The haphazard work-from-home (WFH) implementations following the worldwide shelter-in-place orders became the breeding ground for cyberattacks. Cybercriminals banked on the negligence of over-burdened and somewhat bewildered IT teams. Consequently, by the end of June 2020, the number of breach attempts for the year had already surpassed the entirety of 2019. 2020 also witnessed cyberattacks causing ramifications beyond financial and reputational loss. The ransomware attack that accidentally shut down emergency operations at the Duesseldorf University Hospital allegedly took a patient’s life.
Given the new landscape and the evolving nature of cyber exploits, here are a few cybersecurity trends to look out for in 2021:
1. Endpoint security is paramount
The massive shift towards WFH, powered by cloud technologies, has left IT security teams with virtually unlimited endpoints to manage and secure. Then there’s the lack of cybersecurity awareness and training, causing endpoint devices to become a preferred attack vector for cybercriminals. Insufficient security for personal devices, unsecure network connections and sharing critical data through unsafe channels have all contributed to more data breaches in the era of remote working.
Businesses are deciding to stay remote, or at least flexible, even after COVID-19 abates. As the lines blur between personal and work devices, perimeter security has become gravely insufficient. Consequently, 2021 will witness a spike in the demand for endpoint security solutions and platforms.
2. Spending on cloud data protection increases
The pandemic pushed businesses to expedite their cloud transformation journeys. Amidst all the chaos, ransomware attacks were continuously on the rise. That, and the new privacy rules and regulatory compliance requirements, mandate data protection and monitoring in the cloud. Business leadership will be re-evaluating and improvising their security strategies and technologies to adapt to the new operational models.
Given the circumstances, cloud security will be driving an overall increase in cybersecurity budgets. IDG’s fourth annual Security Priorities Study has identified authentication, cloud data protection and cloud security solutions as the key areas for security spending. A growing trend will be investing in cloud security posture management (CSPM) solutions for comprehensive cloud security management and monitoring.
3. The cybersecurity skills gap widens
Machine learning and automation have come a long way in meeting skills shortages across industries. However, if you think automation alone is enough to secure your remote workforce and network infrastructure, think again.
Next-generation firewalls and security monitoring tools are only as effective as the security experts handling them. Most corporations and businesses are already looking to expand their security teams. The competition for acquiring the industry-leading talent for protecting data and educating employees will force businesses to reconsider their work environments. As the demand for cybersecurity professionals goes up, companies will be focusing on their talent retention strategies.
4. Updating business continuity plans becomes a priority
A Business Continuity Plan (BCP) outlines the strategies and instructions for ensuring that critical business functions remain operational during unexpected disruptions. Before 2020, BCPs mainly focused on minor or short-term disruptions such as connectivity issues, a power outage or a natural catastrophe. The possibility of a pandemic shutting down physical offices for months on end never occurred to most. Most companies didn’t have a schedule for frequently revisiting and updating the BCP. As a result, their BCPs failed to ensure continuity and swift recovery when the time came. Now that we’ve learned our lessons from the COVID-19 crisis, companies will be updating their BCPs at least biannually and whenever major changes in business operations are introduced.
5. State-sponsored actors threaten enterprises
State-sponsored actors have unmatched skills and effectively unlimited resources at their disposal. This is why state-sponsored attacks have been some of the most sophisticated and devastating cyberattacks to date. Typically they’re launched against nation-states, but it’s not unusual for companies to be caught in the crossfire. Remember how NotPetya launched against Ukraine brought Maersk to its knees? Cyberwarfare knows no national boundaries, and the potential consequences haunt security experts. Business and security leaders will be directing their efforts towards forming strategies, adopting tools and following best practices to protect against advanced state-sponsored attacks.
Entering 2021, the above are some of the cybersecurity trends that senior managers and executives must keep in mind. Initiatives as simple as conducting employee security awareness training can considerably improve a company’s cybersecurity posture. User education will be your strongest defense against automated spear-phishing and other social engineering tactics. Not to mention, keeping your systems updated and patched is crucial. Invest in AI-based technologies and automate where you can to detect and avoid misconfigurations. Finally, ensure that your security stack is capable of combating emerging threats.
Acquiring qualified security professionals is hard and expensive. It could be a good idea to hire a managed security service provider (MSSP), but make sure they’re qualified and trained to identify and mitigate security risks. With the right strategies, tools and expertise, your business will be able to thrive regardless of the challenges that 2021 brings.