2020 “broke all records when it came to data lost in breaches and sheer numbers of cyber attacks on companies, government, and individuals,” Forbes notes. Yet, attacks are still rising in 2021.
Incident response (IR) products and services protect our organizations and help us to limit the damage during a cyber attack and then recover from the effects.
The five incident response trends to watch in 2021 reflect the changing scope of attacks, increasing requirements, and how the market is responding to challenges:
Some IT managers cling to the security model defined by firewalls, networks, servers, and personal computers. Unfortunately, that model no longer characterizes the average network in the modern workplace, and the scope of where, what, and who attackers will target continues to expand.
The arrival of the COVID-19 pandemic converted entire organizations to remote work entities, with many employees dialing into the secure corporate environment on mobile devices. A surge of attacks followed. Barracuda Networks reports a 667% increase in malicious phishing emails during the pandemic. Reports and Data notes that a minimum of one in eight leading corporations experience security breaches through social media, further highlighting another vulnerability with remote workers.
Many non-computer devices also present an enticing target for attacks. Reports and Data cites a 300% increase in cyber attacks on Internet of Things (IoT) devices, such as printers, televisions, phones, security cameras, and a wide variety of medical equipment. The arrival of 5G-enabled devices in factories and logistics chains should further increase the attack surface by “tens of billions of devices,” according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Outside of the corporate firewall, IndustryArc highlights how the “rising dependency” of organizations of all sizes on web technologies forces them to face issues related to cybersecurity, such as websites, web applications, or critical web services running in the cloud.
Each of these devices provides a possible entry point for an attacker looking for a weakness to exploit, expanding the where and what.
The selected target of an attack also continues to expand. Ransomware proved to be lucrative, or at least disruptive, against targets of all sizes, including in hospitals, municipalities, and schools:
While attacks in general have become more sophisticated, state-backed attacks continue to drive incident response with high-profile, highly sophisticated attacks.
In a recent report, researchers found a 100% rise in significant state incidents between 2017-2020, with attacks against enterprises becoming the most common target.
Attacking commercial targets provides hostile states with both political and financial gain. Plus, using semi-independent attackers provides some deniability, even if experts continue to assign attribution to a state actor.
For example, Mordor Intelligence acknowledges that India has been one of the most prominent victims of cyber attacks, due to its relationship with the largest source of state-run actors, China. As of March 2021, 30% of global cyber attacks originated from China.
The Center for Strategic and International Studies (CSIS), maintains a list of significant Cyber Incidents since 2006. Here are a couple of the largest that made headlines:
Other countries believed to be associated with state-sponsored hacks include Belarus, Iran, Israel, the U.S., and Vietnam.
Few organizations have the resources to defend against a foreign government, but many attacks, such as the Microsoft Exchange server hacks, have been attacks of opportunity on poorly maintained infrastructure. The IR market will continue to grow in response to the more aggressive nation-sponsored attacks and the lackluster preparation of many victims.
The U.S. federal government has yet to pass encompassing legislation regarding cybersecurity, but many laws punish companies for breaches, such as:
Private organizations, such as the payment card industry (PCI), can also levy fines for data breaches that expose data such as credit card information.
Mordor Intelligence notes that increasingly “stringent government regulations and compliance requirements by enterprises” will be a significant factor in driving growth in the IR market. Meanwhile, not only are premiums for cyber-insurance policies increasing, many insurers have begun to specify what security needs to be in place and what IR vendors an organization may use.
Organizations will need to increasingly involve their insurers and legal counsel as part of the team to select IR providers and to ensure that the work product (evidence collected, reports produced, etc.) meets the needs of increasingly complex and overlapping regulations.
Organizations may prefer to maintain in-house capabilities, but they’re finding it increasingly difficult to do so. Varonis notes that 74% of respondents to the ESG/ISSA research report said that their firms are being affected by the shortage of skilled cybersecurity talent.
The shortage of talent leads to higher costs and retention difficulty for those attempting to maintain a full team of experts. Instead, most organizations rely upon outsourcing to service providers.
Mordor Intelligence details the wide variety of incident response capabilities sought by organizations, such as breach investigation, forensic services, handling chain of custody, and examination and analysis of applications, data, networks, and endpoint systems.
Verified Market Research notes key benefits with the adoption of incident response solutions: respond to an incident more efficiently; optimize IT employees’ productivity; protect sensitive data and applications; and meet stringent regulations.
Increasing cybersecurity demands and talent shortages continue to be addressed through advancements in incident response tools. Existing tools may expand coverage or new tools may be developed to encompass the increasing device landscape of mobile devices, IoT, operational technology (OT), cloud computing, and container technology.
Computer-aided assistance also leverages machine learning (ML) and artificial intelligence (AI) algorithms. The SANS Institute cites a Ponemon Institute study that reveals 49% of security professionals found that machine learning enhances their ability to prioritize threats and vulnerabilities and 47% said it increases the productivity of security personnel.
Similarly, LogsTail notes that use cases involve AI techniques that can help security professionals recognize patterns in the vast amount of log file data that machines are producing and reduce the time compared to human review.
Unknown events may not permit automated response. However, computer algorithms will be able to quickly separate these events from the mundane and escalate them for human review.
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.
