Social Engineering Attacks:
Verizon’s Data Breach Investigations Report for 2020 says that social engineering is a top attack vector and this trend will probably continue for 2021 but in a better and sophisticated way. For example, attackers scamming people by asking their detail like email, card numbers, etc for free Covid testing kits.
Cybercriminals will be focusing on Remote Workers and Network Attacks:
Social Distancing can slow down virus but not hackers. In 2021, it's highly probable that attackers will focus on WFH (Work From Home) employees and people using minimal security defenses. Phishing, including by email, voice, text, instant messaging, and even third-party applications targeting WFH employees will be high.
Slow Economy leading to a reduced budget will result in compromising cybersecurity :
As the U.S economy fell from $779 billion at the end of 2018 to $2.8 trillion as of July 2020 their spending on IT and tech investment with a 10% decrease in 2020also decreased After years of accelerating, IT spending decreased nearly 10% in 2020. This will probably continue in the next year and companies will look for a more convergent cybersecurity solution where one company can provide the whole security solution like McAfee or Microsoft. Secure access service edge (SASE) platforms will gain a foot over disjointed products as companies will look for cost-cutting measures.
Attackers relying on Machine Learning:
Beyondtrust.com makes an interesting prediction that could viably come true with the rapid evolution in attack ways used by hackers and they predict that threat actors will use machine learning to discover vulnerabilities and gaps in security as well as evade security defenses. "ML engines will be trained with data from successful attacks. This will allow the ML to identify patterns in the defenses to quickly pinpoint vulnerabilities that have been found in similar systems/environments. This approach will allow attackers to zero in on entry points in environments far more quickly and stealthily as they will be targeting fewer vulnerabilities with each attack, evading tools that need a volume of activity to identify wrongdoing."