Barracuda, a provider of cloud-enabled security solutions, reveals top cybersecurity trends that will shape the future of enterprise security in 2021. It indicated that the threats of today will continue to target the weakest link in the chain, which normally is the human element. Year 2021 will witness many of the key trends in 2020 to continue.
1. Distributed enterprises and remote workers
Considering that in a span of a few weeks, companies went from 10% of workers being remote to over 90% of workers moving to remote, in 2021 we will see many of them slowly bringing back some key workers to their facilities and adopting measures that will give their employees flexibility if they can maintain productivity. While many companies had some experience of setting up temporary and limited remote access for contractors and vendors, every company will need to make sure they have clear processes and controls for managing a large percentage of their employees remotely for extended periods. Every company will need to have policies and procedures for managing remote access.
2. Growing concerns on cloud security and privacy under accelerated adoption of cloud-based solutions
Meanwhile, there will be an accelerated adoption of cloud services. First, new applications are delivered as Software-as-a-Service (SaaS) instead of on-premises implementation. Second, and more importantly, existing on-premises applications are migrating faster to the cloud. The year 2020 was that inflection point for many with cloud. COVID-19 forced many organizations to significantly accelerate their migration to cloud services to address lockdowns and remote workers.
IT executives will need to understand whether and how the assets and services delivered in the public cloud are adhering to compliance regimes. This will be a critical skill because more capabilities are now delivered as cloud services. In addition, when more companies are exposed to threats that might impact the privacy of their customers or enterprises, IT security executives must be able to effectively communicate and execute plans that encourage and require other teams to enforce compliance.
3. Proliferated cyberthreats and industries that will face greater security challenges
Threats will continue to exploit human errors. Work from home and weaker security postures allow the typical email-borne attacks to become even more effective. As in previous years, we will continue to see a growing number of attacks targeting critical infrastructure such as healthcare and cyber-physical systems.
A proliferation of distributed denial of service (DDoS) attacks, ransomware, business email compromise, and malware-based attacks is expected to occur. These attacks will be more successful as companies deal with a series of events that have changed the attack surface. As the impact of COVID-19 continues, remote users are accessing key services from their homes and more applications and services will be delivered through cloud. Retailers are also digitalizing to e-commerce to maintain business operations during the lockdowns. All of these, along with an economic recession, are changing the IT priorities.
While every industry needs to make sure it is prepared to deal with security issues, healthcare and public services such as utilities and the government are more vulnerable than normal as they have stretched resources during the COVID-19 crisis. They continue to be target-rich environments for cybercriminals using simple methods like spear phishing, malware, and ransomware to create the most damages.
4. Shortage of key resources to help mitigate increasing security issues that will take advantages of the new reality
There will be a continued shortage of cybersecurity talent to help mitigate security issues, despite the recession and COVID-19 job losses. Attacks will also increase to take advantage of the new reality like distracted workers, global pandemic, cost pressures from the recession, remote access, accelerated adoption of cloud services. Each of these alone would be cause for concern for cybersecurity professionals. All these macro trends happening simultaneously demands the highest level of vigilance against those who would take advantage of these situations.
Moreover, CIOs, CISOs and security executives are expected to achieve the same level of security or more with tighter budgets due to economic recession. There will be a growing need for security executives to get fully comfortable with novel cloud-centric security architecture. Additionally, 5G adoption will start to get more tangible in many regions of the world. IT security executives will need to come up with a more holistic understanding of risk and adequate protection measures as it pertains the entire corporate network, including OT and industrial IoT environments.
5. Emerging security technologies that will be more popular in 2021
- Zero Trust Network Access (ZTNA) – With remote workers and cloud-delivered services becoming a de facto part of every business, solutions that manages all access at the highest level of granularity with simple to set up and manage will become more popular in 2021. Zero Trust and other trust-based solutions will be effective mechanisms to manage privileged access to services. Traditionally, customers used complicated solutions like Network Access Control (NAC) or VPN. In 2021, there will be great adoption of lightweight solutions that quickly and effectively manage access at the device and individual level.
ZTNA solutions and accelerated adoption of cloud-based solutions can also help organizations keep risk under control in the remote working model. As corporate endpoints will be predominately used outside the perimeter of the corporate network, organizations should review their current endpoint security and compliance enforcement approaches. Therefore, there will likely be a revival of corporate-owned devices provided to employees. The ZTNA concepts will flank traditional network-based VPN access concepts.
- Secure Software-Defined Wide Area Network (SD-WAN) – While we have seen standalone SD-WAN solutions in the past few years, many of them were integrated with network security (firewall) providers. There are now prevailing secure SD-WAN solutions. As public cloud adoption increases, organizations have started to leverage Azure, Google and Amazon backbones as a delivery vehicle for their own WAN. This makes sense as more applications and services are delivered on these cloud services and their points of presence continue to expand worldwide.
- Cloud Email Supplemental Security (CESS) – Work from home and weaker security postures allow typical email-borne attacks to become even more effective. In email protection, classic gateway-based solutions will be augmented by CESS solutions that leverage API access and social graphs/artificial intelligence/machine learning to mitigate messaging-based attacks. There will be more of these solutions addressing other collaboration-based solutions such as Zoom, Slack, and Teams as they become popular tools for collaboration but are susceptible to the same type attacks with email.
“In 2021, we foresee the threat landscape to become more challenging and COVID-19 will continue to impact security in many ways. As companies worldwide deal with shifting local requirements to adhere to COVID-19 outbreaks or downtime due to virus spread in their offices, emergency measures need to be implemented quickly and repeatedly. Thorough and comprehensive backup and recovery solutions are critical, every IT security executive should make sure these plans include security compliance checks that are straightforward and quick to implement without having a long-term impact on productivity.” said James Forbes-May, vice president of APAC for Barracuda.