Adrian Taylor: In the Midst of COVID-19, We’re Seeing a Pandemic of Cyber Attacks  – So What’s on the Horizon for 2021?

Written by Adrian Taylor, EMEA VP, A10 Networks

With 2020 dominated by the start of the COVID-19 pandemic, there was also a sharp rise in cybercriminal activity. From simple phishing attacks to one of the largest DDoS attacks ever recorded, we saw the cyber threat landscape evolve and grow. At the same time, we also saw a rapid growth in the tech and cybersecurity industry. From the continued global 5G roll out to the exponential growth of the Software-as-a-Service (SaaS) industry, there were many positive developments amidst the gloom of a worldwide health emergency.

The challenges arising from these cybersecurity developments – including COVID-19 – will continue to have long-term implications in 2021 and beyond. To this end, here are some of the most pressing cybersecurity trends for the year ahead.

Cybercrimes will experience a surge

2020 was a busy year for both attackers and hackers, as well as cybersecurity personnel defending against the plethora of attacks to which they were subjected. There was a rise in anti-government cyber activities, a prominent example of which was the attack on FireEye, allegedly by a foreign nation state-sponsored entity, where multiple tools were stolen for use in subsequent attacks.

In 2021, such attacks will not just be more frequent, but they will also be very specific regarding who they target. International cyber espionage will be one of the main motivators for cyber attacks; we will see security vendors being attacked and compromised at an even greater pace. Even the attacks that happened in 2020, like the FireEye or Sunburst attack that targeted the SolarWinds supply chain, will have long-lasting effects. Investigators suspect, for example, that up to 250 organisations may have been compromised in the SolarWinds attack.

Such attacks will not only create opportunities for newer attacks, or variants/branches of the existing ones, but will also drive cybersecurity innovation in 2021.

The intelligent Edge will be weaponised

One of the major innovations driven by 5G is the implementation of multi-access edge computing (MEC). Building intelligence into the edge will boost the availability and efficiency of 5G networks. However, keeping global cybersecurity trends in mind, we can see that the intelligent edge might be hijacked by attackers for launching different kinds of attacks, both on the mobile core networks as well as on victims outside of the realm of the service provider that has been compromised. If nothing else, MEC can be used for propagating malware into different networks for drone recruitment in IoT botnets.

Low-volume DDoS attacks will be more frequent

In 2020, even though we saw one of the largest DDoS attacks ever recorded, targeting one of the biggest names in tech, a large number of DDoS attacks went unnoticed because, even though the frequency of these attacks were very high, their size was not. These high-frequency, low-volume attacks will keep the security industry busy in 2021 and may be instrumental to disabling security infrastructures or just acting as smokescreens for larger malware attacks such as the recent Sunburst attack.

Five million DDoS weapons will be added to the global DDoS arsenal

A10 Networks has observed that the number of DDoS weapons doubled from around six million at the end of 2019 to 12.5 million in 2020. This trend will remain the same in 2021 as more IoT devices come online with each passing day, with an expected addition of at least five million weapons.

The large number of DDoS weapons will also enable attackers to launch another record-breaking DDoS attack in 2021. We will have to wait and see whether it will be made public by the victims of such attacks. 2021 will be the year of Zero Trust implementation.

2020 was the year of understanding what the Zero Trust model is in a practical sense. Throughout the year, we saw security vendors align their solutions with the Zero Trust model. These were adjusted as more became clear on what it means to be a Zero Trust user, device, or network, and the policy changes necessary for a successful implementation of the Zero Trust model. As the COVID-19 pandemic fast-tracked the move to a SaaS model, as swathes of the global population worked from home, the importance of Zero Trust security has gained critical importance.

Organisations now understand that Zero Trust is not a specific device or vendor, but rather a series of strategic policy and practical changes that help enable better security. A successful implementation requires good understanding of what the Zero Trust model is, as well as the many diverse solutions that have to work in unison to enable its implementation.

We believe that the concept of Zero Trust has reached a level of maturity and clarity where it will be effectively adopted and implemented by many organisations in 2021, and that it will become the go-to security model for all types and sizes of organisations. Sophisticated attacks like Sunburst will also drive the need for effective Zero Trust implementation.

SASE adoption will accelerate

Since 2020 forced most of the workforce to work remotely, attackers have been experimenting with new ways of exploiting security loopholes or shortcomings exposed by these rapid changes. This accelerated and will continue to accelerate the development and adoption of Secure Access Service Edge (SASE) solutions.

However, since the move to the cloud is not an overnight transition, many organisations still have most of their resources hosted on-premises. They will continue to struggle with maintaining the remote work model and may revert back to business as it was, once a vaccine for COVID-19 becomes readily available and things go back to normal.

This, however, might be temporary as the world has now experienced a pandemic and many organisations have already started moving their businesses from on-premises to the SaaS-based model, with the trend only being accelerated by COVID-19. In summary, SASE will be an essential part of the enterprise security infrastructure as we move into 2021 and beyond.

2020 has taught us that vigilance in cybersecurity cannot be taken for granted. We are facing new, persistent threats of all shapes and sizes, and we have to make sure that, going forward, we face these threats with the best of our collective abilities. 2021 will be the year of cybercriminal activities, but it will also drive innovations in cybersecurity like never before.