We begin this year’s forecasts by recognizing and conceding just how significantly off-base our assessments were at this time last year when we suggested that 2020 “looked encouraging.”

To be reasonable, virtually no one anticipated a worldwide pandemic.

The pandemic represents, and continues to be, a global catastrophe of immense scale that has compelled billions of individuals to remain at home, and has severely damaged economies with businesses (including new ventures) battling to survive. The widespread transition to remote work introduced security concerns, such as safeguarding your personnel when staff members operate beyond the protected boundaries of their workplaces. However, it has also driven us to discover and implement answers to some of the most difficult problems, including conducting a secure election and ensuring the distribution network for the vaccines that will restore our lives to a degree of normalcy.

As 2020 concludes, many of the security issues highlighted by the pandemic will persist into the coming year. Here’s what you can anticipate.

Working from home has given hackers new avenues for attacks

The rapid shift to remote work in March, prompted by widespread lockdowns, created novel opportunities for malicious actors. Hackers promptly discovered innovative methods to compromise large organizations by focusing their efforts on individual employees. Virtual Private Networks (VPNs) became a primary focus due to existing, often unaddressed, security weaknesses. Flaws within enterprise-level software left corporate networks susceptible to intrusion. Furthermore, the increased number of personal devices connecting to networks – and the accompanying rise in malware – introduced new complications.

According to Sophos, this widespread distribution of the workforce has effectively made each individual responsible for their own IT security. Users are now required to maintain their own computer security, apply software updates, and lack the immediate support of an internal IT department to verify potentially dangerous emails.

Organizations are adapting to these evolving cybersecurity concerns, as remote work arrangements are likely to continue. Grayson Milbourne, Security Intelligence Director at Webroot, a cybersecurity company, noted that Managed Service Providers – essentially outsourced IT solutions – are well-positioned to capitalize on this transition to remote work.

Ransomware attacks are increasingly focused and challenging to resolve

Malicious software that encrypts files, commonly known as ransomware, is evolving in its methods and becoming more elusive. Unlike earlier ransomware versions that simply locked a user’s files and demanded payment for their release, contemporary, more sophisticated iterations initially pilfer a victim’s data, then encrypt the network, and finally threaten public disclosure of the compromised information unless a ransom is provided.

This type of ransomware, which also involves data theft, significantly complicates recovery from an incident, as simply restoring systems from backups—when available—is no longer a sufficient solution. Michael Sentonas, CTO at CrowdStrike, refers to this emerging trend as “double extortion,” as victims are compelled to address the consequences of a data breach in addition to the encryption itself.

The healthcare industry remains a particularly vulnerable target, especially given the ongoing pandemic. Although some ransomware groups pledged to refrain from deliberately targeting hospitals during this period, medical facilities were by no means protected. Numerous significant attacks occurred throughout 2020, including a ransomware incident at Universal Health Services, a major U.S. healthcare provider, which resulted in extensive system outages. More recently, U.S. Fertility reported a ransomware attack affecting its network.

The increasing frequency of these prominent incidents stems from the fact that attackers are meticulously selecting their targets. While these highly targeted attacks demand greater expertise and effort, they substantially increase the likelihood of securing a larger ransom—sometimes yielding millions of dollars from a single successful breach.

“In the year ahead, these advanced cyberattacks will place considerable strain on the accessibility of essential services—ranging from disruptions to healthcare delivery and patient care, to the operation of online and mobile banking and financial systems,” stated Sentonas.

Resistance to facial recognition technology is expected to grow

The year 2020 witnessed the most significant opposition to facial recognition technology seen up to that point. This movement began in January when The New York Times published a detailed report concerning Clearview AI, a surveillance company operating discreetly.

This facial recognition company enabled its users to identify individuals by comparing their faces to an extensive database containing three billion images, collected from publicly available sources on social media platforms without obtaining consent. The utilization of Clearview AI by primarily governmental bodies and law enforcement (often without formal authorization), as well as select private organizations, generated considerable public concern and led social media companies to issue legal notices demanding they cease their activities.

Advocacy groups have consistently maintained that facial recognition systems are inherently inaccurate and exhibit a tendency to incorrectly identify individuals, particularly those from communities of color. Others contend that the technology represents an infringement upon personal privacy.

Following this, prohibitions on the use of the technology were enacted in numerous cities across the United States, one after another, compelling many police departments and public entities to discontinue its application. Most recently, legislators in Massachusetts approved a measure prohibiting state public agencies from employing facial recognition—marking the initial statewide action of this nature.

It is reasonable to anticipate that additional cities, towns, and states will enact laws restricting the public application of this contentious technology. Broader legislative measures are also foreseen to establish more robust safeguards for citizens’ biometric information, similar to the Biometric Information Privacy Act in Illinois, which resulted in a $550 million settlement with Facebook in January due to a violation of the act.

Nation-state sponsored hacking activities are expected to persist

The past year has witnessed considerable activity from groups engaged in state-sponsored espionage. This surge was partially fueled by attempts to obtain and pilfer research related to coronavirus vaccines, as well as surveillance surrounding the U.S. presidential election. However, typical espionage operations continued as well, encompassing targets such as security conventions and widespread campaigns that compromised numerous technology firms, video game developers, educational institutions, and research organizations through the actions of state-affiliated cybercriminals.

However, the incident revealed in December stood out as particularly significant. It involved a compromise of FireEye, a prominent cybersecurity organization, alongside multiple U.S. governmental agencies. This was achieved through a highly complex and covert supply chain attack targeting SolarWinds, a software company delivering IT management solutions to large-scale clients, including FireEye and various branches of the U.S. government. The intrusion remained undetected for several months before its discovery in December. Hackers, attributed to Russia’s foreign intelligence agency and known for infiltrating networks to extract data, implanted a hidden access point within SolarWinds’ software. This allowed them to penetrate up to 18,000 customer networks—a majority being Fortune 500 corporations. Further details are still being uncovered and are anticipated to emerge over time.

FireEye indicated, prior to revealing the breach of its own systems, that it expects these types of intelligence-gathering attacks to not only continue but to escalate, with a focus on acquiring knowledge about the policies and operations of the new administration.

These hacking collectives are categorized as advanced persistent threats—or APTs—due to their sophisticated capabilities and substantial resources. “Key nation-state actors predicted to maintain their efforts in 2021 include Russia, China, Iran, and North Korea. These nations are substantial backers of malicious cyber activity, both within their respective regions and on a global scale. Additionally, we are observing increased activity originating from Vietnam and South Asia,” stated FireEye.

With Federal Pressure for Encryption Defeat, Are We Seeing a Re-emergence of the Crypto Wars?

It may seem surprising, given current priorities, that the government is focusing on methods to circumvent the security of encrypted devices used by individuals suspected of criminal activity – a challenge that many specialists believe is not widespread.

However, during its final year, the previous administration actively promoted policies opposing encryption, including requests for technology firms to incorporate vulnerabilities into their offerings, even if this meant exposing Americans to potential security breaches (which it shouldn’t). Furthermore, two legislative proposals were put forward that, if enacted, would require companies to provide access to encrypted information with a valid search warrant. These bills are unlikely to succeed with the current Congressional session nearing its end.

For many years – indeed, decades – cybersecurity professionals have maintained that creating a secure backdoor is impossible without simultaneously creating a risk for malicious actors to exploit it. The recent SolarWinds incident serves as a stark reminder of this critical point.

The previous administration’s actions represent the latest in a continuing series of attempts by U.S. governments to diminish encryption, with the stated goal of protecting citizens from criminal behavior – despite the potentially severe consequences for overall cybersecurity. While President Biden’s past votes on encryption and security issues do not inspire confidence among privacy advocates, his record is not entirely dismissive of these concerns.

Significant developments have occurred since the 1990s, including government disclosures that revealed the extent of U.S. surveillance capabilities, leading to public concern and legal changes. Although President Biden might adopt a more moderate stance on encryption, civil rights organizations and privacy advocates will likely remain vigilant.