Looking to the year ahead, we expect the most common form of attack – phishing emails – to increase in both volume and sophistication.
Phishing emails aren’t going away, and in the year ahead, we may also see criminals starting to apply artificial intelligence (AI) and new technologies such as deepfakes in their social engineering attacks. But even old-fashioned phishing methods will continue to pay off because people around the world are distracted and stressed out.
With the increased dependency on Cloud services, there may also be increased risk of Cloud jacking attacks – targeted phishing and social engineering attacks with the objective to steal Amazon or Azure administrators’ credentials to literally take over the victim's Cloud infrastructures and accounts.
Another top threat – ransomware – is expected to grow in 2021, with attacks including extortion schemes to release personal information or other sensitive data. A good backup and tested restore will no longer be enough to protect organisations.
Coronavirus has forced organisations to move their workforce remotely. Next year we'll see a larger investment in remote workers’ security. This will probably be a bigger task than most anticipate, with a bottom-up review of what security controls are working, and what is not. We'll likely see organisations settle on better communication channels, better training, and security tools that are less obtrusive to productivity.
The coming year will be a tipping point for passwords. With advancements and adoption of Fido open authentication standards and multi-factor authentication, we will likely see an increase in attacks against passwordless technologies.
Consumers will likely see an increase in WhatsApp and SMS fraud. Not only will the number of scams increase, but cybercriminals will also become bolder – demanding more money and using more forceful and devious techniques to manipulate people into paying.
Disinformation campaigns will reign throughout 2021, seeking to further divide America and the world. This will be coupled with data leaks that contain planted and fabricated evidence that seems particularly damning.
This could drive organisations to a default state of full paranoia. Can you trust your email? Your social media feed? Your politicians? Your customers? The news? Your employees? Your corporate devices? The answer will be a resounding no. Organisations will have to come up with better and more creative ways of working out of trust. This is an issue that extends beyond technology and very much into the human world.
To stay ahead of the ever-evolving threats, the global information security skills base will need to increase in order to cope. Organisations will have to step up security training and awareness programmes, and consumers will have to be made aware of the risks they’re facing.
In Africa specifically, we need to find solutions to protect mobile banking - i.e., users performing financial transactions on their mobile devices. There has been an increase in mobile banking trojans and malicious apps in general, which is concerning when coupled with the lack of awareness among African mobile users.
Cybersecurity has to become everyone's responsibility, and this culture must permeate the enterprise to better mitigate risk.