The new year is already several weeks old, but it is still a great time to take stock, look ahead, and plan to make 2021 the best year yet. However, to do this, an organization needs to look back into 2020 to learn lessons from a particularly challenging time in cybersecurity.
Many organizations will have 2021 budget challenges, which may seem surprising as reductions are not on the cards. The problem is that security teams had to spend from future allocations to support unexpected needs in the last year. The budget they start this year with is already partially depleted.
It is impossible to predict what will happen this year, but there are several logical security areas to consider for investment based on what we have seen in 2020. The new world of 2021 and beyond will be different in how we work, travel and play, and cybersecurity must consider these changes.
Our Return to the Office will be Slow, if at All.
More people will continue working from home in the coming year. With offices being closed in city centers and workers realizing the positive benefits of avoiding the daily commute, this situation does not look like it’s going to change. In fact, in a mid-2020 independent study, IT leaders said that nearly 35% of their workforce would continue to work from home some or all of the time after the pandemic. We may return to the office, but the 5-day office week may be no more.
Linked to that point, remote workers will likely become increasingly targeted by attackers as they now rely more on personal devices and home networks. We could see mobile phones used for Man in the Middle (MitM) attacks, or even home IoT devices infected with malware and sniffing out corporate data as users work.
It is therefore essential to support secure remote working with network and mobile device policies, updated to deal with the infrastructure and device challenges of remote working. Technologies to include are multi-factor authentication and zero-trust at home or enforced VPN connections to access any work-related information.
The Oldest Hacking Methods Remain Successful
With such a large percentage of people working from home over the past few months, there was growth in the number of Business Email Compromise schemes in 2020 (BEC). Employees are under constant threat from this form of compromise. We all use email for work and personal communication; attackers rely on this as their opportunity. The messages appear to come from valid suppliers or contacts, making legitimate requests which arrive with unrealistic deadlines. The recipient responds to the urgency of the message, and not the validity. Employees feel under pressure to demonstrate productivity with rapid response and timely delivery on actions, especially when the requester is (or at least appears to be) a company executive or senior management.
The only realistic way to reduce the risk of BEC is with user-awareness. Many organizations run fake-email campaigns, mandating awareness training on users who respond, which is a powerful tool. At the same time, it is essential to begin running work-life training around security. For example, to highlight the importance of speaking with the sender of an unexpected message to confirm the validity and exercise extra vigilance around messages with seemingly unrealistic deadlines attached. Combining these methods will help users to spot an incoming BEC message and correctly respond when they do.
As the Network Changes, Threats Evolve
With more business moving into public cloud services and more data stored in the cloud, it’s no surprise that 2020 saw growth in the number of breaches related to unsecured and exposed databases. In 2021 a term we’re all going to become familiar with is cloud-jacking; cybercriminals breaking into cloud services for ransom or to leverage cloud-scale when launching malware attacks.
The fast rollout of 5G services is also in train. With the growth in IoT devices connected to these networks, security is more vital than ever to prevent attackers from hopping from unsecured IoT devices to corporate networks to business service systems, potentially causing untold damage.
Consider security at every step of the evolving network. Hide cloud services role-based accounts, with regularly-changed complex passwords and multi-factor authentication—the more security layers in front of the network, the better. IoT devices also should be secure, but in some cases, this is not possible due to performance, real-time requirements and battery life. Any rollout needs to leverage modern network capabilities with segmentation, secure routing and advanced threat detection to mitigate and minimize any IoT vulnerabilities. These considerations may not prevent a thoroughly targeted and weaponized attack but will give the earliest warning possible and so enough time to mitigate damage.
Security Beyond Detection
Cybersecurity has always been in a race to keep ahead of attackers, but there are now more signs of progress. In the past, security was primarily used as a defensive tactic. Still, with new capabilities, detection is pulling alongside as a proactive tactic, and business is starting to put more focus into spotting threats before they become problems. Development in areas including SIEM (Security Incident Event Management) and cloud-based SIEM will help the security team hunt for threats and put protection in place before data and services are breached.
In 2020 we saw security teams stretched by the unexpected challenges of adapting to the pandemic response, and unfortunately not everything went well. Now, mostly this strain proved that the tools and processes which most organizations have in place are well-suited to their purposes. Moving forward, the criticality of strong cybersecurity is more important than ever. Still, now the business truly recognizes this and board-level discussions are commonplace with teams working toward a common goal, it will help to ensure corporate assets and users are properly protected.
With these precautions to hand, 2021 will be a safe year; we will see challenges and changes, but the moves forward will be positive and empower both users and the business to succeed securely.