Following a frenzied year where businesses were forced to adapt overnight to fully remote environments and brand-new threats, we enter 2021 with heightened stability and knowledge of the cyber risks ahead. Cybersecurity teams need to be proactive to be effective, especially as organizations explore a permanent hybrid or remote workforce model. And with major attacks throughout the year targeting well-known, consumer-facing brands including the Garmin ransomware attack, HHS breach, and the Marriott phishing breach, security impacted every single industry around the globe. As a result, security leaders were forced to be even more cognizant of their approach to protecting their organization, often forcing them to refine and future proof their approaches to this new world of security. After watching the events of 2020 and analyzing threat actors’ approaches, here’s what I expect to see in 2021:
More focus on cyber readiness
The attack surface has grown. 100% remote workforces, accelerated digital transformation, and ever more sophisticated threats have forced security leaders and teams to widen their view. Coming into the new year, mindsets will have to be increasingly focused on cyber readiness as opposed to response alone. This will force annual training to be replaced with shorter, more frequent incident response simulations that can keep up with the threat landscape. Astonishingly, considering how fast things move and change, over a third of organizations leave a year or more between cyber crisis simulations – and 42% don’t have regular cross-team incident planning. If organizations want to be confident in their crisis response, this has to change.
A shortage of skills to protect the cloud
According to IDC, over 500 million digital apps and services will be developed and deployed using cloud-native approaches by 2023. That’s the same number of apps developed in total over the last 40 years. However, protecting this cloud environment requires a different type of thinking compared to traditional security skill sets – one which is currently in short supply. If organizations have any hope of staying ahead of the threat actors, it’s imperative that more of these skills are acquired and exercised, either by developing existing talent within the organization or by hiring externally. Without the ability to mitigate these issues, the expansion of cloud usage will result in organizational risk ballooning.
Ransomware will evolve
According to recent research, 56% of organizations have suffered a ransomware attack in the last year. These types of targeted attacks will continue to wreak havoc as threat actors get more creative, precise and targeted with their approach. In fact, with businesses continuing to pay attackers, they remain uniquely motivated. Among those hit by ransomware in that same survey, 27% chose to pay the ransom, costing organizations on average $1.1 million USD. Security teams need to recognize and overcome the previous way of thinking – the cognitive biases towards a situation – in order to promote resilience and defend against today’s threats. For this reason, it’s important that security and business leaders ensure their teams are regularly exercising crisis response scenarios. Teams will react more effectively in a crisis if they’re familiar with the situation at hand, especially with ransomware attacks.
Economic recession could lead to cybercriminal opportunity
When a recession hits, the most impacted industries – in the case of the pandemic, tourism and hospitality – become the most vulnerable to cyberattack. With layoffs and furloughs becoming commonplace, the people who once looked after data may be out of a job or lose confidence in their employment, resulting in a decrease in security effectiveness. One unfortunate example of this is when the U.S. travel management firm CWT paid $4.5 million in July 2020 to bad actors who stole sensitive corporate files and knocked 30,000 computers offline. Paying ransoms unfortunately encourages further criminal attacks without any guarantee that the encrypted files will be restored, so organizations need to be prepared to defend against these threats instead of resorting to immediate payment.
Security plans for continued remote working
With remote work here to stay in some capacity, organizations need to adopt an agile security strategy. Over the last year, as companies have seen their perimeter almost completely dissolve, they have become better at being more adaptable. This will need to continue, with security teams relying more on solutions such as VPNs to protect their employees from breaches in the first place, while also rethinking incident response plans to overcome the challenges posed by not sitting in the same office when a crisis hits.
Home network security demand will skyrocket
The reality of long-term remote work means employees’ own home office equipment, which likely isn’t patched, presents a greater potential issue. This lack of security impacts not only the individual and their network, but also others within the organization. The industry will see a shift in the way cybersecurity teams handle home office security, and some may even go to the lengths of putting restrictions on hardware.
An increase in DevSecOps deployment
Lastly, with the huge shift to agile methodologies, organizations are constantly adjusting and writing new code to be pushed to production right away. This speed is often necessary; however, it does create pressure to reduce security oversight. To combat this problem, many organizations will look to refine the DevSecOps process to ensure the separate needs of both speed and security are addressed. This will make developers focus more on understanding the latest techniques and vulnerabilities as they’re building their code, resulting in more securely built code from the onset, so that security teams are less at risk from vulnerabilities in the long run.
There’s no doubt that security leaders have learned - and been challenged - by the volatility and rapid change in 2020. Through a push to keep the hybrid workforce secure, we’ll see security leaders focus on having a proactive, crisis-ready mindset in 2021. To achieve this, CISOs must ensure they have adequately skilled people in place who can respond, adapt and quickly pivot priorities in times of crisis.