By Sanjai Gangadharan, Regional Director, SAARC, A10 Networks
2020 sure has been an eventful year. As we turn the page on the calendar, the COVID-19 pandemic is still wreaking havoc around the globe. The coronavirus is continuously evolving and presenting new challenges.
In addition to the direct effects of the COVID-19 pandemic, we also saw a sharp rise in cybercriminal activity. From simple phishing attacks to one of the largest DDoS attacks ever recorded, we saw the cyber threat landscape evolve and grow.
At the same time, we also saw a rapid growth in the tech and cybersecurity industry. From the rollout of 5G in many parts of the world to exponential growth in the SaaS industry, we saw the pandemic put many positive changes into full gear as well.
We believe that these challenges, and the changes that they brought about, will not stop once the clock struck midnight on December 31. The effects of this pandemic on the tech industry will be long-lasting. Moreover, some of the challenges introduced in 2020 will affect cybersecurity well into 2021, and even beyond. So, here are some of the cybersecurity trends that we see forthcoming in the year 2021.
Cybercrimes Will Experience a Surge
2020 was a busy year for both attackers and hackers as well as cybersecurity personnel defending against the plethora of attacks to which they were subjected. With an election year in the United States in 2020, we saw a rise in anti-government cyber activities, a prominent example of which was the attack on FireEye, allegedly by a foreign nation state-sponsored entity, where multiple tools were stolen for use in attacks later on.
In 2021, such attacks will not just be more frequent, but they will also be very specific regarding who they target. International cyber espionage will be one of the main motivators for cyber-attacks and we will see security vendors being attacked and compromised at an even greater pace. Even the attacks that happened in 2020, like the FireEye attack or the Sunburst attack, that targeted the SolarWinds supply chain, will have long-lasting effects. We have only seen the beginning of these attacks. Investigators suspect, for example, that up to 250 organizations may have been compromised in the SolarWinds attack. Actual results are yet to come.
Such attacks will not only create opportunities for newer attacks, or variants/branches of the existing ones but will also drive cybersecurity innovation in 2021.
The Intelligent Edge will be Weaponized
One of the major innovations driven by 5G is the implementation of multi-access edge computing (MEC). Building intelligence into the edge will boost the availability and efficiency of 5G networks. However, keeping the global cybersecurity trends in mind, we can see that the intelligent edge might be hijacked by attackers for launching different kinds of attacks, both on the mobile core networks as well as on victims outside of the realm of the service provider that has been compromised. If nothing else, MEC can be used for propagating malware into different networks for drone recruitment in IoT botnets.
Low-volume DDoS Attacks will be More Frequent
In 2020, even though we saw one of the largest DDoS attacks ever recorded target one of the biggest names in the tech industry, we also saw that a large number of DDoS attacks went unnoticed because, even though the frequency of these attacks was very high, their size was not. These high-frequency, low-volume attacks will keep the security industry busy in 2021 and may be instrumental to disabling security infrastructures or just acting as smokescreens for larger malware attacks such as the recent Sunburst attack.
Five Million DDoS Weapons will be added to the Global DDoS Arsenal
The A10 Networks security research team observed that the number of DDoS weapons doubled from around six million at the end of 2019 to 12.5 million in 2020. This trend will remain the same in 2021 as more IoT devices come online with each passing day, with an expected addition of at least five million weapons.
The large number of DDoS weapons will also enable attackers to launch another record-breaking DDoS attack in 2021. We will have to wait and see whether it will be made public by the victims or not.
2021 will be the Year of Zero Trust Implementation
2020 was the year of understanding what the Zero Trust model is in a practical sense. Throughout the year, we saw security vendors align their solutions with the Zero Trust model, adjust the model as we got more clarity on what it means to be a Zero Trust user, device, or network, and explore the policy changes necessary to a successful implementation of the Zero Trust model. As the COVID-19 pandemic fast-tracked the move to SaaS and made the “work from home” model mainstream, the importance of Zero Trust security has gained critical importance.