What Are Your Cybersecurity Predictions for 2021?

I suspect something along the lines of the solarwinds hack, but even larger.

On an unrelated note, if 2020 has taught me anything... it's to truly limit informational exposure into the modern world of computing.


I am considering getting a new bank account at a bank I've not done business with before, savings account at least, to hold some portion of my emergency fund. The possibility of your main bank account getting compromised is pretty real these days, I had it happen once before. Took two months to resolve. It's a rather large pain to have most of your money locked behind a frozen bank account that long.

Have also been considering getting my cell phone number possibly changed. It's very likely been "compromised" in terms of data being leaked or sold.
 
I have always thought that one is NEVER secure while connected to the internet. I have always thought that security companies should have a rule: toolsets are NEVER in a server that can connect to the internet. This way any sabotage (Beastie Boys 1994 -
) of the toolset has to be an inside job. Of course the tools need to be tested on the net, that doesn't mean they need to reside there. I would think that security companies would be more paranoid...
 
Do It All Computers said:
I have always thought that one is NEVER secure while connected to the internet.
Click to expand...

And the corollary, which has been demonstrated many times, is nothing "on the internet/in the cloud/accessible via the internet" is secure or private. The only thing that comes close, currently, are encrypted files stored in the cloud, but preventing access to where they reside can never be guaranteed. You can make the content pretty effectively private, but you can't guarantee it won't be grabbed.

Unless you air-gap something, there is always the distinct possibility that someone, somewhere, with sufficient motivation (which can, at times, be nothing more than grins and bragging rights) is going to find a way in.

History keeps repeating itself.
 
britechguy said:
And the corollary, which has been demonstrated many times, is nothing "on the internet/in the cloud/accessible via the internet" is secure or private. The only thing that comes close, currently, are encrypted files stored in the cloud, but preventing access to where they reside can never be guaranteed. You can make the content pretty effectively private, but you can't guarantee it won't be grabbed.

Unless you air-gap something, there is always the distinct possibility that someone, somewhere, with sufficient motivation (which can, at times, be nothing more than grins and bragging rights) is going to find a way in.

History keeps repeating itself.
Click to expand...
Agreed
 
britechguy said:
Unless you air-gap something, there is always the distinct possibility that someone, somewhere, with sufficient motivation (which can, at times, be nothing more than grins and bragging rights) is going to find a way in.
Click to expand...

You think airgapping makes your stuff safe? You sweet Summer child...

security.png

(This is https://xkcd.com/538/, just in case there's anyone who hasn't seen it before.)
 
Computer Bloke said:
You think airgapping makes your stuff safe? You sweet Summer child...

View attachment 12504

(This is https://xkcd.com/538/, just in case there's anyone who hasn't seen it before.)
Click to expand...

Darlin', if you ain't got physical security, you ain't got security, period (for anything, including oneself). And if you were to put yourself in the position where you could be drugged and hit with a $5 wrench, well . . .

Someone else said, on another thread, that paper that no one has access to other than the person who is supposed to is the ultimate in security. I think a computer, even completely unencrypted, that has no connection to cyberspace whatsoever, and can only be accessed by those who have real need to, is a pretty close second. You can't "break in from outside" when the way the outside comes in on a computer is nowhere to be found.
 
britechguy said:
And if you were to put yourself in the position where you could be drugged and hit with a $5 wrench, well . . .
Click to expand...
I'm intrigued. How are you managing to run a business in, presumably, the real world without being in a position where you can be drugged and hit with a $5 wrench?

I'm not saying it's likely, just that it's possible. We know where you live* and we know that you have access to some of your clients' passwords; that makes you a target, albeit not a particularly attractive one.

This, incidentally, is why I've twice shouted at clients when they tried to tell me their bank passwords. Two people can only keep a secret if one of them is dead.


*In case it's not completely clear, this is NOT a threat. Just an example.
 
Last edited:
Computer Bloke said:
I'm intrigued. How are you managing to run a business in, presumably, the real world without being in a position where you can be drugged and hit with a $5 wrench?

I'm not saying it's likely, just that it's possible.
Click to expand...

And this comes back to my oft-repeated statement on risk assessment: I'm interested in preventing the reasonably probable, not every remotely possible situation.

And, I can say with at least reasonable confidence, that I am virtually never in a position where I can be drugged and hit with a $5 wrench. Being reasonably aware of one's surroundings, including what people, if any, are there (or probably there) already makes the drugged and beaten thing unlikely. Not impossible, but very unlikely. Certainly not worth considering as a viable day-to-day risk factor. [Now if my client were, say, some ultra-rich individual . . .]
 
Computer Bloke said:
I'm intrigued. How are you managing to run a business in, presumably, the real world without being in a position where you can be drugged and hit with a $5 wrench?

I'm not saying it's likely, just that it's possible.
Click to expand...

And this comes back to my oft-repeated statement on risk assessment: I'm interested in preventing the reasonably probable, not every remotely possible situation.

And, I can say with at least reasonable confidence, that I am virtually never in a position where I can be drugged and hit with a $5 wrench. Being reasonably aware of one's surroundings, including what people, if any, are there (or probably there) already makes the drugged and beaten thing unlikely. Not impossible, but very unlikely. Certainly not worth considering as a viable day-to-day risk factor. [Now if my client were, say, some ultra-rich individual . . .
 
Computer Bloke said:
I'm intrigued. How are you managing to run a business in, presumably, the real world without being in a position where you can be drugged and hit with a $5 wrench?

I'm not saying it's likely, just that it's possible. We know where you live* and we know that you have access to some of your clients' passwords; that makes you a target, albeit not a particularly attractive one.

This, incidentally, is why I've twice shouted at clients when they tried to tell me their bank passwords. Two people can only keep a secret if one of them is dead.


*In case it's not completely clear, this is NOT a threat. Just an example.
Click to expand...
I always assure my clients that their password is safe with me because in 2 minutes I will have forgotten it.
 
britechguy said:
And the corollary, which has been demonstrated many times, is nothing "on the internet/in the cloud/accessible via the internet" is secure or private. The only thing that comes close, currently, are encrypted files stored in the cloud, but preventing access to where they reside can never be guaranteed. You can make the content pretty effectively private, but you can't guarantee it won't be grabbed.

Unless you air-gap something, there is always the distinct possibility that someone, somewhere, with sufficient motivation (which can, at times, be nothing more than grins and bragging rights) is going to find a way in.

History keeps repeating itself.
Click to expand...
Even air-gapped are vunerable to Tempest snooping :(
 
YeOldeStonecat said:
All bets are off after the recent FireEye breach. Gonna be a nasty year. Bad guys will have tools that'll cut through defenses like a hot knife through butter! Time to change careers!
Click to expand...

Just wanted to spotlight what I said last December.....by following up with this link that was published May 18th, 2021 (basically just 3x weeks ago from this post right here)

Nearly 40 defense companies were impacted in SolarWinds breach

Thirty-seven companies reported being involved in the SolarWinds hack, a reminder of one of DOD's biggest cyber weaknesses.
www.fedscoop.com www.fedscoop.com

37 defense industries so far this year reported being breached by resources from the fireeye theft....
 
My predictions, half way through the year?

Business owners will continue to make stupid decisions enabling well meaning but ignorant employees to take out their entire workplace with a single misclick. This will then force business owners to negotiate with terrorists, which perpetuates the cycle.

There will be buckets of money to be made selling snake oil, because there really isn't a cure for this stuff. Though there are tremendous benefits in having cloud based, versioned storage some entities will make use of to not have to negotiate with terrorists. And in the mix guys like us will be running ragged reformatting entire enterprises because you can't trust a thing once the bomb goes off.

In other words... Exactly the same as it's been for the last... forever? But the current risks specifically 3 years or so?

P.S. Home users will continue to remain blissfully ignorant of the risk, assuming they're immune because "it'll never happen to them". And they'll continue to do things poorly and lose everything when something blows up. And we'll be explaining to everyone newlywed to grandma why their wedding photos are gone.
 
Last edited:
You must log in or register to reply here.

Similar threads

britechguy
Suggestions for a revised "Storage Topography" for a client
2
Replies
33
Views
2K
YeOldeStonecat
YeOldeStonecat
B
Microsoft Business 365 Question (Sharepoint / Onedrive / Teams)
Replies
17
Views
1K
brandonkick
B
HCHTech
Server service won't start, dependency service does not exist or has been marked for deletion
Replies
7
Views
6K
Philippe
Philippe
NETWizz
Going to be quitting Computer Networking
2
Replies
29
Views
4K
britechguy
britechguy
Porthos
Announcing Malwarebytes 4.0 for Windows
Replies
15
Views
1K
MDD1963
M
Back
Top