Quantum computing: The next WannaCry-like episode? Special

Posted Dec 3, 2020 by Tim Sandle
2020 was an unprecedented year in many ways, but the spike in cyberattacks that we saw during the pandemic has changed the security landscape forever, says Gaurav Banga of Balbix. What does 2021 have in store?
File photo: Microsoft is developing both quantum computing hardware and software.
File photo: Microsoft is developing both quantum computing hardware and software.
Microsoft / Business Insider
With bad actors exploiting vulnerabilities from the remote workforce, to taking advantage of the populations fear and anxiety around COVID-19, security professionals must be prepared for whatever additional threats 2021 will bring. To gain an insight into 2021 cybersecurity predictions, Digital Journal caught up with Gaurav Banga, CEO and founder of Balbix.
Digital Journal: Will 2021 reveal “The Great InfoSec Divide”?
Gaurav Banga: Due to 2020’s disruptions, the gap between cybersecurity-mature organizations and security unready organizations will widen significantly and become a major competitive disadvantage factor.
Cybersecurity-mature companies are those that have made already made investments to prevent cyberattacks before they happen. On the other hand, security unready organizations have yet to implement proactive security controls and practices and as a result can only respond to breaches after they happen. In 2020, many security unready organizations pushed out critical projects to enhance cybersecurity posture visibility due to budget squeezes.
The primary consequence of being on the wrong side of The Great InfoSec Divide is that it makes it more difficult to secure new customers and retain existing ones. Your customers worry if you can keep their data safe. At the macro-level, The Great InfoSec Divide will slow innovation, as startups and smaller faster innovating companies will struggle to gain customer trust. We will see the reemergence of the phrase “No one ever got fired from hiring Microsoft,” but for cybersecurity reasons.
DJ: Can we expect deeply personalized phishing attacks?
Banga: In 2021, we expect to see an increase in personalized phishing attacks. Bad actors will use AI and automation at a large scale to collect information about you from social media and dark web sources, and craft very believable “lure” messages. For example, you may receive a fake Google Drive invitation from a colleague. Clicking on this link might prompt you to download a plug-in, which can be ransomware.
Businesses will need to train their employees to recognize personalized phishing attacks. Some attacks will succeed despite all our efforts. Therefore, it will also be critical for enterprise cybersecurity teams to invest in backup technologies such as two-factor authentication and adaptive trust to minimize successful phishing attacks. Think layered defenses.
DJ: Does the expansion of IoT mean an increase in hacking?
Banga:More IoT devices mean more attack surfaces. While IoT adoption provides better living and working experiences for people across all walks of life, attackers see them as easy pickings to perpetrate attacks.
In 2021, expect to hear about a jaw dropping data breach of consumer information due to poorly secured smart devices associated with some fast-growing or well-known company. Due to the nature of personalized data that IoTs have access to, this incident will make the Equifax breach look like some minor event.
DJ: Will quantum computing become the next WannaCry for malicious actors?
Banga:Quantum computing is likely to become practical soon, with the capability to break many encryption algorithms. Organizations should plan to upgrade to TLS 1.3 and quantum-safe cryptographic ciphers soon. Big Tech vendors Google and Microsoft will make updates to web browsers, but the server-side is for your organization to review and change. Kick off a Y2K like project to identify and fix your organizations encryption before it is too late.