Between a pandemic, political strife, and massive cybersecurity breaches in both the private and public sector, 2021 is shaping up to be just as eventful as 2020. At Infoaxis we are always looking for the next trends in information technology and cybersecurity. This is why we’ve decided now would be a good time to look back at the patterns of 2020 to predict the top 2021 cybersecurity trends.
Migration to “Long Term” Remote Work
With the advent of the COVID-19 global pandemic, the top cybersecurity story, maybe even more so than the SolarWinds Breach, was the quick and successful move from working in an office to working in your kitchen, bedroom, or perhaps basement. In many ways this shift was already underway with improvements in remote communication technology such as VPNs, conferencing programs, and backend systems migration to cloud services. However, COVID-19 pushed this trend into overdrive as companies across the world were forced to quickly shift their working arrangements to comply with stay-at-home orders. Some worried this sudden shift would leave companies especially prone to cybersecurity vulnerabilities. While remote work has made companies more vulnerable, thankfully we have not seen major breaches on a wide scale across the private sector.
It is true the sudden rise of users accessing company resources from outside the corporate firewall has led to sharp increases in their firm’s attack surface. Overall, though, companies have proven resilient in quickly adapting their systems, processes, and people to the new realities of remote work. As a result, many economists are predicting once COVID-19 recedes, workers may be reluctant to return to their offices full time. From a cybersecurity perspective, investments in remote infrastructure such as laptops, VPNs, and mobile devices are not only here to stay but will expand. This will occur as companies begin to use this new working landscape to attract talent outside of their geographical boundaries.
What may this mean for your firm’s cybersecurity? It is more important than ever to ensure the right people, processes, and technology are in place to reduce the attack surface of your new remote infrastructure. For many firms, this is a task they should not handle alone. A relationship with the right Managed Service Provider will allow you to manage your new remote infrastructure efficiently and properly secure it.
Skyrocketing Use of Ransomware
Unfortunately, not all news on the remote working front has been good. As more workers moved outside of their corporate firewalls, cyber attackers found new avenues to exploit vulnerabilities and improved their attack methods.
2020 has seen what can only be described as an explosion of malware across networks. The most popular variant malware currently in use is ransomware. By some estimations, 2021 will see yet another massive increase in ransomware use, so much so that by year end, there could be one ransomware victim every 11 seconds. Along with ransomware itself, attackers have become much savvier in targeting victims and collecting payment. One dark joke this author has heard is ransomware attackers now have better customer service for their payment centers than most US cable companies.
The good news here is the defenses deployed in 2020 will remain effective in 2021. This includes active threat monitoring, spam filtering, well-configured networking equipment, and – arguably the most important of all – mandatory cybersecurity awareness training for you and your staff, the human firewalls. Despite advances in victim targeting, the majority of ransomware is still delivered by exploiting human error via spam and spoofed links. Developing an active cybersecurity awareness program that educates and empowers your employees to look for and report suspicious e-mails or activities will go a long way towards mitigating ransomware attacks.
Continued Expansion of Cloud Capabilities…and the Pitfalls that Come with It
Along with remote work, another trend that will continue to accelerate due to COVID-19 is the expansion of companies moving to cloud infrastructure. Companies are finding that with most of their workforce spending less time in the office, there is also less need to keep costly server rooms and data centers under their care.
One way we’ve seen companies reduce their real estate footprint is by moving their old on-premises IT infrastructure to cloud providers such as Amazon and Microsoft. We expect this expansion to continue into 2021 and beyond. With cloud services, companies can reduce overhead because they no longer have to install, power, maintain, upgrade, and dispose of expensive backend servers and networking equipment. In addition, cloud has allowed companies to implement effective backup and disaster recovery protection because services that were once the company’s responsibility can now be offloaded to a dedicated outside provider. However, with these new capabilities come new complexities that could pose a threat to your company.
Think about your old or current on-premise IT equipment. Think about how much time and effort was invested to configure this equipment to work to your standards and secure it against known cybersecurity vulnerabilities. A migration to cloud does not change the need to properly configure your backend IT equipment. It only changes the skill set needed to do it. Instead of physically plugging into a firewall, you may log into the Azure or AWS portal to configure a virtual one. Outside of human error, improperly configured equipment, physical or virtual, is the leading cause of cyber breaches. Therefore, one of the expected cybersecurity trends in 2021 will be cyber professionals and network engineers retooling their skill set to work within newly deployed cloud environments. Just because you have your equipment in the cloud does not automatically make it secure.
Proof of Compliancy
The overarching theme of trends continuing from 2020 is that IT infrastructure is going to become more dispersed and complex than ever before. This means larger attack surfaces with more points of entry to defend. As a result, companies will need to look for more efficient ways to scrutinize their vendors’ and partners’ cybersecurity posture. Given the growing complexity of IT infrastructure, it is becoming more costly for firms to audit each individual vendor. Rather than inundate each vendor with a questionnaire that then must be verified, companies have started to move towards various standards that can be certified by an outside party.
These certificates usually require annual renewal. They allow companies to ascertain their vendors’ cyber posture quickly so they can focus on conducting business rather than worrying about the vulnerabilities their vendors might expose them to.
It’s important to remember these certificates are not foolproof. While they do go a long way towards proving your vendors are making a good faith effort to secure their own infrastructure, it’s still important for you and your firm to remain vigilant. This is not just a trend among the private sectors. Last year, the Department of Defense introduced their own cybersecurity standard that is now being applied to all parts of the DoD supply chain. As 2021 continues, more companies will be looking to see who has acquired certification, who has not, and which service providers on the market can assist them in obtaining certification of their own.
Discover your system’s vulnerabilities before cyber criminals do
Infoaxis has long operated with a security first mindset. Discovery is the first step in our Cybersecurity Roadmap to your organization becoming more secure. Take our no-cost Discovery assessment and get a comprehensive view of your current vulnerabilities – not just in your organization’s network but across your entire business. Learn more>>>
About the Author:
Joshua Silberman, CISSP, CCSP, CISA, is a cybersecurity leader responsible for the direction, design, and development of Cloud Transformation and Cybersecurity at Infoaxis.