Last December, when we identified the 2020 Cybersecurity Trends, no one would have imagined what 2020 was about to unleash. Who would have thought that we would be facing a world-wide pandemic which will clearly continue into 2021 or longer?!
The trends that we identified in the list below for 2020 are still not only relevant, but many of them have become even more important due to the accelerated shift to Remote Workforce Enablement.
Cybersecurity Trends from 2020 that Carry to 2021
- Expanding Attack Footprint
- Data Breaches
- Skills Gap
- Threat Detection & Simulation
- IT Security Awareness & Education
Expanding Attack Footprint
Leading into 2020, we believed technologies such as Cloud Computing, Internet of Things (IoT), Software as a Service (SaaS) and Mobile Devices & Applications could be leveraged for exploitation and would, therefore, expand the attack footprint. While these rapidly growing technologies are no less secure, the attack footprint is expanding and evolving with them. Due to COVID, many organization’s technology footprint has expanded deeper into their employees’ homes, increasing their vulnerability.
Data Breaches will continue to be a high cybersecurity risk for 2021. Data is valuable to cybercriminals for many reasons: monetary gain, influence, espionage, etc. Phishing (Social Engineering), weak or stolen passwords, non-secure and unpatched systems and misconfigurations will continue to lead as root causes of Data Breaches. Organizations have started to implement additional security technologies: Multi-Factor Authentication (MFA), Data Loss Prevention (DLP) and Zero-Trust Framework. As we have recently learned, even a top cybersecurity firm can be hacked. This validates that even though the goal is “prevention,” the reality is we need to continue to be diligent when it comes to continual risk “mitigation.”
In 2020, we saw a significant increase in Ransomware attacks, specifically targeting the Healthcare Industry. Since there is a direct monetary incentive for cybercriminals, Ransomware incidents will continue to increase. If victims are willing to pay, there will always be some form of Ransomware. The ability for criminals to work with crypto currency (e.g. Bitcoin) allows them to hide behind some of the benefits of the underlying technology.
It is critical that organizations and individuals have a way to protect and recover their data or they will face the risk of having to meet cybercriminal demands. Organizations have been and will continue to ramp up their IT Security and Awareness programs as well as place an increased focus on formalizing Business Continuity & Disaster Recovery plans. The prevalence of Ransomware has inspired many organizations to re-evaluate their backup technology. Organizations are also creating better processes and procedures and establishing Security Incident and Response Teams (SIRT).
As cybersecurity attack types and innovative technologies are continually introduced, the skills gap will continue to grow for both individuals and organizations’ ability to keep up. The Skills Gap is going to need to be addressed on multiple fronts. Companies will need to make investments in both resources and technology. Higher education, technical training, and certification and partnering with technology experts must be expanded to address the growing gap.
Threat Detection & Simulation
Organizations can no longer rely upon a reactive cybersecurity threat strategy; they must be proactive. This will include introducing more advanced threat detection solutions and simulation of various types of threat exploitation. This more mature approach shifts the focus from being on the defensive to being on the offensive in the management of your overall cybersecurity risk. Although common amongst organizations with regulatory compliance requirements, more organizations will begin to implement Security Incident & Event Management (SIEM) solutions in order to have a more proactive IT Security plan.
IT Security Awareness & Education
With all the technology changes occurring, the biggest risk to every organization will continue to be its People. It will be critical that organizations focus and invest in on-going user IT Security Awareness & Education. As I have discussed before, IT Security Awareness & Education must be a part of both the organization and individual DNA. People, Process and Technology all need to be aligned if we want to continue to have a fighting chance to mitigate IT Security Risks. This really needs to be a layered approach, since just doing one thing will not be enough to reduce the risk.
It goes without saying that 2020 will be remembered as an unprecedented time which created a “shift” in how organizations, individuals and bad threat actors (criminals) operate. And this shift is here to stay for the foreseeable future. Security will continue to shift from being a reactive (defensive) process to a proactive (offensive) one. If this “shift” is not embraced, organizations and individuals leave themselves open to potentially devastating events.
Questions or comments? Don’t hesitate to reach out to our team at 614-212-1101 or [email protected].