With 2021 a few months away, what will the landscape of cybersecurity look like for enterprises? What will be the main focuses, risks and considerations for the coming year for cybersecurity leaders and professionals? Here's a list of seven predictions that will affect enterprises and cybersecurity leaders:
- Remote workers will be the focus of cybercriminals through 2021.
Cybercriminals will always follow users and launch attacks that exploit their behaviors and habits. We saw this very clearly in 2020 when employees suddenly became remote workers to comply with stay-at-home orders, and their use of technology and devices shifted. Cybercriminals took advantage of this disruption to launch phishing, vishing, ransomware, and a whole slew of other attacks that targeted gaps in companies’ security postures, as many were not prepared to support a remote workforce securely.
As one example, even prior to the pandemic, many companies (82%) enabled bring your own device (BYOD) for employees, partners, or other stakeholders. However, 72% lacked BYOD malware protection entirely or relied upon endpoint software installations. As the pandemic has further enabled BYOD, this lack of preparedness is potentially disastrous.
Thus far in 2020, a failure to figure out how to support remote work without exposing sensitive information has led to nearly 25% of organizations paying unexpected costs to address cybersecurity breaches and malware infections. If organizations don’t rethink their approaches to security, cybercrime will continue to evolve and exploit remote workers as the ideal entry points into corporate IT ecosystems.
- Legacy security architecture like VPNs will be the weak link for many organizations.
To quickly ramp up remote operations and comply with stay-at-home orders, many organizations looked to legacy security architectures like VPNs as a silver bullet solution for remote work. However, this is not a sufficient long-term solution as VPNs introduce latency, hamper productivity, can be difficult to scale, and can grant employees excessive access to internal resources.
VPNs also represent significant liabilities as cybercriminals can easily exploit unpatched VPNs with ransomware. Even a “perfect” VPN setup and deployment is vulnerable to attack. For example, looking back at the July Twitter hack, attackers were able to use stolen employee VPN credentials to access high-profile users’ accounts to promote a Bitcoin scam without having their identities authenticated. With 400 million businesses and consumers using VPNs across the globe (according to GlobalWebIndex), it’s likely that we will continue to see VPNs targeted by cybercriminals in successful attacks.
Fortunately, there is hope for the future. 34% of IT security teams across the globe have shared that they are in the process of implementing a zero-trust security model which can ease many of the challenges presented by a traditional network approach. Additionally, 60% of enterprises will be phased out of VPNs in favor of zero trust network access by 2023. With a zero-trust implementation, users only have access to the smallest set of permissions necessary to perform their work duties. This trend toward zero trust network access is likely to accelerate in 2021 as organizations realize the gaps that legacy architectures like VPNs pose to their security postures.
- To cope with reduced budgets, CSOs and CISOs will seek convergence across security solutions.
After years of accelerating, IT spending decreased nearly 10% in 2020. This trend is expected to continue in 2021, as Forrester predicts that U.S. tech investments will fall another 1.5%--a $135 billion drop from 2019’s peak. This comes as no surprise given the fact that the U.S. economic deficit grew from $779 billion at the end of 2018 to $2.8 trillion as of July 2020.
Despite budget-related adversity, security executives must still close the digital transformation gap within their organizations. As such, convergence and simplicity will be key. CSO/CISO/CIOs will turn to technologies that integrate multiple services into one platform to recognize larger cost savings. For example, secure access service edge (SASE) platforms will have a major impact in 2021 as they will replace a number of disjointed point products and extend consistent protections to all enterprise IT resources through a single control point. In this way, leaders will recognize massive cost savings and IT teams will enjoy consolidated ease of management that will save them significant sums of time.
- The impact of breaches in the healthcare sector may be deadly.
The healthcare sector stepped up in a heroic fashion to help combat the spread of COVID-19 through increased testing, treatment, and vaccine R&D efforts. However, the pandemic created historic financial pressures for healthcare organizations; for example, revenue issues stemming from individuals cancelling services and avoiding going to the doctor unless it’s absolutely necessary. Additionally, support costs are incurred by hospitals assisting front-line workers, while the costs associated with purchasing needed equipment and supplies are quite high, as well. Overall, COVID-19 hospitalizations have cost U.S. hospitals and other healthcare organizations close to $40 billion from March to June 2020.
Amidst these challenges, cybercriminals are still targeting hospitals and healthcare providers--particularly with ransomware attacks that can disrupt their ability to provide care to patients.
For example, earlier in 2020, a patient was unable to receive life-saving treatment after hackers disabled Düsseldorf University Hospital’s computer systems with ransomware, ultimately costing the patient her life. Knowing that cyberattacks can have fatal consequences and that many healthcare organizations may not have adequate cybersecurity controls in place, attackers are in a prime position to exfiltrate PHI or get healthcare organizations to pay a ransom. As such, healthcare institutions are going to be tasked with the physical and electronic well-being of patients; attackers will continue to target them as they face financial pressures.
- Financial organizations beware, more attacks are coming.
Financial services organizations and other firms that are responsible for the security of consumer financial data must remain vigilant in their cybersecurity efforts throughout 2021. The high value of financial data, including Social Security numbers, banking details, and more, makes it a lucrative target for cybercriminals.
It’s true that financial services firms are not breached as frequently as those in other industries like healthcare. However, when financial firms are breached, these incidents tend to be much larger and more detrimental than those experienced by companies in other industries. For example, even though 7% of breaches in 2019 occurred at financial services companies, 62% of all records leaked in that same year were from financial organizations.
With the projected rise of new technologies - like 5G - throughout the new year, the sophistication of cybercriminals’ attacks will likely be enhanced. Consequently, it is imperative that financial organizations (and all companies in heavily regulated industries) take a proactive approach to data protection.
- COVID-19 forced organizations to accelerate digital transformation efforts.
It’s difficult to reflect on the year 2020 and identify highlights or “good news.” However, if we look at the year from a technological point of view, we can discern a silver lining. Specifically, there were rapid digital transformation efforts across industries organizations strove to comply with stay-at-home orders.
Digital transformation has been an ongoing objective for countless organizations since the early 2010s. If stay-at-home orders were never enforced due to COVID-19, it’s possible that digital transformation still would have been on many organizations’ to-do lists throughout the next decade. However, 2020 has accelerated 5G to keep remote workers connected, seen organizations expand their use of AI and ML-powered analytics to grow their businesses, and increased cloud adoption to enable businesses to achieve simplified innovation, faster time-to-market, easier scalability, and more.
Remote work and other technological advantages spurred by stay-at-home orders will long outlast the pandemic, granting organizations more flexibility, cost savings, and an overall edge in their business plans to conquer any other obstacles the future might bring them. While IT and security professionals have made some strides in securing these modern work environments, 2021 will also be filled with organizations around the world striving to secure themselves in a more complete, future-proof fashion.
- The adoption of new technologies and increase in internet users means most of the world’s population is at great risk of data exposure.
History shows that attackers refine their methods to take advantage of global events and the adoption of new technologies. In fact, online crimes reported to the FBI’s Internet Crime Complaint Center (IC3) have nearly quadrupled since the beginning of the COVID-19 pandemic. This comes as no surprise, as there were close to 4.6 billion active internet users as of July 2020, which represents 59% of the world’s population. The number of internet users will continue to increase in the coming year, and 84% of organizations will continue to support remote work even after stay at home orders are lifted. Combining these trends with the rapid development and adoption of technologies like 5G (which enables malicious actors to execute attacks and move data much more quickly) suggests that we will see an increase in the number of people around the world who are impacted by data breaches.
However, this shouldn’t prevent organizations from implementing new technologies or continuing remote work. With the right security strategies and solutions, organizations can benefit from new technologies and support their remote workforce without exposing themselves to additional risk.