By Cyber Security Summit Think Tank
January 21, 2021

Last year, the pandemic dealt our industry an immense upheaval that forced many to pivot wildly to secure critical infrastructure and data. With the lessons learned and challenges that remain – how will 2021 shake out? Members of the Cyber Security Summit Think Tank weighed in, and below are their top three predictions for 2021.

Last year brought about a dramatic shift in workforce structure and subsequent technology needs. With the onset of the global pandemic and quarantine, businesses sent their workers home with no solid plans for how to continue operations remotely and securely. Solutions were pulled off shelves and thrown together to meet the necessity of the moment, rather than mapped out months in advance and coordinated per traditional digital transformation guides.

Connectivity was enabled through increasing use of cloud capabilities and mobile technologies, but security was often an afterthought to functionality.

In 2021, as we start to see a light at the end of the tunnel, the reality is setting in that many of the old workforce structures are outdated and incompatible with the expectations of today’s workforce. We expect to see a more remote version of the workforce cement itself into the traditional business structure, utilizing many of the lessons learned during the past year.  

Now that the technology has enabled greater connectivity, we need a greater focus on securing the new infrastructure and protecting our remote workforce – not through layers of mismatched solutions duct taped together from necessity, but rather as a part of the strategic security planning and budgeting process. This will likely shift visibility away from more traditional security toolsets and onto new technologies and tools focused on identity verification, data protection and cloud capabilities.

We expect to hear the phrase “Ignore your supply chain at your peril” repeated throughout 2021. In the past year, the supply chain suffered disruptions from natural disasters, pandemics, and cybersecurity attacks. From an economic perspective, companies both large and small are waking up to the realization that they cannot take the health and security of their supply chain for granted. While just-in-time supplies have produced cost and overhead savings, they have also resulted in new headaches when delays or quality issues pop up. If you’re not planning for disasters and disruptions to your supply chain, you run the risk of being disrupted out of business.

The world nearly stopped in 2020, were it not for our ability to pivot to technology and connectivity to keep it going. But this reliance on technology and connectivity also brings with it a dark shadow. From a technological perspective, every organization will have to come to terms with the global and intricate nature of its technology stacks. From hardware layers to the many software layers, the interconnectedness of what we call Information Technology today means that we often don’t have much visibility nor control over large parts of those layers (whether they be operating systems, code libraries, APIs, containers, in-house apps, or outsourced apps). To make things worse, we often take the security and robustness of those layers for granted, something that attackers are keen to leverage to get to our sensitive data and systems.

By necessity, this dynamic will have to shift in 2021.

It is convenient to think of geopolitics as a static, fairly well-known playing field. Yet this view is a lot more like looking at an artist’s one-dimensional depiction of the sun, rather than the bubbly chaos of solar flares that we can see via a scientific-grade telescope. Geopolitics in 2021 is a lot more like solar flares, ready to explode at any moment.

In 2021, increasing connectivity, social media use, and collaboration tools, can all serve to further organize groups and ideologies into powerful forces that look to influence and have an impact well beyond their geopolitical borders. Technology and connectivity have created a reality in which attacks and propaganda can be mixed into a powerful cocktail that can detonate chaos and disruption halfway around the globe, in a matter of hours.

Of course the major global powers will continue to aggressively compete, including in cyberspace, for dominance or at least influence. Covert cyber operations will continue, along perhaps with their more overt counterparts of sabotage and discord. The weaponization of cyberspace will continue, as countries large and small refine their tactics, techniques, and procedures, on friends and foes alike.

Unlike major traditional (i.e. non-cyber) conflict zones, the blast radius from cyberspace attack tools will spill over into other countries, into their public entities (national and local government entities) as well as private companies (including small and medium businesses).

In 2021, governments around the world will need to muster the courage and the clarity to help their departments and their companies improve their oversight of cybersecurity to safeguard the privacy of data and improve cyber resilience.

The Think Tank is a vanguard of 50+ cybersecurity professionals who graciously lend their time and expertise to shaping the Cyber Security Summit each year. Representing all 16 critical infrastructures, many of these leaders serve in top posts in business, government and academics.