Home » News » IT security in 2021 – Outlook on Threats

IT security in 2021 – Outlook on Threats

In 2020, organisations faced a flood of new cyber threats and challenges. Digitalisation and IT security have become vital for companies. 

What (old and new) trends and threats await us in 2021? 

1. Attacks on home networks: 

Cybercriminal attacks on home networks are nothing new in principle. In spring 2020, many companies had to send their employees into remote working without much preparation. In the process, aspects including IT security have often fallen by the wayside.  By integrating company laptops into their own home network, individual employees suddenly became responsible for the IT security of company data. Often, company devices in the home network are connected to numerous smart home devices that are seldom sufficiently protected This makes it particularly easy for cybercriminals to access corporate data in these unprotected environments. Thus, cybercriminals now benefit twice from attacks on home networks - they can grab both private and corporate data.

2. Evergreens: Phishing emails and DDoS attacks:

Cybercriminals will continue to use current events and issues, such as information about a Corona vaccine, back-to-work tips or even relief funds, for disinformation campaigns and phishing attacks that target consumers and businesses alike. Likewise, DDoS1 attacks will continue to increase as the attack surface and dependence on the internet grows. Not to mention that such attacks are easy, cheap and anonymous and therefore popular with cybercriminals.

3. Digital transformation:

Against the backdrop of the pandemic, many companies had to quickly digitalise their business models. IT teams had to migrate large data sets—in some cases without a concept and with little or no insight into what exactly was being stored. Failures of this kind may be publicised in 2021, when the focus returns to data protection and insecurely migrated data stocks start causing incidents. In particular, operators of critical infrastructures should take measures and establish processes to protect themselves holistically. It can be assumed that 2021 will also see more regulations and tougher penalties on the topic of data protection. 

4. Intelligent and automated cyber-attacks:

Hackers are increasingly adopting technologies such as artificial intelligence, hyper-automation and machine learning. Smart attackers will automate their attacks while learning from how the victim reacts, optimising themselves for more effective and damaging attacks. This marks a new era of cybercrime, requiring more advanced threat intelligence and increased security coverage. 

5. 5G advancements, IoT and botnets:

In the increasingly digitalised world of the Internet of Things (IoT), products and networks are becoming targets of attacks. The trend towards "smart" products that are connected to the internet (or even connect to it autonomously) and can thus perform additional functions, continues unabated and offers hackers a multitude of new attack surfaces. Cybercriminals will continue their sophisticated attacks in 2021 by exploiting vulnerabilities in IoT devices. With mature and widely available 5G solutions, criminals will be able to abuse endpoints for their own purposes, whether it is to shut down a network or steal sensitive data. When combating cyber risks, it will become increasingly important how quickly stakeholders respond to threats.

The world of cybercrime is constantly adapting to current situations, private or professional. While some of last year's threats will evolve and persist, many new methods will also need to be defended against. This can only be done with a holistic security strategy.


  

 

 

 


[1] A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. From: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/

News

On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.