Predictions for 2021
There's a great deal of agreement among security companies about what 2021 is likely to hold.
COVID chum and, maybe, deepfakes for real.
Avast is among the firms who've just published predictions, and like most others, they see the COVID-19 pandemic as driving more attacks on home offices and filling cyberspace with more virus-themed chum. (This social engineering technique is already in use: Intezer this morning reported that the GRU is using COVID-19 phishbait to distribute Zebrocy malware.) Vaccination scams should be especially prominent as effective vaccines enter distribution, and there will be no shortage of fraudulent medical offers. And since valuable data draw not only espionage but also various forms of denial-of-availability, pharmaceutical and medical organizations will continue to be targets of both criminals and nation-states.
We've been warned against deepfakes for a long time, but Avast thinks they'll finally show up, with significant effect, in disinformation campaigns during 2021. The technology has advanced sufficiently to render them potentially effective. The other technical advance Avast expects to see in the coming year is with respect to automation. The firm is more circumspect than many others have been about AI proper, pointing out that "there has yet to be evidence of AI-based threats circulating in the wild." But they do think that growing datasets and knowledge bases will enable some hybrid threats to emerge.
And, of course, both adware and stalkerware "will keep on thriving."
Since the near future seems likely to resemble the recent past (only moreso), a look at Akamai's review of 2020, released this morning, may be instructive.
The coming shape of the labor market.
The near- and long-term shift to remote work is changing the sorts of skill sets employers are looking for in cybersecurity personnel. Among a list of such skills listed by Threatpost is familiarity with securing SaaS apps.
Some career advice to consider during 2021 appears in TechTarget's SearchSecurity: professional certifications to take a look at. They include: CompTIA Security+; (ISC)2 Certified Information Systems Security Professional (CISSP); (ISC)2 HealthCare Information Security and Privacy Practitioner (HCISPP); ISACA Certified Information Security Manager (CISM); EC-Council Certified Ethical Hacker (CEH); EC-Council CEH (Practical); CompTIA PenTest+; Offensive Security Certified Professional (OSCP); Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge (CCSK); and, finally, various "vendor-specific security certifications."