Exclusive: Looking ahead to cybersecurity in 2021

In the January 2021 edition of International Security Journal, 25 of the leading figures in security shared their predictions on what security professionals would be coming up against in 2021. Cybersecurity was a particularly hot topic with many influencers feeling this is a pivotal year for organisations to boost their cyber defences.

Andy Watkin-Child CSyP, CEng, MSyI, MIMechE, AMAE, Founding Partner of Parava Security Solutions

The US DoD CMMC programme adopted into regulation on 1 December 2020 and applied to the DoD global supply chain is the first cybersecurity programme which has a direct impact on both nation states and the private sector globally. Impacting nation states as it requires accreditation of defence contractors who will require an independent certificate of CMMC compliance. The private sector, if you do not have a certificate of CMMC compliance the DoD will not award a defence contract. I predict that we will start to see more descriptive cyber regulations in 2021, setting the standards and foundations for cyber practices for the public and private sector.

Globally public and private sector agencies adopt different cybersecurity standards and practices. Creating inconsistencies and inefficiencies in cybersecurity practices, adoption and protection between international partners. For example, the UK government sets cyber essentials as the standard for cybersecurity if you supply government departments. The US government sets NIST and the European Union’s cybersecurity act which does not identify specific security practices or controls for information security. I expect that in 2021 we will start to see common standards being adopted by nation states. Setting a higher bar for national cybersecurity.

Rick Mounfield MSc FSyI CSyP, Chief Executive at The Security Institute

The Cyber Security Council will launch in 2021, realising a three-year collaborative project between the National Cyber Security Centre (NCSC), Dept of Digital, Culture, Media & Sport (DCMS) and 16 industry professional bodies. The Council will set and maintain standards for the sector in the way the General Medical Council does for Doctors. This council will improve not only standards, but inclusivity and diversity with new talent pipelines and career pathways to encourage our youth to consider a career in this growing field. This is an essential aspect of security as we move into an increasingly complex and digital threat landscape. With quantum computing bringing new threats and opportunities, the next generation need to be prepared.

Bonnie Butlin, Co-Founder and Executive Director of the Security Partners’ Forum

Virus management may have also exacerbated other existing challenges by adding additional uncertainty within the security and cybersecurity sector, already recognised for high-intensity change, with related investment, scaling, recruitment and retention challenges. The monopolistic propensities of cybersecurity and big tech, already identified by the new cybersecurity economics discipline, were exacerbated by the virus response, with most gains globally going primarily to a few US-based big tech companies, further skewing options within the sector. Women, already underrepresented in the security and cybersecurity sectors, were disproportionately affected by the management of the virus. Virtual work has already placed downward pressure on salaries, which were a significant factor in attracting and retaining talent.

Charles Swanson MSc CSyP FSyI, Author and Security Management Specialist

The threat from the cybercriminal and perhaps, the cyber terrorist is unlikely to diminish during 2021 and whether such attacks emanate from organised criminals or state actors, it is likely they will be more sophisticated and greater in intensity.

I believe the UK and the US will be primary targets for such attacks, but from a positive perspective, let us hope that public and private institutions have learned lessons from recent attacks, such as the WannaCry ransomware assaults carried out in 2017 which impacted the UK NHS, hospitals and GP surgeries, costing the service an estimated £92 million.

Peter Backman, Corporate Security Director

As companies, nation states and individuals have gone through accelerated restructuring processes, trends such as digitalisation, remote work, expansion of the IoT, integration of AI and automatisation have evolved – and so have the cyber actors. The cyber landscape is changing quicker than we can control, regulate and protect and this can translate into a more vulnerable corporate and political landscape. We have to restructure the security strategy along with organisations. Remember: whatever you can do, a hacker can do too.

To read the complete January 2021 edition and catch up with the expert insights and opinions of the ISJ Influencers, please click here