Although they often resemble a catalog of misfortunes that will befall businesses, cybersecurity predictions at least have the merit of warning against new trends to prepare and stay one step ahead. the attackers.
The year 2020 has been particularly fruitful in attacks, the last of which, on SolarWinds’ Orion software, is of such magnitude that its scope has still not been defined. It provided access to sensitive data belonging to several US and foreign government agencies, companies, universities, and at least one hospital.
In a previous article, we had approached the chestnut tree of predictions and the fact that these, even if they may agree to highlight certain themes, above all reflect the business vision of the oracle who issues them. The field of cybersecurity is no exception to this rule, with however one small difference: predictions in cybersecurity are always imbued with a certain paranoia. Voluntary or not, this turns out to be consubstantial with describing threats. Cybersecurity predictions should not be systematically interpreted as incitement to anxiety but as warnings and calls to action. Being the sentries and first aid in the event of a disaster, cybersecurity companies are on the front line witnessing digital massacres.
The best soups are made in old pots
They only translate the cruelty of cyber warfare and its ruthless maneuvers, borrowed from the millennial art of warfare and augmented with digital artifices. The oracles on the future of cybersecurity are therefore not prophecies of doom.
The nuisances he plans to develop in 2021 are enough to make the most valiant cyber-fighters shudder with horror. However, they have the advantage of clarifying trends already observed, such as the sophistication of attacks and the perpetual search by cybercriminals for the best way to surprise the defenses of companies, either by looking for new vulnerabilities or by exploring roundabout avenues. attacks not yet used.
Data poisoning fueling machine learning
Now that machine learning is spreading in companies to automate decision-making, attackers see it as a new vector of attack. After a criminal steals the original data, he can manipulate the generated models by injecting poisoned data so that the system will have learned something it should not have.
Weaponized AI, a new weapon for attackers
In 2021, criminals will use machine learning (ML) to accelerate their attacks on networks and systems. ML engines will be trained using data from successful attacks. Thus, ML technology will be able to identify patterns in lines of defense to quickly detect vulnerabilities already noted in similar systems or environments.
The omnipresence of deep fakes
A new wave of deep fakes could make us doubt: is the entity on the other side of an interactive chat window or at the other end of a video call human or not? We could, for example, have interactive sessions with former presidents or even deceased relatives. Unbeknownst to us, we will find ourselves in situations where it is with deep fake technology and not a real person that we will communicate with.
Cybercriminals position themselves at the edge of the network
In 2021, new attack vectors will target teleworkers and remote access routes. Cybercriminals will continue to perpetrate social engineering attacks and seek to exploit devices commonly found in the home and usable to compromise an individual and progress laterally on a corporate network.
The implosion of data privacy regulations
In 2020, the European Union (UT) justice system abolished the Privacy Shield governance agreement, and throughout 2021 companies will strive to adapt to this expansion of privacy regulations. data and the potential implosion of rules established with regard to different justice systems.
Social media attack vectors multiply in the age of social distancing
In 2021, it is likely that the attacks will target businesses in addition to individuals. If authentication and verification practices are insufficient, attacks perpetrated on social networks are likely to succeed. Malicious QR codes or shortened URLs could also be used to hide malicious websites. These attacks could take place on the official company page or through fake accounts using comparable names.
Cyber insurance policies become mandatory, cybercriminals rejoice
As the number of compromises increases and their cost increases, companies that process data on behalf of their customers will be forced to take out cyber insurance policies to limit their contractual risks. Cybercriminals will target big brands with insurance policies that will pay to recover their stolen data rather than asserting their insurance to cover corrective actions.