Against the backdrop of 2020, here’s a closer look at what we’re expecting to take shape in 2021 in the larger security arena and what threats, scams, and challenges businesses need to prepare for now.
Remote Workers Targeted
Every time there is a significant shift in the landscape, enterprising security criminals find ways to exploit them. Forrester estimates that we will see remote work rates in excess of 300 percent higher than pre-coronavirus. With the rapid mass adoption of remote work and the likelihood, that many organizations will continue working remotely in whole or in part over the coming months, remote workers are likely to be the target of increased attacks in 2021.
The rapid adoption of remote work came with tradeoffs, with 83 percent of CISOs saying they sacrificed some security standards to enable remote work on the scale this year demanded. We will need to secure what we call the “Next Normal” in 2021. Covid-19 will still be impacting our lives, businesses, and societies.
Following the rush to remote and flexible working, organizations need to better secure their new distributed networks and cloud deployments to keep their applications and data protected. This means enforcing and automating threat prevention at all points of the network – from employees’ mobiles and endpoints, to IoT devices, to clouds – to stop advanced attacks spreading rapidly across organizations, and exploiting weaknesses to breach sensitive data. Companies will need to adopt tighter work-from-home standards and implement a variety of solutions such as a virtual desktop infrastructure, encryption for home network management, and rolling out organizational and endpoint threat detection solutions to help strengthen cybersecurity protection.
Key Verticals Are in the Crosshairs
We must keep in mind that there is no cure for COVID–related exploits. There are a number of industry verticals with deep data resources that are coming under increasing attack — and a single breach or larger issue can have devastating financial consequences due to privacy regulations and other laws.
Healthcare organizations, financial services firms, education organizations, and companies that handle sensitive data must all be aware of the specific industry-level risks they may be facing. In particular, the big pharma companies developing vaccines will continue to be targeted by malicious attacks from criminals or nation-states looking to exploit this unique situation.
Plus, let’s not forget threat actors will continue to target remote learning. Schools and universities have pivoted to large-scale use of e-learning platforms, making them more vulnerable than ever. Though there are certainly precautions that can be put in place, there is no doubt attacks will continue to disrupt remote learning activities over the coming year.
Threat actors count on distracted medical teams to make security errors, for example, or overburdened and underfunded schools to leave critical pathways for cybercrime open when trying to implement remote learning. As these threats escalate, organizations will need custom threat assessment and defensive remediation plans to keep their patient, student, or customer data secure.
5G Offers a New In
5G is the ultra-high-speed mobile internet that we’ve been waiting for, and Leftronic estimates it will cover 40 percent of the globe in 2021. Individuals and organizations will soon be embracing devices and technologies that can leverage 5G for speed, networking, data transfer, and storage. And with new devices comes the risk of new threats.
So, how can threat actors use 5G and other emerging technologies to complete their evil plans? The totally connected, fast-paced world promised by 5G gives criminals and hackers opportunities to launch attacks and cause disruption by targeting that connectivity. E-health devices will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how users live their lives. This massive volume of data from always-on, 5G devices will need to be protected against breaches, theft and tampering to ensure privacy and security against attacks, especially as a lot of this data will bypass corporate networks and their security controls.
As 5G networks roll out, the numbers of connected IoT devices will massively expand leading to increasing networks’ vulnerability to large scale, multi-vector cyber-attacks. IoT devices and their connections to networks and clouds, are still a weak link in security. It’s hard to get complete visibility of devices, and they have complex security requirements.
As Security Insiders notes, “With high-speed data transfers, hackers will have the ability to infect data packets and conduct corporate espionage unnoticed. That is until companies shift their focus to keep a close eye out for such malicious breach attempts. Much higher levels of security and monitoring will be required once 5G becomes the standard form of cloud-based data transfer and communication.”
Zero Trust Networks Emerge
According to Cybersecurity Insiders, 19 percent of organizations are implementing zero trust networks, and another 78 percent are considering doing so in the future. Zero trust architecture is a bit of a paradigm shift in the cybersecurity world. While most tools and strategies focus on keeping external threat actors outside the company’s perimeter, zero trust approaches user rules and parameters to verify every device or individual that attempts to connect to its network.
Guided by the phrase “never trust, always verify,” these solutions are designed with ultimate protection in mind and may include solutions such as segmented networks for different uses, preventing lateral moves within systems with re-verification, and more. Every aspect of your organization’s “trust surface” is protected with micro-perimeters that use continuous verification and other methods to ensure only authorized access occurs. It’s a different approach, moving from the idea of trying to verify trust to simply eliminating trust from the equation and requiring ongoing verification for access to networks, applications, data, and appliances.
Dropping Budgets Require Careful Technology Choices
Forrester predicts that IT spending will drop in 2021, and at a time when IT organizations are under pressure to deliver employee and customer experiences safely, every dollar counts. Our prediction is that this will encourage CIOs, CISOs, and technology leads to make platform-level choices that can help increase the security performance of their entire organization. This may include moving toward the adoption of managed services, as well as implementing technologies and tools that can offer automated security support at the platform, network, and end-user levels. Converged solutions that offer “more bang for the buck” while taking a strong posture on risk mitigation are likely going to be in demand.