The pandemic has dominated the news in 2020, overshadowing everything else. We’ve seen a rapid rise in remote working, a wave of pandemic-related scams and pressure to modernize IT while cutting costs. As the dust settles on a tumultuous year, it’s time to plan ahead.
IT departments were forced to accelerate their plans and roll out new processes and systems rapidly to support the new norm. Eighty-three percent of enterprises transformed their cybersecurity in 2020. In the year ahead, cybersecurity professionals must consolidate and secure this new landscape, ensuring the foundation is solid enough to build a profitable future upon.
As we look forward to putting 2020 behind us, here are some of the emerging technologies and rising trends set to dominate cybersecurity in 2021.
1. Securing The Remote Workforce
The slow shift toward remote working accelerated enormously in 2020 as offices closed, massively expanding the potential attack surface of most businesses. Inevitably, the use of virtual private networks (VPN) and remote desktop protocols soared, leading to a worrying 127% increase in exposed RDP endpoints, according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
In the scramble to maintain business continuity, security took a back seat. This needs to be addressed urgently in the coming year. 2021 will see businesses assessing their systems, analyzing what’s required for them to scale securely and reshaping infrastructure to support the remote workforce. Policies must be revisited and modernized. Leadership must send clear messages and maintain regular communications.
2. Managed Detection And Response
The faster a breach is identified and dealt with, the easier and cheaper it will be to fix. Disruption can be minimized if you act swiftly, but that requires a good managed-detection-and-response (MDR) service. By 2025, half of all organizations will use MDR services, according to Gartner. As more companies adopt MDR services, it’s important to ensure that they offer comprehensive monitoring around the clock, real-time alerts and swift responses.
MDR services should deliver the expertise that companies need to remediate, offering actionable advice alongside alerts, so that the root causes of breaches can be dealt with. They should also offer 24/7 support and be up to date on the latest compliance and regulatory requirements for relevant industries. MDR providers offering a tailored approach that can scale and adapt to different risk tolerances and budgets will be in high demand in 2021.
3. Zero Trust Security Model
With the rapid rise of the remote workforce, more devices than ever before are trying to access networks. Trust is a major issue, as attackers will often find a way in and then burrow deeper into networks by moving laterally. With a zero trust model, the whole process is simplified because you choose to never trust and always verify connections. By assuming hostility, it’s possible to prevent lateral movement, stopping an attacker who has bypassed the firewall, for example, from moving any further.
The beauty of zero trust is that it simplifies things for your IT teams, as they have fewer things to administer. Users are restricted to accessing only the applications and systems they need to do their jobs, signing in once to access available resources through an active directory. Users are authenticated before gaining access to your network, a process strengthened with MFA or identity and access management software.
4. Security Awareness Education And Training
The best defense in the world can quickly be rendered useless by human error or deliberate sabotage. Whether incompetent or malicious, insiders can enable attackers to bypass your security, and they frequently do. This past year, 30% of breaches involved internal actors, according to the 2020 Data Breach Investigations Report from Verizon.
Employees must be educated on how to recognize tricky phishing attempts and practice good security hygiene. Training should be continuous, and organizations need to take steps to measure its effectiveness. Ensure that executives are on board with training programs, that the necessary resources are allocated and that programs are compliant with relevant regulations. The goal is to transform employees from being your weakest link to being the company’s strongest asset.
5. Building A Secure Cloud Infrastructure
The cost and efficiency gain that cloud computing promises, coupled with its easy scalability, have ensured its ascendancy in the business world. However, organizations can’t afford to make assumptions about the security standards of cloud partners. Cloud services are a prime target for attackers. Companies need to take stock and compile a clear picture of how their cloud services fit together and where data resides.
Securing your company’s cloud infrastructure requires a holistic cybersecurity architecture that’s informed by threat scenarios, as a piecemeal approach to securing data and applications is sure to fail. Controls should take everything into account, from endpoints to access management to regulations. Build security checks into the infrastructure as it scales. Test for new vulnerabilities and assess fresh risks as they emerge.
MDR is a perfect response. Managed detection and response is a process whereby data is collected from every endpoint, cloud service and company affiliated network to build a holistic view of your organization enough to afford a means by which analysis can be conducted to root out anomalies, vulnerabilities or any underlying threat.
Though 2020 has been challenging, it accelerated many exciting trends in cybersecurity, and there’s an opportunity to consolidate and secure those changes in the year ahead.