1571407433_xwezvU_cyber_security.jpg
Within the information security industry, we enter 2021 with a heightened awareness to the relationships that exist across the cyber and physical worlds
Photo Credit :
2020 has given us a contentious political environment, a deepening economic crisis, and most notably a global pandemic. Disinformation has wreaked havoc in our ability to discern fact from the truth, ransomware has delivered real-world consequences (https://www.silicon.co.uk/security/cyberwar/patient-dies-hospital-ransomware-347825), and insider leaks continue to expose privacy concerns despite increased adoption of privacy laws across the globe.
Within the information security industry, we enter 2021 with a heightened awareness of the relationships that exist across the cyber and physical worlds. We have a better understanding of how the abuse of technology platforms (everything from social media, to facial recognition, to big data analytics platforms) affect the world around us. This understanding shapes how we respond next year.
In 2021, every organization will face three challenges:
In response, expect next year to see:
The democratization of AI and ML
Within the security industry, artificial intelligence and machine learning have taken on a negative connotation over the years. The industry has by and large taken a black-box approach to implementing machine learning algorithms and models into their product offerings or gussied up rudimentary use of such technologies as “next-generation”. The results have had questionable efficacy, no way for security professionals to understand how the solutions work, and require significant data science experience to tune or modify.
In 2021 we will begin to see technology with abstraction layers intended for subject matter experts the ability to build, train, test, and deploy new models accounting for the unique nature of their organization. This will be the first step leading toward the commoditization of AI & ML technology and furthermore required for the broader adoption of the benefits AI and ML have long promised.
The Fight Against Disinformation
Dis- and misinformation impacts businesses and the public at large in a myriad of ways. For a business, false or misleading claims can have a major impact on its bottom line. At scale in the public, misinformation can tilt the tide of public opinion. We all know the saying,
“By the time a lie travels ½ around the world the truth is still putting on its’ shoes”…
…Except now it’s millions of lies a second traveling at the speed of cyber, driven by enormous disinformation campaigns being compounded by the voices that have been influenced by false or misleading messages.
The good news is, at a smaller scale cybersecurity and digital forensic teams have experience with this challenge. There have already been great examples of security professionals – especially digital forensic experts (such as Jake Williams) – publicly shutting down some of the more egregious examples of disinformation seen this year.
Along with AI/ML platforms becoming easier to use, expect to see early applications of autonomous fact-checking technology appearing across various platforms next year. I expect to see applications for business systems – validating critical business process data, as well as the obvious consumer applications within social media platforms. Think secure supply-chain approaches, but for information.
Borderless Network Security
Up till 2020, the cloud was still viewed as an option by most organizations. With the onset of COVID-19 and the overnight shift to working from home, it has become a mandate. This shift will see changes in both how security is focused, and where attackers focus in 2021.
While in 2020 organizations were focused on adapting existing technology to borderless and disconnected environments, we will see a massive shift to cloud-native solutions in 2021. We will see increased adoption of SASE (Secure Access Service Edge), authentication and identity management; host, data, and user-centric approaches to security. On-premise technologies will be upgraded or ripped out for cloud-native and containerized solutions. Infrastructure- and Desktop-as-a-Service will enter a heyday.
Following the natural progression of things, we will see attackers en masse set their sights on breaking container-based architectures such as Kubernetes and very likely see the first major breach of such an environment in 2021. Vendors will be forced to adapt their technology to this new paradigm or risk going the way of anti-virus.
In summary 2020 exposed gaps in our ability to trust information, ignited cloud migrations, and put even greater strain on already overburdened information security and digital forensic teams. In 2021 these are the problems that will receive the most attention.
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.