Click to learn more about author Samantha Humphries.
When reflecting on 2020, the effects of COVID-19 have touched nearly every corner of the globe, spanning continents, age groups and industries. The pandemic forced an almost overnight transformation in the way most businesses operate, particularly for those that did not already have cloud security tools in place. The hasty nature of these changes – combined with reduced staffing, less investment in security and an increase in attacks – presents some major data security issues.
As a result, we can expect that 2021 will see a wave of data breaches linked to reduced security standards due to facilitating mass remote working. This is supported by a survey of cyber professionals conducted in May this year, which painted a bleak picture: 71 percent of cyber professionals were seeing an increase in threats, three quarters had furloughed members of their SOC team and 60 percent needed to defer planned investments in security technology.
For most cybersecurity teams, 2021 will be a time to take stock and retrospectively apply due diligence to all cloud applications and services brought online to support remote working in 2020. This means ensuring security controls meet at least pre-COVID standards – with visibility, detection and response capabilities across cloud services, applications, and infrastructure – across both current and ‘old normal’ cloud applications and services.
Below, we’re sharing the first part of expert reflections on what the past year has meant for cybersecurity and offer predictions on what the next year will bring.
Torsten George, Cybersecurity Evangelist, Centrify
AI will re-learn how to squash insider threats. September was Insider Threat Awareness month, and a lot of attention was paid to the threat but not always to the remedies. Fortunately, more tools are relying on AI technology to address this challenge, such as data loss prevention (DLP) and user and entity behavior analytics (UEBA). However, these tools have to establish a behavioral baseline first, which has not been helped by the pandemic because those baselines basically need to be redone to make those tools effective again. While this represents the drawback of relying too much on AI, it also shows the dynamic resiliency of AI in that it can re-learn what it needs to be an effective security tool, which will be important as we continue to adapt to pandemic-related challenges in 2021.
AI can help stop viruses before they mutate. No, I’m not talking about COVID-19 but rather about computer viruses. For decades, anti-virus software solutions have all been signature-based, whereby they identify the unique signature of the virus and put it into their code, hoping the virus doesn’t change between software updates. AI can be used to address this issue. Complex algorithms can be developed that establish particular patterns, so they are no longer signature bound. The chances to capture these viruses while mutating is much higher than with traditional tools, which will become increasingly important in 2021 as threat actors up their efforts to wreak havoc during ongoing uncertain times.
Gorka Sadowski, Chief Strategy Officer, Exabeam
Cybersecurity vendors need to be ready for a seismic shift. Clients are tired of buying monolithic SIEM solutions with questionable ROI, based on some vague promise of value down the line. Clients are now demanding an outcome-based approach, where every dollar spent is directly tied to demonstrable high-value insights that are critical to an organization’s security posture. To align with their prospects and current customers, cybersecurity companies, including SIEM vendors like us, must provide clear, concise messaging and use cases on how their solution not only combats these attack vectors – but is worth the cost.
Trevor Bidle, Chief Information Security Officer, US Signal
Organizations will increasingly turn to data center providers that offer extensive security measures. With 64,000 more IT professionals expected to lose their jobs by the end of 2020 and cybercrime quadrupling during the pandemic, many companies will be left short-staffed yet increasingly targeted by hackers. Many of our customers, for instance, have done an excellent job around backup and disaster recovery, but they feel it’s a very ‘defensive’ strategy. To level up in 2021, they are looking to become more proactive and offensive against outages, data loss and digital adversaries. We expect a spike in companies across the U.S. seeking data center providers that can not only handle cloud storage, colocation, data protection and connectivity tasks but offer expert managed SOC services as well. Vulnerability management and scanning will be a key requirement – to ensure their IT environments are clean and free of cybercriminal activity and even ransomware.
Businesses will invest more in cybersecurity to tackle ransomware attacks and avoid legal penalties. More than half of organizations have fallen victim to ransomware in the past year, and at least 26 percent paid the hackers to get their systems back up and running. We expect the number of incidents to rise in 2021 and, therefore, expect businesses to increasingly work with third-party data center and security services providers to tackle this growing threat. This is especially critical following the U.S. Department of the Treasury’s Office of Foreign Assets Control’s (OFAC) announcement that paying the ransom will not only encourage hackers to continue these attacks — but could now go against OFAC regulations. We will almost certainly see multi-layered cybersecurity products that include protection solutions such as vulnerability management, frequent data backup and snapshots, cloud-based security services and secure data centers to restore lost or corrupt data grow in popularity in response.
Annemie Vanoosterhout, Release and Project Manager, Datadobi
Ransomware will become more active and visible in 2021, creating the need for companies to protect their business-critical data.Organizations will need a data protection strategy that outsmarts sophisticated adversaries conducting ransomware attacks. The traditional two-folded system with a primary recovery source on-premise and a secondary system either on-premise or in the cloud will not be enough. If disaster strikes and both systems fail after an attack, an organization will suddenly face an existential risk and have to shut down business – which can cost thousands of dollars or more.
In order to create a disaster-proof business continuity plan, companies must know what data is business-critical and protect it in a “bunker” – either on-premises or in the cloud. This “golden copy” of data is a simple, cost-effective way of complementing a traditional disaster recovery plan. The bunker is completely isolated from the primary and secondary storage systems which creates an air gap that inhibits ransomware or other human errors that could disrupt primary and secondary copies from affecting the third copy. The air-gap also shifts control from a large number of employees to a limited set of company administrators. Even the few selected to have access will also have to complete a number of steps before opening the bunker.
Being unable to access business-critical data can cripple businesses. Adding a golden copy of this data to complement traditional business continuity plans can give organizations the peace of mind while also protecting from the devastating effects of ransomware during the New Year and beyond.
Charles Burger, Global Director of Assureon Solutions, Nexsan, a StorCentric Company
In 2021, cybersecurity will remain at the forefront of virtually every data center professional’s mind. Increasingly aggressive and rampant ransomware, and other bad actors, will continue to attack not only onsite production data but every possible copy, wherever data resides. In 2021, it will be therefore critical that organizations step-up their cybersecurity game with data security, protection, and “unbreakable” backup solutions that not only serve to protect against an attack, but in the worst-case scenario – ensure the ability to recover and maintain uninterrupted operations.
Bill Kalogeros, Advisor, Public Sector, Tempered
Attacks on electric grids, water supplies and other critical infrastructure systems will become a more frequent reality. Cybercriminals will only continue to ramp up their attacks in 2021, so it’s up to those in charge of critical infrastructure to ensure their systems are armed with the latest network security technology. Critical infrastructure systems, typically controlled by the public and industrial sectors, maintain and enable our society.
If cybercriminals gained access to the networks that control a city’s stoplights, monitor its water supply and even keep the lights on for its citizens, it would invoke utter chaos. And incidents like NotPetya and Sandworm in recent years prove it’s not just a theoretical threat — it’s 100 percent possible. That’s why in 2021, all critical infrastructures must adopt Zero-Trust approach to security. With Zero Trust, only those who are given explicit permission can gain access to a network, and even then, they are only able to perform actions that have been approved.
Rick Moy, VP of Sales and Marketing, Tempered
IoT, 5G and the shift to the cloud will converge to expand organizations’ attack surfaces. As more operational decisions depend heavily on the ability to consistently and securely access data, seamless connectivity to data generating equipment is a must. There is a pressing need for secure connectivity in a world where the devices and infrastructure supporting them are ill-equipped to deliver it, especially as the need to move data and manage systems across expanding landscapes has outpaced techniques such as VPNs and firewalls.
As we move into 2021, we’re just starting to see the full transformative potential of 5G connectivity and the exponential rise of devices connected to the cloud. The power of IoT coupled with 5G and this shift to the cloud will push into ever more remote and challenging environments, bringing greater value, but also greater risks in communications and attack. To be successful and thwart an ever-growing pool of sophisticated attackers, organizations have to put more refined communications infrastructure in place that is ready for the scale and ruggedness the future of IoT demands.
Jay Ryerse, VP Cybersecurity Initiatives, ConnectWise
Cyberattacks doubled last year, and with many workforces transitioning to remote work in 2020, it is important that companies look into and invest in making their newly dispersed teams secure. In an effort to keep up with demand, companies will pivot towards automation and streamlining the various security products that exist and aligning them whenever possible.
For example, attack techniques are changing, and with people working from home there has been an increase of phishing attacks on targets’ family members as they are now sharing equipment and networks while working on sensitive business data on a daily basis. The demand to double down on cybersecurity to tackle the new challenges that come with a remote workforce will see many companies turning to MSPs to address the volume of attacks, for education, and help reducing risk in 2021.
Next year will also see an increase in legislation around privacy. In the US, California, Nevada, and Maine led the way but now 23 states have adopted similar regulations. We may also start to see legislation regulating MSPs. In fact, Louisiana has already done that, and other states could follow suit. If that happens, we’ll see a lot of forward-thinking MSPs investing in education and attracting talent to close their cybersecurity skills gap and leverage that legislation as a competitive differentiator in the market.
Finally, we’ll continue to see heavy private equity investment in the MSP space, leading to further consolidation, as well as private equity buying security companies at a rate that’s probably unprecedented. The objective of these consolidations may be to gain market share and intellectual property while streamlining delivery of secure services. It will likely drive market separation for the largest providers and conversely, create an opportunity for smaller providers to enter the space and meet the demands of delivering security service at scale.