James Muir of BAE Systems Applied Intelligence lays out his 2021 Cybersecurity predictions on ransomware, synthetic media, hacking for hire and remote working for organisations and financial services organisations
1) Ransomware continues its march; policy complexities follow
The surge of ransomware attacks against organisations was *the* major cyber threat theme of 2020. We have seen more and more groups adopting the 'double extortion' model based on data theft and public victim blogs, and a 'perfect storm' of factors have contributed to the success of this criminal enterprise. We expect criminal groups to continue in this vein, evolving their tools and finding ways to collaborate.
2) Synthetic media goes mainstream, and threat actors capitalise
Technological developments in synthetic media (AI-generated faces, voices, etc.) has boomed in 2020 and will continue to do so into 2021. The benefits of this could be many-fold. For example, NVIDIA have proposed an AI-based mechanism to minimise bandwidth use in videoconferencing, with impressive results. However, time has told us that threat actors are always quick to exploit technological advance to support to their goals.
3) Hacking-for-hire becomes a boom industry and intrigue abounds into the 'hirers'
2020 has seen a huge increase in disclosure of threat activity constituting 'hacking for hire'. Often referred to as corporate or industrial espionage, or 'mercenary' activity, an increasing number of threat groups and corresponding companies have been implicated in this. We predict that further to the apparent nexuses for these companies in India and Russia, more groups and centres will appear.
4) The implications of remote working become clearer
Much has been written about the potential implications of increased remote working on organisational security, with particular attention to increased attack surface through additional devices and different connectivity mechanisms. Survey data has suggested that lack of awareness around security best practices has led to an increased rate of data breaches.
5) Organisations go back to basics to shore up defences
"Doing the basics right" has been a mantra of many cyber security standards bodies for a number of years. Continuing a trend we saw in 2020, we expect additional emphasis on this in 2021 as organisations realise that implementation of patching regimes and appropriate authentication controls are a pre-requisite for good security – and that complex technical solutions are rarely the answer in and of themselves.