The Covid-19 pandemic upended many businesses in 2020 that led to mass layoffs and budget-cuts. But cyber security is one of the few industries that remained largely immune to the downturn and also offered good returns on investment.
With more people working remotely and staying online for longer hours, there was also an increase in the users’ vulnerability to cyber attacks.
The cyber security market is forecast to be worth $363.05 billion in 2025, almost 125 per cent more than the amount spent last year, according to Mordor Intelligence, a research consultancy. The market is projected to grow at an annual growth rate of 14.5 per cent over the next five years.
"We see more growth coming out of B2B [business-to-business] and industrial sectors … especially because many businesses have moved online," Eugene Kaspersky, founder and chief executive of Moscow-based cyber security firm Kaspersky, told The National. "There is more demand for solutions that could help enterprises to control their entire systems remotely."
Cyber crimes – that include stolen data, money extortion, lost property and identity and intellectual property theft – cost the world almost $600bn annually, or 0.8 per cent of the global economy, according to a 2018 report by the Centre for Strategic and International Studies and software security company McAfee.
As we move into the post-Covid era, here are the top 10 cyber security trends of the year ahead:
More connected approach to security
Relying on the individual point security solutions to combat sophisticated threats or cyber attacks will be one of the biggest loose ends in 2021, industry experts warn.
“While standalone solutions can address specific vectors of attack, cyber criminals will continue to be able to exploit the gaps between point solutions and take advantage of the lack of connectivity,” Ajay Nawani, director of sales engineering for Middle East Africa at British security firm Sophos, said.
“Organisations need a layered approach to security … where products connect and share information,” he added.
Lack of defence
Over the years, cyber criminals have become more “industrialised and organised to be more effective”, whereas the defenders have not evolved on par, Matthew Gardiner, director of enterprise security campaigns at London-based security firm Mimecast, said.
"Law enforcement is unable to keep up and bring the cyber criminals to justice for multiple reasons," Mr Gardiner said. "It is like the defenders are defending against a series of penalty kicks, even though the people committing the penalties are taking the shots."
Rise of ransomware
The use of ransomware has picked up pace and became more dangerous in 2020. It will continue its rapid rise next year and its variations will increase with the frequency of attacks.
“Organisations need to be prepared for a ransomware attack. They should establish secured backups that teams can revert to when necessary," according to US cyber security firm FireEye. "Organisations are going to be targeted and they are going to be compromised, so it is crucial to have prevention and recovery strategies in place.”
Ransomware is a type of attack that threatens to publish the victim's data or confidential details if a ransom is not paid.
Increased strain on healthcare cybersecurity
With growing reliance on telemedicine, confidential personally identifiable information (PII) is being accessed from remote locations. It becomes more prone to be intercepted by hackers if not handled carefully.
At the same time, vaccine-related data pertaining to trials and formulas is some of the most sought-after intellectual property rights among cyber criminals.
"The drive to get hold of it for financial or political gain is putting healthcare and biotech organisations under intense pressure from external threats and insider risk," Tom Kellermann, head of cyber security strategy at Massachusetts-based VMware Carbon Black, said.
However, the strain on healthcare cyber security is not going unheeded, Mr Kellermann said. "We will see increased budgets in the sector to combat the growth in external threats," he predicted.
Cloud security taking a hit
Whether large or small, no organisation is immune to a cloud risk. Accurate tracking of cloud assets should be a priority for all businesses in 2021.
Traditionally, many companies have delayed the adoption of multi-factor authentication as they accelerated their migration to cloud platforms. This could cause "irreversible damages", industry experts said.
"Organisations need to strengthen the methods of accessing data," FireEye said. "They should focus on employees’ identity and access management and revisit regularly to check who qualifies for [a] privileged access."
Defensive as well as offensive AI
Technology innovation is as relevant to attackers as it is to defenders. While artificial intelligence and machine learning have significant benefits, there could be drawbacks as well.
"The silver lining is that in 2021 defenders will begin to see significant AI and ML advancements and their integration into the security stack," said Mr Kellermann.
"As awareness of how attackers are using automation increases, we can expect defenders to fix the issue, maximising automation to spot malicious activity faster than ever before," he added.
3D printers challenging biometric security
3D printers went from niche machines costing thousands of dollars to being sold for less than a video-gaming console. Easy availability and widespread usage of 3D printers, boosted by the Covid-19 pandemic, could pose a potential cyber challenge.
"3D-printed fingerprints and faces that can pass biometric authenticators is not a sci-fi future," Jarrod Overson, director of engineering for shape security at technology firm F5, said. "It is right around the corner. It won't require a high-quality scan of a victim, either."
Formjacking to steal credit card details
Another top threat is formjacking, where cyber criminals inject malicious code to hack a website and take over the functionality of the site’s form page.
It is designed to steal credit card details and other personal information from payment forms that are captured on the checkout pages of shopping websites.
“Your transaction will go through, but behind the scenes, your credit card information is being stolen by attackers … and could potentially be sold on the dark web,” according to Unit 42, a global threat intelligence team at Santa Clara-based Palo Alto Networks.
Consumers should make sure to double-check their credit card statements to ensure there is no suspicious activity.
Rise in phishing attacks
Phishing typically comes in the form of fraudulent emails that aim to obtain personal information of victims, such as credit card details or sensitive data like usernames and passwords.
Tokyo-based cyber firm Trend Micro detected more than 41.2 million email threats in the GCC in the first half of this year. It also blocked 163,774 Covid-19 related threats, nearly 36,312 were spam delivered through emails.
“The GCC’s high rates of cyber attacks across email show that cyber criminals are ramping up their exploits of the weak points in organisations’ endpoints, network and cloud … especially with Covid-related threats,” said Moataz Bin Ali, vice president for Middle East and North Africa at Trend Micro.
Remote-working leading to smartphone compromise
As business becomes more mobile and remote working persists, mobile devices and operating systems will be increasingly targeted in 2021.
“As employees use personal devices to review and share sensitive corporate information, these become an excellent point of ingress for attackers,” Mr Kellermann said.
Combating these risks, he added, requires a combination of new mobile device policies and infrastructure designed to facilitate continued remote working.