 'Green Internet of Things' to facilitate environmental protection and monitoring. " www.axis.com
Forge Rock, Ben Goodman
How AI makes sense for security solutions
“Now that AI is more prevalent, malicious actors will try to 'poison' data. In 2021 we will see an increasing number of 'data poisoning' attacks as more organizations use AI platforms in their systems. In the past few years, malicious hackers have discovered that they can attack AI and machine learning software by feeding the AI with improper data in order to induce negative and / or inaccurate results. We assume that this will become an increasingly important topic in 2021 and in the years to come. Malicious actors can feed the AI software an image within another image that is doing the opposite of what the AI is supposed to be doing, thus poisoning the algorithm.
For example, if the AI is used to detect fraud, hackers can inject data that makes the software incapable of detecting the fraudulent activity. Many security platforms use AI and machine learning data to detect cyberattacks by identifying anomalies in existing data, making it a significant threat that could potentially throw their detection methods off track. Next year it may be necessary to use a separate AI to perform integrity and security checks on data collected by the original AI software. " www.forgerock.com
Onfido, Oliver Krebs
Digital identity verification: centralized models are being replaced by decentralized ones
“Users who register for a new online service reveal their personal data every time. They pass on their personal data such as date of birth, address and payment details to various databases. This exponentially increases the risk that they could become victims of identity fraud through data breaches. Centralized databases are therefore obsolete, as they do not provide user control and involve the risk of third parties accessing this information. A decentralized solution, on the other hand, offers one-touch access and enables users to own and control their own legal identity. Online services that do not switch to decentralized solutions for identity verification will have a hard time in the future. " onfido.com
Lucy Security, Palo Stacho
Cybersecurity awareness in times of fake news
“The fake news dilemma will intensify next year. This has consequences in the workplace: In the midst of an unfiltered flood of information and contradicting messages, employees find it increasingly difficult to orientate themselves and to differentiate between right and wrong. At the same time, the pressure on the individual increases not to make mistakes. In many cases, this leads to resignation: Security issues become a chore that one would rather hand over to a supposedly secure technical solution. The personal contribution of each individual employee to more IT security in the company is neglected - even though most successful cyber attacks can still be traced back to social engineering.
It is therefore even more important for companies than before not only to continuously sensitize their employees to security-related topics, but also to take the pressure off overall: It is important to establish an open, appreciative corporate culture that is characterized by the constructive handling of errors. This is the only way to give employees confidence in their own skills when it comes to dealing with cybersecurity. Because IT security is similar to road safety: It is not just a question of technology, but above all a question of the driver. " lucysecurity.com