2020 - The year which no one would like to remember on a positive note. Every human being on the planet has a direct or indirect impact due to COVID-19. 2020 is now over, but we will continue to feel its impact in 2021, as our day-to-day life be it personal or professional will be profoundly influenced by the risk and challenging events of the past year.
Unprecedented changes in how we work, play, and connect aren’t going away anytime soon. Work from home is completely normal and remain to stay for a long time, virtual malls and shops will continue to serve you which will infuse more digital transactions, drawing rooms would continue to be used as a virtual classroom by teachers and students and stream much of our entertainment, to varying degrees. So, increased reliance on technology in our life has made a tremendous change in everyone’s lifestyle and possibly continue to increase further. But what changes will last? How will we live when it's all over? Apart from many other areas, the following would be major areas to watch in 2021.
Risk of a pandemic continues to dominate our daily life
With the rollout of multiple vaccines for Covid-19 in December 2020, the control of the pandemic has begun. However, production and distribution and actual vaccination among 1.3 billion population would be a major task and it will take a considerable amount of time until everyone is vaccinated. Therefore, the risk of the pandemic will continue for a little longer time and social distance, precautionary measures, work from home, etc. will not go away so soon.
Technology resiliency would be a systemic risk
Covid-19 has changed the need for our life heavily. Along with Roti, Kapda and Makan, (Food, clothes, and shelter) Bandwidth has become a basic necessity for the livelihood of us in today’s time. Our reliance on technology has never been seen before and surely going to increase rapidly be it for business, academia, personal life, etc. It may not be wrong to state that we at no point of return in terms of usage of technology in our life.
The nature of the digital systems we have created in current time represents a significant evolution as our dependency on digital systems all of a sudden has gone beyond imagination in the last few months. As a result of that, our Cyberspace has grown rapidly, as new users, new devices, networks, services, and data usage suddenly entered this space. This brings changes in the scale not only of networks but also of data volumes, storage capacity, processing systems has created huge pressure on the existing infrastructure. We have seen an increasing level of the interconnectivity of systems and interdependence of actors across cyberspace, organizations, and supply chains.
However, this brings different risks altogether which we haven’t experienced so far. Remember the electricity outage in Mumbai a few months ago? Assume something similar happen with the digital network and there is no connectivity available for days? The damage may cause would be phenomenal. Loss of connectivity means loss of business and loss of opportunity. Therefore, resilient technology would be one of the critical strategies and a success factor for anyone. The government may require to take some precautionary steps to ensure that Telcos, ISPs are adequately equipped to ensure uninterrupted connectivity. It can be declared as an essential service across the nation considering a crucial role in today’s time.
Cyber-attack will rise by leaps and bounds
Working from home has become a critical weapon in our fight against COVID-19. However, remote working has also provided a great opportunity for cybercriminals. In 2021, we can expect cybercriminals to define their attack strategies focusing on the “work-from-home economy”. Less secured home machines will become very easy targets, and, in turn, these easily compromised machines will become the pivot point to allowing advanced persistent attacks. As a result, there would a continued decline in the use of VPN technology as a trusted extension of the corporate network, and cybersecurity technologies will continue to move away from the edge and network applications into endpoint protection.
Post COVID-19, Cyberspace has dramatically increased so it gives a bigger playground for fraudsters to play. This makes it very difficult to deal with new cybersecurity threats. During the pandemic time, the number of targeted ransomware attacks has at least doubled worldwide and India is one of the most targeted countries in terms of a ransomware attack. Most of the cybercriminals are motivated by money, therefore, ransomware cases will continue to rise. These complex attacks would be the main threat to critical infrastructure, supply chain, financial institutions, and the pharma industry.
While lockdown has created more vulnerable cyberspace due to rapid expansion, criminals are more organized, equipped, creative, capable, and opportunistic, so they will carry on expanding their attack strategy of ransomware techniques. Ransomware attacks will include not just a demand for organizations to pay a ransom, but threats of data being exfiltrated and leaked. These double-threat attacks will reduce the effectiveness of disaster recovery and business continuity for protection against ransomware.
Organizations may require to take a serious look at taking action to adopt zero trust model, consolidate cybersecurity operations, deploy new prevention technologies, and rethink their approach to risk and regulation.
Regulatory changes and stricter compliance norms
The government is putting a lot of emphasis on implementing a robust and enhanced cyber policy for the citizens and businesses. The revised cybersecurity policy will be announced by the government in 2021. It would be a very timely action considering increased cyber threats which will provide a cybersecurity roadmap to address the gaps and provide us with a strong framework to handle cyber issues.
It is highly expected that the policy would address the large issue to protect information and the critical information infrastructure in cyberspace, build integrated capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes and technology through well-defined governance framework.
With the increased threat of cybercrime and continuous expansion of digital workspace, stronger policy decisions by the government and regulators are highly expected to strengthen the control and compliance framework. Reserve Bank of India has come out with various regulations and controls during this pandemic time namely customer-driven controls for credit or debit card usage, fraud repository, positive pay for cheque, online dispute management, etc. However, effective implementation of those controls would be a key success factor and therefore, 2021 would be a year of compliance to the regulations and further strengthening those controls.
Data privacy and data protection - new risk to manage
The proposed Personal Data Protection Bill has been impacted by COVID-19 and it seems will be delayed further due to the Parliament session is uncertain at present. Meanwhile, home-grown vaccines and other foreign vaccines are almost ready to roll-out. India will run the largest vaccination in the world and for that, the largest data collection and processing of the same would play a major role in it. This would require the deployment of technology to manage data collection, logistics, mobile applications, and other activities that might lack the ‘security and privacy by design’ philosophy. This deviation will likely be the cause of large-scale privacy breaches putting citizens and their data at risk.
In addition to this, as the pandemic triggered a spike in online banking, we can expect a rise in phishing, spoofing, and impersonation attacks on consumers and businesses. In the name of vaccination, fraudsters have started calling people to provide all personal and bank data to enrol for early vaccination. Even in some cases, they are asking for Aadhaar related information and needless to mention, in the want of having early vaccination, people are giving away all such information and eventually they lose their money in such frauds.
In this vulnerable cyberspace, there is nothing called fully secured and hence it is not possible to prevent everything. The Défense in depth is the best way to identify such risks at the early stage and contain it to prevent further damage. A layered security approach, continuous monitoring of IT infrastructure, zero trusts, stricter risk, and compliance framework, and very effective awareness programs would be useful to manage such risks.