Information Security Predictions for 2021

For me, home working will be the most impactful security factor for 2021 – both in a good and a bad way. Much as we’ve already experienced this year, with the increased blurring of lines between home and work, we’ll continue to see home technology being used even more for work purposes and, in some cases, causing as many problems as it solves! Take IoT, for example. A lot of the services employees are using were initially conceived for home usage alone, but with more and more people staying at home to work, they’re increasingly being used for business purposes. Organisations will need to not only understand, but take action to secure their company data, as snippets of business conversations become mixed in with the data that firms like Amazon and Google are picking up through at-home assistants. And what happens to that data when there's the inevitable security breach?

 

That said, I also think we’ll start to see companies taking the cyber security side of working from home a little more seriously. How? By diverting some of their office investment towards smaller packages of solutions designed to protect employees when they’re working from home. This is likely to include looking at network connections, which, until now, have depended on employees making the right choice. I expect that we’ll start to see major telecom providers partnering with companies to offer “Home Office” capable internet connections. Gone will be the days of employees picking the cheapest provider or the one that comes for free with their satellite TV subscription. Businesses will start to demand more from the connections that their teams work on, leading to an even greater digital revolution as higher speed network connections become a necessity outside of city centres – this time with corporate backing.

 

Moving to the opposite end of the scale, let’s talk about ransomware. I think that in 2021, we’ll start to see the end of the encryption phase of most ransomware programmes. Many cybercriminals have realised that when they’re targeting larger corporates, the best way to guarantee a pay-out is to threaten to release company data, rather than deny the business access to its infrastructure. My view is that we’ll now start to see the rise of pureplay extortion based on this ‘data leak threat’ approach. With a dramatically lower cost of entry, sadly, we can expect to see an upsurge of groups who focus purely on stealing data for later extortion. This could lead to a whole marketplace of selling and obtaining data, purely for another group to then threaten to release it and hold the company ransom.