By Kawther Haciane, Business Development Executive (within a multinational technology and consulting company).
In hindsight, one would agree, nobody would have expected 2020 to be what we experienced. In 2020, our world has completely turned upside down with many changes in all aspects. Not only has our challenges been more significant, but our fragilities have also been exposed. These unprecedented times obliged many organizations to set aside their existing strategic plans, quickly reinventing how they were doing business by managing their remote workforce. According to the World Economic Forum, a Great Reset Initiative is starting in 2021. But how will this initiative affect Cyber Security predictions for 2021? Read on to find out my opinion on the subject.
1. Remote Workers To Remain A Good And Easy Target For Cybercriminals
With the sudden obligation for employees to work from home, complying with COVID-19 measures, cybercriminals had a unique opportunity to unscrupulously benefit from this situation.
The disruption was their ideal chance to launch ransomware, phishing, and vishing. These attacks exploited the gaps created in most companies' security posture, as many were not ready to support the sudden increased remote workforce in a secure manner. This far, most organizations haven't yet figured out how to address this new challenge while protecting their sensitive information.
That has, therefore, prompted most businesses to bear unexpected costs related to potential cyber-attacks and/or data breaches. The need to re-think cybersecurity approaches is inevitable, or remote workers will continue to be the main attack vector in 2021.
2. Zero-Trust Network Initiative Adoption
Until now, the silver bullet to secure remote connections was the traditional Virtual Private Network (VPN). But knowing that VPNs are an outdated technology, security experts are now advising to turn to a Zero-Trust model for corporate access. That's because VPNs are such a hassle to scale; they introduce latency, hamper productivity, and give employees unfettered access to the organization's internal resources. If bad actors can gain access through the VPN, they will be delighted, having free reign over the entire corporate network.
Luckily, most IT security teams have now started to look into the zero-trust security models, which can synthesize most of these challenges that the traditional network model approach presents. One must assume breaches will eventually happen, therefore, each request, regardless of its source. The Zero-Trust model implies that each request is verified, authenticated and encrypted before any access is granted.
Now that most organizations are dealing with many security breaches posed by VPNs, the Zero-Trust network initiatives are likely to accelerate in 2021.
3. Cloud Security will Take the Limelight
As organizations move to the cloud, the struggle with security issues remains a major concern. Strategically, adopting cloud, supports costs reduction, risks mitigation and helps achieve scalability.
In 2020, many have rushed their cloud adoption, skipping important steps and loosing focus on key aspects such as secure the business, comply with regulations and enforce data security & privacy, as well as struggling with cloud & containers misconfigurations.
In 2021, the challenge will be to retrospectively apply due diligence to all cloud applications and services brought online the previous year and implement security controls. Given cloud adoption will continue to increase in 2021, securing and governing cloud environments will be the top IT Challenges.
4. The Challenge Of Cyber Security Skills
For years, organizations have been facing a talent gap in cybersecurity, making it difficult to recruit and retain the cyber security professionals.
In fact, in 2021, CISOs will likely continue to struggle with this challenge. However, over this past year, organizations experienced the stay-at-home model, which has proved that people can perform their jobs from almost anywhere. Hence, with this increased globalization/dispersion of security resources, one can now look at an expanded geographical pool of candidates for new hires.
The future remains uncertain for sure. This year will continue to be a challenging one for security leaders. Disruptions caused by COVID-19, in addition to the requirements of accelerating the journey to cloud, while at the same time, mitigating operational risks under increased cost pressures; will be one the biggest challenge for security leaders.