The Top Technology and Business-related Cybersecurity Trends for 2021

The last 14 months have been interesting and unprecedented to say the least.  While many of us have been adjusting to the new paradigms personally and professionally, hackers and cybercriminals have never had it this good. Millions of people are now at home and remotely accessing work resources through myriad – and often clunky – security solutions over public and private networks.  Countless businesses are also embracing more digital solutions and trying to find the balance between customer experience and cybersecurity. All of that has led threat actors, many of whom are state sponsored, to find increasingly sophisticated ways to break into company networks and steal mission-critical information. With the trojaned SolarWinds attack, or the Colonial Pipeline ransomware, it’s not just businesses that are getting hit – government departments and critical infrastructure like utilities and health care are at greater risk as well.

A recent study from the Insurance Bureau of Canada found that 99% of Canadian businesses surveyed reported an increase in cyber attacks during the pandemic. The number of data breaches is on the rise, too, with security firm Risk Based Security reporting that the volume of records compromised in 2020 grew by 141% year over year, to 37 billion in 2020 from around 15 billion in 2019.

The good news? With new threats come opportunities for innovation, many of which will be discussed at the RSA Conference 2021 taking place virtually between May 17 and 22. Following the conference, BMO’s half-day Cybersecurity Summit on May 25^th  will touch on the many game-changing cyber-fighting and identity-protecting technologies coming to market, and how businesses are consolidating at a rapid pace to take advantage of scale and new markets.

As we go through this year’s RSA conference, here are three major trends impacting the cybersecurity sector.

1. Business and Personal Technologies Merging

When COVID-19 hit, businesses and organizations had mere days or weeks to switch to remote work. With work-from-home now commonplace, many employees are using their own home Internet networks, devices and out-of-the-box software. Microsoft Teams, for example, saw a massive jump in usage, going to 4.1 billion meeting minutes per day from 900 million in just one month, while Zoom exploded to more than 300 million daily users a month from 10 million after the pandemic began.

While these tools have helped make the transition to at-home work seamless, the merging of personal and business tech has also increased many companies’ vulnerability to attacks. As well, with clunky VPN tools used to log onto private networks via the public internet, data leakage and malware incidents have been on the rise. Internet of Things (IoT) devices, such as voice-activated assistants, smart thermostats and other Internet-connected gadgets, are becoming a huge security and privacy concern, too.

Many of these devices come with more basic security protections – and people also tend to forget to update patches – which then gives hackers easy access to home networks that are now being used to access company networks. IoT attacks are climbing, and the pandemic has made it easier than ever for this to happen.

Even company-sanctioned software can be vulnerable if not properly secured, as the victims of  “Zoom bombers” – malicious actors looking to hijack company video meetings to pull pranks or steal sensitive information – learned early on in the pandemic. With remote work continuing post-pandemic – BMO expects 50% of the workforce will likely stay at home – companies need to look at how they’re securing their employees’ access to their networks.

We’re turning an eye toward our own security, too. For instance, we’re looking at technologies that can make it seamless for our people to log in into their systems without passwords, which companies can use to help protect sensitive information and enhance productivity.

2. Protecting Mission-Critical Infrastructure

As cybersecurity breaches increase, so does the need to protect government agencies and mission-critical infrastructure – both of which are vital to the security and public safety of entire countries. Last year’s attack on SolarWinds, a large U.S.-based IT firm, underscored that need, when the sensitive data of 33,000 of its customers – including Fortune 500 companies, parts of the Pentagon, the Department of Homeland Security and other government entities – were exposed.

In March of this year, a Florida water treatment plant was breached, allowing malicious actors to alter the chemicals in the water to dangerous levels. On May 7, a ransomware attack in the U.S. shut down the county’s largest gasoline pipeline, Colonial Pipeline, threatening energy markets and critical gas and diesel supply to the East Coast.

These attacks not only potentially cost companies big money, they can also disrupt healthcare infrastructure. Hospitals, for instance, are often compromised by ransomware attacks, while network-connected equipment such as ventilators, oxygen concentrators and other medical devices, if not properly maintained and secured, can be breached, too.

According to a Scope Security report, healthcare security spending is increasing by an average of 21% year over year, but is still outpaced by the growth in spending on clinical technologies, which is expected to reach $172.5 billion by 2025. Demand for innovation has never been greater.

3. Tailwinds Behind Cybersecurity and Related Business Momentum

One constant refrain we’ve heard from corporate IT practitioners this year has been the need to keep pace with both the cyberthreat landscape and the associated budgets needed for security technologies. According to Gartner, the information security market is expected to have a five-year compound annual growth rate (CAGR) of 8% plus, and a global market value of $208 billion, by 2024. Increasing demand in areas such as cloud adoption and remote worker technologies, in combination with cost-saving measures that occurred in 2020 and implications from the SolarWinds attack, are serving as long-term drivers for public cloud security and other parts of the market. As the need for cybersecurity technology grows and the space evolves, so does the need from cybersecurity companies and vendors to be innovating and acquiring newer technologies to maintain their market leading positions. This year and last has seen a robust number of transactions in this space. According to Crunchbase, the cybersecurity sector saw more than $8.1 billion in investments globally in 2020, up from $7.4 billion in 2019. Many companies also consolidated, while others went public.

Telos, an enterprise security company that serves as the technology backbone for many security conscious enterprises, including public sector organizations and also consumers through its TSA-pre check at airports, is just one business that listed on the NASDAQ last year. BMO worked with the company on its IPO, while CEO John Wood will be a keynote speaker at BMO’s upcoming Cybersecurity Summit following the RSA Conference. The company is interesting because it has a way to authenticate whether you are who you say you are, if you have the right passport and that you’re not a bad actor who may create trouble. These are the kinds of innovative ideas we’ll continue to see going forward.

Going forward, market activity will remain robust. Why? Because the cyber security industry has a lot of tailwinds, while the threat landscape continues to quickly evolve. Growth will continue, which is what investors want.