If there's one thing we learned in 2020, it's how to adapt. Companies compressed years-long digital transformation plans into a matter of weeks. Companies that "don't do remote" suddenly had to "do remote" and found it wasn't that bad. We got VPNs, external services, and started communicating digitally as the default. We adapted. So did bad guys. The FBI saw a 400% increase in cyberattacks as adversaries probed the new landscape for vulnerabilities. We haven’t even begun to see the results of these attacks. 2020 blew up expectations and we should expect more of the same in the coming years.
Fraud will skyrocket, straining existing defenses
Fraudsters’ toolsets have evolved over the past five years, while the current generation of defenses has started showing its age. Attackers have found that by imitating their victims, down to their home environment, they can bypass hurdles like multi-factor authentication and risk-based rate limiting. The tools that take advantage of this type of vulnerability are still in their infancy but when they mature, it will force companies to reevaluate their defenses.
3D printers will test biometric security
3D printers went from niche machines costing thousands of dollars to being sold for less than a Nintendo Switch. 3D-printed fingerprints and faces that can pass biometric authenticators is not a sci-fi future. It’s right around the corner. It won’t require a high-quality scan of a victim, either. Biometric authentication boils down to probability scoring, and a printable ‘master key’ may look more like a keychain of composable parts than a replica of a person’s face or fingerprint.
Bolt-on security will move to the edge
Routing a packet all the way through the internet only to reject it is a waste of resources. Both the internet and budgets are finite. Moving products like bot protection and data validation to the edge is the obvious solution whose time has come. 5G and the millions of new devices coming online globally will make these optimizations necessary.
Rust & WASM will change application security
Web Assembly, or WASM, is a computer bytecode that started as an alternative runtime for web browsers. Rather than write an application in JavaScript, developers can now compile almost any language into WASM and still target the web. Ironically, this universal web bytecode attracted more system developers than web developers and WASM is turning into an ultra-lightweight, ultra-portable way to execute binaries on the server, browser, edge, wherever.
Meanwhile, the Rust language made waves with its focus on memory safety – the cause of most security issues – and now has the best, first-class support for WASM. The combination of the two promise to fundamentally change application development across every platform.
A surge of data breaches will be announced late 2021
The office landscape changed radically in 2020. Millions of workers went remote in a matter of weeks and systems scaled to support them. The problem isn't remote working, the problem is that trends changed. Activity data and network traffic started looking differently all at once. Just like when someone flashes a light in your eyes at night, it takes time to readjust and see clearly again. Once companies recognize what new breaches look like, we’ll see a waterfall of announcements in a short timeframe.
We will continue to face challenges from COVID-19 in 2021, but it's not farfetched to imagine a future where things look "normal" again. How we work, though, has changed forever. We're still in the early stages of the new normal and the best we can do is expect the unexpected, and budget accordingly.