scip Cybersecurity Forecast – Predictions for 2021

scip Cybersecurity Forecast

Predictions for 2021

Marc Ruef
by Marc Ruef
on December 23, 2020
time to read: 7 minutes

As every year, at the end of the turbulent Corona year 2020, we would like to make a forecast for the coming year 2021. The following are precisely those topics that we believe will manifest themselves or even continue to develop. Regardless: Stay healthy!

Additional Fragmentation of Data Protection Requirements

As we aptly predicted last year, a fragmentation of privacy regulations could be observed this year. California has introduced CCPA (Consumer Privacy Act) and Brazil has introduced LGPD (Lei Geral de Proteção de Dados Pessoais). This national and sometimes regional trend will continue. This poses additional challenges for local and international companies, as individual requirements have to be taken into account as well as the different regulations have to be reconciled. Additional expenses associated with concrete legal uncertainty are to be expected in the medium term.


AI in Automatic Upscaling of Graphics

Until now, artificial intelligence has primarily been attributed to chatbots and voice assistants. The fact that mechanisms from the field of deep learning are also useful in other areas is becoming increasingly apparent. Among other things, AI is now being successfully used to perform processing of graphics. Some TVs scale images, often with clever anti-aliasing, very successfully to breathtaking 4k. In the video game sector, this has also become a very important topic, especially with the new console generation (Playstation 5 and Xbox Series X). NVIDIA now calls itself an AI Computing Company and wants to offer comparable mechanisms for video telephony as well. With little data and poor resolution, we will still be able to achieve high graphics quality in the near future.


Digitization Improved in Short Term and Selectively

When the pandemic made its way to Switzerland at the beginning of the year, it became immediately clear that many companies had spent the last few years sleeping through the possibilities of digitization. Suddenly, employees had to move to the home office, with the infrastructure not prepared for such a brute change. As a result, some companies very quickly and consistently acquired new hardware, introduced software and thus worked out more flexible options. This effect was only observed tentatively and selectively in certain organizations. Others, however, have emerged stronger and will continue to invest in sustainable digitization in the future. More flexible working time models will be just one of the consequences.


Thinning out Cybersecurity Providers

The ongoing pandemic is also having an economic impact. Many companies are struggling with a drop in sales, are forced to restructure or withdraw from the market altogether due to dwindling financial resources. The same effect can be observed in cybersecurity companies. There have already been the first providers who could not survive an early decline in orders. This will also lead to a partial thinning out of the industry in the coming year. Especially companies with little reserves and high expenses will not be able to survive. Accordingly, there will be a segment shift in the market, primarily in favor of the more conservative and already established players.


Successful Darknet Clearances on the Rise

The last few years have seen an increase in successful investigations on the darknet by the authorities. The awareness of the problem and the improvement of training will allow this trend to continue. It is true that no or only a few proactive darknet analyses will continue to take place in this country in the future. However, investigations will be expanded in this direction more quickly, consistently and efficiently. This can bring the goal of a holistic fight against cybercrime a decisive step closer. This may force a selective restructuring of the dynamic darknet, but it will only drive crime more underground.


Chinese Actors with Social Engineering Campaigns

Our Cyber Threat Intelligence Team has been able to identify increased research activities by Chinese actors in recent months, focusing on forms of attack that require user interaction. Concrete signals could be identified in connection with PDF readers and email clients. This is very atypical, as currently the major state actors (US, Russia, Israel) focus on preferably fully automated attack capabilities. The Chinese actors will likely want to implement larger campaigns focused on social engineering and spear phishing in the coming year. These APTs will be discussed in the media sooner or later.


More Attacks against Supply Chain

The far-reaching attack against US authorities, which could take place through an attack on SolarWinds products, has shown it impressively: Attacks on the supply chain will be driven in the future, especially by state actors. As a result, widespread and sustainable ones can be implemented. The big players will focus on widespread figures such as chip manufacturers and producers of well-known software. Equally, however, manufacturers of smaller products are also of interest when it comes to indirectly compromising specific targets. The issue of supply chain security will become more and more of a focus, with both technical and legal implications.


Race against security of the new generation of consoles

The latest console generation, namely Xbox Series X and Playstation 5, come with powerful hardware. Especially the graphical performance, a quantum leap is represented by ray tracing, unreservedly outshines the predecessors. This hardware will be interesting for various players. Basically, the gamer scene will want to run their own software (homebrews and ROMs) on it. On the Xbox, this can already be partially implemented with the Dev Mode. On the other hand, such devices can also be used efficiently for crypto mining and password cracking. The new interfaces, especially the memory extensions, bring additional complexity that could be addressed for a jailbreak required for this.


About the Author

Marc Ruef

Marc Ruef has been working in information security since the late 1990s. He is well-known for his many publications and books. The last one called The Art of Penetration Testing is discussing security testing in detail. He is a lecturer at several universities, like ETH, HWZ, HSLU and IKF. (ORCID 0000-0002-1328-6357)

Links

You want to evaluate or develop an AI?

Our experts will get in contact with you!

×
Password Leak Analysis

Password Leak Analysis

Marc Ruef

MITRE ATT&CK

MITRE ATT&CK

Marc Ruef

Cyber Threat Intelligence

Cyber Threat Intelligence

Marc Ruef

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here