COVID-19's lasting effect on cybersecurity and what to expect in the new year

Let's face it — 2020 was a difficult year for cybersecurity. Hacks, scams, and ransomware attacks were at an all-time high. From healthcare breaches to mobile phishing scams brought on by COVID-19, the 2020 election, and Shop-From-Home as well as work from home (WFH), cybersecurity has faced a slew of unprecedented attacks. With remote work extended into 2021 and COVID-19 cases on the rise, we must prepare for another busy year in the cybersecurity space. Here's what to expect in 2021:

The Everywhere Enterprise is here to stay

The enterprise is now everywhere - data resides everywhere, work takes place everywhere, and employees communicate with customers everywhere. People will continue working remotely from anywhere, not necessarily the office. We won't see 100% of companies go back to the office in 2021, and we also won't see 100% stay remote. Employees will have the autonomy to decide where they want to work — and enterprises will need to take the security measures needed to make it happen. The 2021 working persona will be someone who works on the go using a range of mobile devices, such as tablets and phones. The stagnant desktop employee will no longer be a reality.

Health institutions will be the most targeted group for ransomware attacks

Generally, as a vertical becomes more important, prominent attackers leverage it as their greatest opportunity — so it is no secret that hospitals will be a huge target for ransomware attacks in 2021. With increasing use of tele-medicine, sensitive patient data is flowing throughout modern mobile endpoints and legacy infrastructures 24/7, health institutions will be a hacker's dream.

COVID-19 will finally be a catalyst for change in authentication and the password will finally die

Last year we said that passwords would be eradicated by 2025 — little did we know COVID-19 would come in and kill them 4 years sooner. Alongside this, one challenge we will see in 2021, is people figuring out how to go from relying on passwords for authentication to not just second factor, but to totally removing that additional friction that passwords create for the enterprise.

Mobile workers, fearing privacy concerns, will be the most dangerous risk to your enterprise

In the new WFH era, we're constantly working on the go using a range of mobile devices, such as tablets and phones, relying on public Wi-Fi networks, remote collaboration tools, and cloud suites for work. As we settle into a new year of this reality, mobile workers will be the biggest security risk as they view IT security as a hindrance to productivity and believe that IT security compromises personal privacy.

We'll use AI as a new form of authentication

Password related cyberattacks continue to dominate every industry, with there being a reported more than 88 billion credential stuffing attacks alone in a 24-month period. To overcome this issue and kill the password for good, organizations need to take a mobile-centric zero trust security approach. Using AI and machine learning, this approach goes beyond identity management and gateway approaches by utilizing a more comprehensive set of attributes to determine compliance before granting access. It validates devices, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user.

Making mobile voting a reality will be in the works

The US is still not ready to introduce mobile voting technologies. Between concerns regarding testing, scalability, privacy, secrecy, transparency, and trust — all of which came to light in 2020 — mobile voting isn’t ready yet, for prime time. Before we can rely on mobile voting, we need to be able to trust and verify that the user, their identity, and their device are all validated and in compliance with security policies. We’ll get there eventually, but there’s more work to be done — and this will be a big focus to begin in 2021, so that the US can be ready for the next major election.

The debate around privacy and contact tracing apps will continue

As the cooler weather of Fall moves our activities indoors, and we see the spike of COVID-19 infections increasing quickly, we look back to the basic concepts that helped us combat this in the Spring; wear a mask, maintain safe social distancing, wash your hands, and when testing indicates that someone is infected, quick and thorough contact tracing is essential. However, the contact tracing apps have received mixed reviews from the security and privacy communities. How much personal information are the apps really sharing, and with whom? How much privacy do I have to give up to be safe and healthy? Like the coronavirus itself, we have not seen the last of the debate about contact tracing apps and the APIs they rely on.

Bill Harrod

Bill Harrod

Federal CTO, MobileIron

About the author

Bill Harrod is the Federal CTO at MobileIron. He is an accomplished information security executive and cybersecurity professional with experience managing cybersecurity risk and designing and delivering security solutions to federal agencies and Fortune 500 companies. He is an expert on Federal Identity, Credential and Access Management Architecture (FICAM). Previously, he served as a senior manager at Deloitte and senior principal consultant at CA Technologies.