What will be the cybersecurity trends in 2021 by Stinet
On the threshold of 2021, we are „lucky” to have one of the most unprecedented events in human history behind us (or actually we are still in it) – a global pandemic. If you took this scenario into account during your business continuity management exercises, please accept our congratulations! It probably allowed you to avoid at least some of the problems related to the sudden change of working conditions.
And if we are talking about working conditions, in 2020 the Digital Transformation Leader Award goes to Covid-19 for the overall digitial transformation enhancement and the facilitating transition to the remote work model.
We can sum it up in 3 main points:
- Accelerating the adoption of cloud environments – IaaS, PaaS, SaaS.
2. Transformation of the corporate network architecture paradigm.
Oliver Tavakoli, CTO, Vectra
„The next big thing about security that we’re going to see this year is the inversion of the corporate network. It used to be that everything really important was in place and a small number of holes were inserted into the protective fabric to allow external communication. 2021 is the year when the long-predicted network deperimeterization finally happens. The leading indicator of this is companies that are moving away from Active Directory legacy on-premises architecture and moving all their identities to Azure AD with modern cloud-based technology.”
3. Accelerating the adaptation of digital as main communication channel – „You’re on mute”.
The points mentioned above, and not only, cause an unprecedented increase in the number of threats. Since suddenly everyone has switched to online and communicate via networks and computers, does this increase several times the already huge number of attack vectors? The answer is obvious and that is why in 2021 we will see increase in trends that started to take shape in 2020.
Below, we present 7 trends that, in our opinion, will shape the cybersecurity market in 2021
I. Further increase in the number of deployments covering the concept of Secure Access Service Edge – SASE and Zero Trust Network Access
One of the requirements for effective remote work is to decentralize Internet access, while ensuring security.
Secure Access Service Edge (SASE) is a term coined by analytical company Gartner and stands for a concept that simplifies wide area of networks (WANs) and security by delivering them as a cloud service directly to the source of connection (user, device, branch, IoT device, processing location edge), not the enterprise data center. Security relies on identity, real-time, corporate security and compliance policies.
Identity can be assigned to anything from user to device, branch, cloud service, application, IoT system, or processing location. Due to security problems, it is suggested that SASE should be enriched with Zero Trust Network Access – a paradigm according to which the user should authenticate again with access to each subsequent system within the network (no more “one access fits them all” approach).
II. The SOC triad (EDR, NDR, SIEM) as the future of an efficient SOC
Gartner leanes towards the Security Operations Center Visibility Triad because it combines three core tools: security incident and event management (SIEM), endpoint detection and response (EDR), and network traffic analysis, also known as network detection and response (NDR).
The triad of SOC visibility represents a model shift in cybersecurity for two reasons:
- shifts the focus of safety operations from the perimetery to the interior of the network and shifts from a “protection and prevention” to a “detection and response” orientation. Businesses today no longer rely on an entry/exit (North-South) risk prevention model, they must adopt a more realistic approach that focuses on detecting threats that bypass the firewall, leverage living-off-land and spread within the enterprise;
- supports a security strategy focused on critical resources and driven by data – events, endpoints and network traffic. This knowledge enables companies to detect threats, identify and secure their critical assets, and remediate attacks in real time.
III. Cybersecurity professionals shortage will drive the demand for solutions embracing AI or machine learning
AI and machine learning are currently considered an interesting and additional feature that improves the accuracy&workflows, but not as core feature which determines choosing the solution. With the increase in the number of attacks, the number of users, payloads, the complexity of the IT infrastructure and the value of protected resources – mechanisms supporting human decisions will de facto decide about entire cybersecurity of the company’s data. It doesn’t matter if you have an analyst with 1 year or 10 years of experience, if he cannot take care of what he is best at. AI and ML will relieve your most valuable employees and allow them to deal with tasks where their expertise is invaluable.
IV. User’s identity to become the ultimate “authentication” line.
Multi-Factor authentication is already a standard and a recommendation not only for companies from the financial industry.
By default, it comes down to authentication using mechanisms from at least 2 groups:
- Something we have, eg a telephone (push-app).
- Something we are, such as a fingerprint.
- Something we know, such as a password.
In 2021, we will witness the development of technologies including functions that track the cursor movements and “learn” our way of moving it, the speed of pressing the keys on the keyboard, the way you press and slide your finger on the screen. Everything so that the service provider can determine if we really are who we say we are.
V. Further growth in cloud adoption will create major legal challenges
The general model of responsibility for resources stored in the cloud is:
However, in practice, when migrating huge data resources or using a cloud service, especially for filtering traffic containing sensitive data, such as Data Loss Prevention or Email Security Gateway cloud deployments, it may arouse the interest of lawyers.
Here are a few of the guidelines that a business considering using a cloud service must look into:
- Obtaining a formal confirmation of the Confidentiality, Integrity & Availability mechanisms used by the service provider.
- Determining how the provider will retain and provide information for e-Discovery court requests.
- Pay attention to the “inheritance” of compliance requirements – for example, providers serving healthcare organizations must follow the HIPAA security policy.
- Make sure that the provider uses at least the same level of encryption as your organization. “You don’t want a third party to be the weak link in the chain.”
- Protection against possible bankruptcy or takeover of the supplier.
- Checking the supplier’s SLA level with the requirements provided by IT.
All of the above, enriched with the specifics of local regulations to which end customers are subject, can effectively extend or even prevent the purchase of technology.
VI. Data inventory as the basis for its protection
The amount of data produced by enterprises is constantly growing and so is the trend for it. Due to the increasingly severe legal restrictions on the handling of sensitive data and their importance in maintaining the level of competitiveness – their protection becomes a priority. Since the entry into force of GDPR, companies have started to massively implement DLP class solutions, allowing IT departments to control the flow of information in the company. However, it should not be forgotten that proper categorization of data is crucial for its protection and it is most often the creator of the document that is the most competent qualifying factor. Data classification systems can also “trigger” other solutions, and involve users in direct work with data.
An example of Boldon James classifier & DLP from Forcepoint integration:
Read more about Boldon James: INFORMATION CLASSIFICATION VERSUS DATA CLASSIFICATION – WE WERE HERE BEFORE IT
VII. User cybersecurity awareness is more valuable than ever .
Personalized training based on the threats and attackers’ behavior analysis, the basics of psychology and IT elements, phishing assessments within the enterprise, useful tips displayed by cybersecurity software – all of it are just a few of the ways in which you can greatly enhance your cybersecurity posture. The main concern about employees switching to the remote working mode, is that they will “chill out” and with less control from IT departmenet become an easier target for attackers, . In the second half of 2020, we saw an increase in the portion of training budgets devoted to the development of user awareness in the field of cybersecurity. After all, you protect yourself against 100% of malicious links that you don’t click on.
Below is an example of the user training methodology used by Proofpoint:
In 2021, we will continue to see initiatives such as the transition to the cloud, further digital transformation despite the pandemic, and data security posture strenghtening.
This means that traditional local networks will continue to be abandoned.
According to Oliver Tavakoli, Chief Technology Officer at Vectra, “… the boundaries around corporate networks will continue to narrow and organizations will adopt a zero-trust approach to not only protecting data, but also securing identities and striving to improve overall cybersecurity.”
Read more about Vectra: VECTRA AI – TIME-SAVING DETECTION & REACTION
In 2020, we showed that we are able to reorganize. 2021 will be a test of how well we function in the new structure and what improvements will have to be made.