Predictions for 2021 in Security and Tech

Winston Churchill once said, “I always avoid prophesying beforehand because it is much better to prophesy after the event has already taken place.” Because Mr. Churchill was a brilliant man and I am far less so, I foolishly cheerfully offer my predictions of what I believe will happen in 2021 in the security and tech spaces:

  • There will be at least two significant cyberattacks against critical infrastructure targets in the United States and/or Europe, most likely against electrical power systems. These will be noisy attacks in that they will disrupt large numbers of customers and may last several days. My guess is these attacks will be in the Northeastern United States and in France.
  • In the same vein, there will be a greater emphasis on attacks against various types of Operational Technology (OT) infrastructure. The growing number of sensors and other Internet-enabled devices can be used effectively for a variety of purposes, including penetrating networks and disabling infrastructure as part of ransomware and other attacks. The work-from-home model that will continue at nearly its current pace well into 2021 will be a key enabler of these attacks. A cheap baby monitor that lives on the same home Wi-Fi network that is used to access corporate databases and email does not make for good security.
  • There will be continued high levels of phishing, but we will see an increased emphasis on business email compromise (BEC) as a proportion of total phishing attacks. In fact, we will see record levels of BEC aimed both at senior executives (e.g., CFOs) and lower level employees in HR and finance departments. a) Good security awareness training, b) skeptical employees, and c) communication backchannels to verify these kinds of requests dramatically reduce the chance of bad actors successfully stealing funds, but not enough companies have sufficient numbers of a, b or c.
  • There will be a significant increase in ransomware, but there will be higher ransom demands than we have seen in the past. Recently, there was a $34 million ransomware demand directed at Foxconn Electronics (the highest ransom demand to date that we can tell) and another against Dutch firm Randstad. I expect to see more and much higher ransom demands in 2021 (one ransom demand of $50+ million). At least one of these high-value demands will be directed at a critical infrastructure system.

  • China will begin military operations against Taiwan no later than July 2021 (and will receive very little pushback from most world leaders for doing so). Of course, this will create significant political repercussions, but also major disruptions in the world economy and in the technology space (for example, Taiwan is Apple’s number one supplier, and Google is currently building its third data center in the country.) Chinese President Xi said in early 2019 that Taiwan “must and will be” reunited with China. In May 2020, Chinese Premier Li Keqiang dropped China’s long-standing use of the word “peaceful” in discussing China’s reunification with Taiwan. In late 2020, the senior director at a think tank that specializes in China-Taiwan affairs noted, “This is the most dangerous, the most unstable, and the most consequential flashpoint on the planet.” And, in recent months, there have been a number of incursions by Chinese military aircraft into Taiwanese airspace.

I’d like to hear your thoughts on these predictions.

What Happens When Security Solutions Don’t Work?

A US county government has a serious security problem and has seen an enormous increase in the number of malware infections during 2020, as shown in the following figure.

As shown in the figure, they implemented a new security solution on April 10th and saw a slight decrease in the number of malware infections. However, a week or so later they saw a big increase in endpoint infections and so deployed another security solution of the same type on May 14th. That didn’t seem to work either, with infections increasing steadily until July, at which point they dropped significantly. However, in late October infections once again started climbing, this time faster than before. So, on November 20th a different type of security solution was implemented. That made no dent in the rate of increase for malware infections, and so five days later the county’s CISO chose to deploy a different security solution, after which malware infections climbed at an even faster rate.

Nothing seems to be working: the current level of malware infection is now about 16 times what it was when the first security solution was implemented back on April 10th. To make matters worse, the security solutions that have been implemented have seriously hampered employee productivity, so much so that economic activity in the county has been seriously impacted.

What should the county government leaders do at this point? Continue to implement one security solution after another, or perhaps try a different approach?

A CISO and security team that had a good handle on dealing with malware infections like this would take a different approach, choose different solution providers, or copy what other governments with the same problem have done in dealing with these types of malware outbreaks. There are some good examples they could follow, but their CISO won’t agree to consider them.

What would you do in this situation?