Predictions for 2021, with late notes on the holidays
Kaspersky shared predictions with TechRepublic that the security firm thinks will have particular importance for the healthcare sector in 2021. The researchers believe attacks against developers of COVID-19 vaccines and treatments will continue, with theft of data on breakthroughs being at a premium. They see “health-related cyberattacks” as a probable geopolitical “bargaining chip,” with attribution a matter of diplomatic contention.
In an unrelated statement, CNBC quotes former CISA Director Krebs to the effect that the familiar four—Russia, China, Iran, and North Korea—are actively engaged in industrial espionage aimed at developments in COVID-19 research. “The big four, Russia, China, Iran and North Korea we have seen to some extent all four of those countries doing some kind of espionage or spying, trying to get intellectual property related to the vaccine,” Krebs said yesterday on Face the Nation. Thus in this respect 2021 will witness a continuation of a trend already well-established in 2020.
To return to Kaspersky's predictions, the security firm also sees cybercriminals as a growing threat to the healthcare sector. Criminals can also be expected to pursue private medical organizations: they not only hold valuable data, but they may be less able to protect it than are better-resourced public healthcare organizations. As patient data migrates to the cloud, Kaspersky expects criminals to follow. And, of course, medical topics will retain their prominence as phishbait.
Writing in Help Net Security, Futurex offers its take on the near future of encryption. Like every other seer we’ve consulted, they foretell a greater role for the cloud, as cloud-based encryption and key management become more important to financial services in particular. Homomorphic encryption, which encrypts data in use, will see more widespread adoption, as will bring-your-own-encryption (BYOE). BYOE is seen as offering a hedge against certain forms of third-party risk, especially legal and regulatory risk. And device manufacturers will increasingly move toward “crypto agility,” the better to be prepared for quantum computing when it eventually arrives.
Looking ahead to the next US Administration, the Washington Post's Cyber 202 lays out the case for significant continuity in cybersecurity policy. The discontinuities are likely to be largely organizational.
With respect to online safety during the holidays, Specops Software emailed us their updated list of the fifteen most common (and most commonly exposed in breaches) holiday-themed passwords. They are, in order, "Star," "Angel," "God," "Elf," "Jesus," "Snow," "Carol," "Noel," "Santa," "Chocolate," "Gift," "Bells," "December," "Xmas," and "Jolly." Piety, affection, and happiness are all excellent, but their expression in credentials is probably a mistake. They're short, they're not random, and they're easily guessed, even by a soulless algorithm.