Netwrix has offered some predictions for 2021, most of which represent reasonable extrapolations of trends that have developed over 2020: the increased rapacity of ransomware, a shift in criminals' interest toward service providers, cloud misconfigurations will account for a significant fraction of data breaches, regulatory compliance and insurance combining to drive organizations toward best practices, and pandemic-induced changes in the workplace will have a delayed effect on security. Two of their predictions strike us as being at least as normative as they are predictive: organizations will be driven by calculations of risk and value in managing their cybersecurity posture and investment.
Digital Shadows also foresees more aggressive extortion by criminals, but they add a prediction that distributed denial-of-service attacks will be used more often to hold organizations for ransom. "Blind spots" that accompany the shift toward remote work will be exploited in social engineering, and the social engineers' lures will continue to dangle phishbait cut from current events to lure the unwary. Criminal markets will continue to thrive (and to behave like markets) even as law enforcement seeks to crack down on the. (Both the cops and the criminals will enjoy some success.)