Organisations in all industries, across the globe, changed forever this year.

These changes will alter the risk surface for every organisation in 2021 and beyond, forcing them to adopt new technologies and security strategies to keep pace, according to Forescout, a software company specialising in cybersecurity.

While the benefits of connected devices such as IT, operational technology (OT), Internet of Things (IoT), Industrial Internet of Things (IIoT) and the Internet of Medical Things (IoMT) can’t be denied, they are also creating additional challenges from a security point of view, the company says.

This is because they have vulnerabilities in their underlying transmission control protocol/internet protocol (TCP/IP) stacks.

These are the basic connectivity software components used in every connected device.

While a vulnerability in a single device will only affect that device, vulnerabilities in the TCP/IP stack can affect thousands or even millions of devices across many vendors and manufacturers.

“Organisations will be attacked through these devices in 2021,” says Rohan Langdon, country manager, Australia, New Zealand and Japan, Forescout.

“These attacks will potentially prevent organisations in the healthcare industry, for example, deliver patient care at a critical time.”

Organisations must rethink their cybersecurity strategies

Mr Langdon says the risk of an attack will continue to rise as more devices are added to networks.

Supply chain vulnerabilities will force organisations to rethink their cybersecurity strategies entirely, he says.

Businesses will have to adopt segmentation and zero trust principles, as maintaining good cybersecurity hygiene with patching IoT and OT devices becomes difficult or impossible.

“While 2020 saw the revelation of the weakness of these underlying TCP/IP stack components with disclosures like Ripple20, 2021 is the year these vulnerabilities will be exploited,” says Mr Langdon.

These are Forescout’s top four cybersecurity predictions for 2021:

1. 2021 will drive a new wave of investment in automation technology. Organisations will have to think about how they also apply automation to cybersecurity to ensure new systems are protected. Cybersecurity will have to be a key piece of the overall automation strategy for organisations in every industry.

2. In 2020, there were disclosures of supply chain vulnerabilities in the underlying TCP/IP stacks, which is the widely used commodity software and hardware underlying many IoT, IT and OT devices. These vulnerabilities are far-reaching, with a single flaw exposing many devices across many manufacturers and showed the underlying foundation of millions of connected devices around the world is inherently insecure. In 2021, we will see at least one attack leveraging this new category of vulnerabilities, highlighting the fact that there needs to be increased visibility into what components make up each connected device inside an organisation, as well as risk mitigation strategies to account for a growing number of vulnerable devices.

3. As the technology matures, 5G connected devices will see increased adoption across organisations in every industry. While 5G is marketed towards consumers because of the high speed that will be delivered for mobile phone use, many features of 5G promise significant technological advancements for corporate networks. Organisations everywhere will begin to have 5G connected devices in 2021. This is one of the many steps that will propel us into the next generation of networking, with next-generation technologies replacing local area networks and wide area networks and becoming the new version of Wi-Fi.

4. As remote work extends from being a temporary solution to the pandemic to one that companies embrace long-term, the implications of the new work-from-anywhere world will become clear. Home networks contain dozens of connected devices, from Wi-Fi coffee pots to personal laptops and tablets, to video baby monitors. As the perimeter of the office stretches to also include the home, we will see attackers begin to leverage weak consumer devices for enterprise attacks.

Mr Langdon says cybersecurity teams and leaders must be prepared with the appropriate strategies and technologies to address these threats in 2021, and beyond.