Top global security threats organizations will face in 2021

December 9, 2020

The Information Security Forum (ISF), trusted source for strategic and practical guidance on information security and risk management, has announced the organization’s outlook for the top global security threats that businesses will face in 2021. Key threats for the coming year include:

Cybercrime: Malware, ID Theft, Ransomware and Network Attacks
Insider Threats are Real
The Digital Generation Becomes the Scammer’s Dream
Edge Computing Pushes Security to the Brink
Rushed Digital Transformations Destroy Trust

“If COVID-19 has taught us anything, it is that there is a very real need to anticipate threats, to develop scenarios for handling them and to test our response before they destroy our businesses,” said Steve Durbin, Managing Director, ISF. “As data breaches increase, new technologies emerge, and the geopolitical landscape becomes more complex, business leaders need to rethink cyber. Increasingly they need to view it as one that, if left unguarded, can wreak significant damage.”

The top threats identified by the ISF for 2021 are not mutually exclusive and can combine to create even greater threat profiles. The most prevalent threats include:

Cybercrime: Malware, ID Theft, Ransomware and Network Attacks: We have seen an increase in cybercrime targeting the COVID-19 “opportunity”. Not restricted to ransomware attacks on hospitals, this has also seen targeting of remote workers who are accessing corporate systems. Setting up fraudulent charities, fraudulent loans, extortion along with an increase in traditional phishing and malware are all on the increase. The changing threat landscape requires risk management and security practitioners to pay close attention to how exposures change over the coming months and the circumstances that influence the level of protection.

Insider Threats are Real: The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2021.

The Digital Generation Becomes the Scammer’s Dream: The next generation of employees will enter the workplace, introducing new information security concerns to organizations. Their attitudes toward sharing information will fall short of the requirements for good information security. Reckless attitudes to sharing information online will set new norms for security and privacy, undermining awareness activities; attackers will use sophisticated social engineering techniques to manipulate individuals into giving up their employer’s critical information assets.

Edge Computing Pushes Security to the Brink: Edge computing will be an attractive architectural choice for organizations; however, it will also become a key target for attackers. It will create numerous points of failure and will lose many benefits of traditional security solutions. Organizations will lose the visibility, security and analysis capabilities associated with cloud service providers; attackers will exploit blind spots, targeting devices on the periphery of the network environment, causing significant downtime.

Rushed Digital Transformations Destroy Trust: Organizations will undertake evermore complex digital transformations – deploying AI, blockchain or robotics – expecting them to seamlessly integrate with underlying systems. Those that get it wrong will have their data compromised. Consumers and dependent supply chains will lose trust in organizations that do not integrate systems and services effectively; new vulnerabilities and attack vectors will be introduced, attracting opportunistic attackers.

“Attackers will continue to be presented with the tools and opportunities to target and exploit those who are unprepared,” continued Durbin. “The coming year will once again be volatile, but targets will be predictable. The organizations that see security as a strategic business issue, one in which people throughout the enterprise have a role to play, will be the organizations that prosper going forward.”

Steve Durbin, managing director of the Information Security Forum, explains that incorporating the following considerations into security planning activities can mitigate risk and proactively protect the organization:

Resilience: the number one business priority – identify and reprioritize critical assets that have changed in value, continually improve breach response capabilities

Risk management, governance and compliance: a sound governance framework is key – identify changes to regulations that might influence risk and security efforts

Technology and services: keep technology risk within acceptable limits – stress test data centers, cloud providers, networks and back-up facilities against enforced digital transformation

Supply chain integrity: supply chain risks are all pervasive – communicate regularly with key suppliers, review potential exposure to new threats and implement alternative operating procedures for those that no longer meet contractual expectations

Workforce: the world of work has changed – policies and procedures should reflect this; pay special attention to cyber fatigue and mental health along with close monitoring of insider threat mitigations

"Finally, plan for and rehearse the company’s response to cyberattacks so that when they occur, you are better able to respond," says Durbin.

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Top global security threats organizations will face in 2021

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Top global security threats organizations will face in 2021

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.