"In 2021, we will see a significant uptick in edge computing infrastructures. With that growth, threat actors will begin to develop specific threats that target edge gateways and other edge computing environments."
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs:
"In 2021, one of the biggest security threats will be that trojans are evolving to target the edge. Here's what this means: while end users and their home resources are already targets for cybercriminals, sophisticated attackers will use these as a springboard into other things going forward."
David Elmaleh, Product Manager, Imperva:
"The maturity of 5G and expansion of IoT fuels botnet armies: Sophisticated cybercrime groups will scale their operations in 2021 by exploiting vulnerabilities in common household IoT devices. The democratisation of machine learning will equate to smarter attacks that are harder to defend against and stop."
Laurence Pitt, Global Security Strategy Director, Juniper Networks:
"Too often, the business need to provide data is prioritised over safeguarding information and restricting data access appropriately... Combined with the adoption of 5G which, when not properly protected, enables attacks and data theft to happen faster and more discretely, we will see cybercriminals continue to launch phishing, vishing and ransomware attacks, leading to a likely growth in data theft in 2021."
James Nguyen, CEO, Quantropi:
"The quantum threat is here, it's real, and it can cause irreparable harm to your business. One of the biggest causes for concern is that quantum threats are rapidly evolving at a rate that our current defence systems can't keep up with. As quantum computers become more prevalent, all existing encryption standards will become obsolete, putting your sensitive data at-risk."
API
Jasen Meece, CEO, Cloudentity:
"Now that the traditional network perimeter no longer exists due to the widespread adoption of remote work, the single greatest security threat in 2021 will be the use of AI bots by malicious actors to launch API-based cyberattacks across the increased attack surface to compromise customer and employee data."
Pascal Geenens, Director of Cyber Threat Intelligence, Radware:
"Cloud-hosted environments and APIs one of the largest enterprise security threats for 2021. The internet will become one large interconnected service factory… The risk is that if one component fails, then the whole system is impacted."
From Inon Shkedy, Security Researcher, Traceable.ai:
"Businesses are increasingly dependent on APIs that power mobile, IoT and other modern applications and are widely distributed across endpoints. App development moves faster than security can keep up, exposing weaknesses that cyber-attackers can take advantage of to steal customer data and compromise services. The unprotected terrain of the API ecosystem leaves businesses at risk and will be the biggest security threat for enterprises in 2021."
Bernd Greifeneder, founder and CTO, Dynatrace:
"In the coming year, we are likely to see an increase in application vulnerabilities being exploited by hackers, as security issues shift from infrastructure to application. Accelerated digitalisation makes this issue worse, as traditional methods of vulnerability management simply aren't fit for a modern cloud native world, where applications are becoming far more dynamic."
Roey Eliyahu, Co-Founder and CEO, Salt Security:
"As we move into 2021, companies must increase their awareness of API risk. We will keep seeing APIs grow as an attack vector, since hackers can use them to take over an account, access unauthorised data, make fraudulent charges, and exfiltrate loads of sensitive data. APIs should be at the top of the list for 2021 security threats enterprises need to mitigate."
Dmitry Sotnikov,Chief Product Officer, 42Crunch:
"API security continues lagging in attention, with companies still prioritising rapid product development and developers confused about what needs to be done to ensure that their work is secure. APIs then become the perfect way for attackers to remotely find the weak spots in the system and exploit these at scale."
Disinformation/Trust Attacks
Max Heinemeyer, Director of Threat Hunting, Darktrace:
"2020 was the year in which information and disinformation were pitted against each other, fuelled by deepfakes that both entertained and also distorted political discourse… 2021 will see more so-called 'trust attacks' where sophisticated hackers use illegitimate access to computer networks not to steal data, but to subtly alter information and undermine its integrity."
Saj Huq, Director, LORCA (London Office for Rapid Cybersecurity Advancement):
"The biggest security threat of 2021 will be something that many do not even consider a cybersecurity issue – disinformation. In 2020, we experienced an infodemic and saw how disinformation can have a huge real-world impact on everything from trust in elections to conspiracies around Covid-19. In 2021, it will continue to be used both as a delivery mechanism for ransomware but also to cause reputational damage to enterprises and to create chaos for nation states."
Nick Emanuel, Senior Director of Product, Webroot:
"As 2021 brings forward the first vaccines to fight Covid-19, cyber criminals will exploit the lack of trusted information and the widespread use of phone based medical appointments (Telemedicine) to target businesses and consumers in phishing attacks and BEC (Business Email Compromise) scams."
Rick Tracy, CSO & Product Manager, Telos Corporation:
"Attacks on data and information integrity. Manipulation of data and information as we've seen this past year with disinformation campaigns have influenced public opinion and created confusion boarding on chaos."
Rodney Joffe, Security CTO, SVP and Fellow, Neustar:
"This year, the threat of misinformation has reached a new state of maturity, largely driven by the Covid-19 pandemic. In 2021, we can expect the issue to grow further, forcing organisations to become more vigilant and take greater levels of accountability."
Other
Douglas Murray, CEO, Valtix:
"Mainstream adoption of public clouds at large scale will prove to be a significant enterprise security challenge in 2021. Public clouds are simply different than traditional on prem data centres and create new threat vectors around applications that customers need to be prepared to defend."
Bryan Barney, CEO, RedSeal:
"Corporate IT is going through the biggest transition since the invention of the PC: migrating most data and applications to the cloud – specifically, the public cloud. Keeping all those assets secure through this transition will be the biggest challenge. As such, the biggest threat will be attacks on misconfigured public cloud infrastructure and assets."
Lamont Orange CISO at cloud security company, Netskope:
"Cloud-enabled threats will continue to evolve and become a weapon of choice, and insider incidents causing or contributing to successful breaches will accelerate thanks to the overall shift to remote work."
Bindu Sundaresan Director, AT&T Cybersecurity:
"Cloud vulnerabilities and misconfiguration issues are top concerns entering 2021 as cybersecurity teams continue to redefine an organisation's network perimeter."
"Poorly implemented modernisation from monolithic software to containerised, cloud-native software running on hybrid cloud environments will be the greatest threat to enterprise security in 2021. The rapid adoption of cloud-native technologies such as Kubernetes brings great advantages in terms of development velocity and scalability, but a growing skills deficit is forcing enterprises to learn how to do cloud native as they go.
Russell Handorf, Principal Threat Intelligence Hacker, White Ops:
"One of the biggest threats that we will face in 2021 is a growth of nation state actors in traditional cyber crime activities; they will bring their knowledge of how to increase the effectiveness of targeted attacks at scale against specific markets that have high yield return of investment."
Catherine A. Allen, Founder and Chairman, Shared Assessments:
"I believe the single biggest threat will be the use of cybersecurity to create disruptions and political and social unrest… Targets will be critical infrastructures and political figures."
Tom Brennan, USA Chairman, CREST International:
"One of the big threats we will see in 2021 is a significant increase in strategic cyber operations to further the interests of nation states. We expect a growing sophistication in the number of attacks and a faster movement of new techniques from nation states to NGOs."
Sam Crowther, CEO and Founder, Kasada:
"The use of open source testing frameworks such as Puppeteer and Playwright are becoming one of the biggest threats for enterprises to contend with… These frameworks require new methods to detect and stop cybercriminals from successfully conducting malicious automation at scale."
From Yana Blachman, Principal Threat Intelligence Analyst, Venafi:
"There will be a sharp rise in attacks against open source software tools and libraries. By targeting the supply chain of open source repositories, cybercriminals potentially can hit many more targets and maximize their results with less work."
Doug Saylors, Director, Information Services Group (ISG):
"The single biggest security threat at the enterprise level for 2021 will be the continued rise of Advanced Persistent Threat (APT) teams. Nation-state sponsored APT teams have seemingly unlimited budgets, staff and access to cutting edge technology. Recent attacks underscore the desire to engineer and plant exploits which may be hidden for months or years to achieve the long terms goals of the APT."
Yanir Laubshtein, VP, Cyber Solutions, NanoLock Security:
"The biggest single biggest enterprise security threat of 2021 will be the migration of Advanced Persistent Threats from the IT space into the OT. SolarWinds's breach demonstrated the risk of an APT lurking un-identified beneath the surface and there will be more in 2021."
Adam Bangle, VP EMEA, BlackBerry:
"Another problem that will continue to cause worry is the lack of consequences for those nations, organisations and individuals that weaponise cyberattacks. In 2020, we saw several state-sponsored attacks that were traced to specific perpetrators. However, these criminals were not penalised. In fact, we might be seeing the future of warfare: a world in which states are free to target a nation's infrastructure without fear of consequences. This lack of fear has also translated into the rise of "ransomware as a service", which is now an accepted part of the threat landscape, and a trend that will continue to grow exponentially in 2021."
Keith Glancey, Systems Engineering Manager, Western Europe, Infoblox:
"The combination of COVID-19 and Brexit has created the perfect storm for data privacy issues in 2021… The uncertainty of what is to come could mean mayhem for IT teams in charge of data protection, and it's that very uncertainty upon which cybercriminals thrive."
Pieter VanIperen, Managing Partner of PWV Consultants:
"The biggest threat to enterprise security is the sheer volume of threats and the vectors used. It's a bit meta, but we are living in a time where we cannot rely on normal expectations. Remote work, a pandemic, increasing vulnerabilities and weaknesses, a variety of reasons impact what our expectations should be. The volume of threats isn't going to slow down and the vectors will continue to change and evolve."
Anna Chung, Cybersecurity Threat Research Analyst at Unit 42, the threat intelligence arm of Palo Alto Networks:
"As we head into the new year, we should expect to see criminals continue to focus on immature contactless processes or changes to mature trusted ones, either to intercept financial transactions or compromise systems to gain identity or other personal information. One possible target will be how the use of QR codes has risen during the pandemic. Looking ahead to 2021, the rise in use of this technology is pushing QR codes to the top of the list as a potential security vulnerability and something both consumers and businesses should be looking out for and protecting against."
Phil Dunkelberger, CEO, Nok Nok Labs:
"From mobile check-ins at hospitality venues to digital menus at your favorite restaurants, QR codes have quickly taken off as the world shifted to contactless with the arrival of COVID-19. As the frenzy surrounding QR codes continues into 2021, threat actors will increasingly use the technology to get their hands on sensitive data."
Sudhanshu Chauhan, Co-founder, RedHunt Labs:
"Untracked assets on the internet will become a major reason for breaches in 2021 and beyond. With modern IT infrastructure in place, including cloud, third-party services, modern deployment practices, etc., the definition of an asset has evolved in the last decade. Adding a hybrid workforce to the mix has resulted in a substantial increase in the number of internet assets."
Victor Fredung, CEO, Shufti Pro:
"The biggest security threat this year is replay attack. Fraudsters change chunks of information in the ID document while verifying their identities. Within the same verification session, the same document is submitted every time, however, there are minor changes in the information that make it hard to detect forgery. The intensity of this fraud will be high in 2021 and detecting it requires advanced document and biometric verification."
Raz Rafaeli, CEO & Co-Founder, Secret Double Octopus:
