Posted on Nov 4, 2020
During 2020, organizations faced wide-ranging challenges including COVID-19 and fires that increased their reliance on distributed workforces. Accelerated digital transformation strategies meant that many organizations found themselves onboarding new technologies to maintain business continuity. Simultaneously, the rapid acquisition and deployment of these technologies meant that many organizations lacked the time needed to engage in deep due diligence.
Looking toward next year, CISOs and IT decision-makers should consider the following cybersecurity trends and predictions.
With the shift away from on-premises operations and toward cloud-based services, security leaders should be unsurprised at this first prediction. However, the statistics underlying it are more alarming than the prediction itself. According to a June 16, 2020, Microsoft report, cybercriminals aligned their phishing attacks to local interest and news.
Globally, phishing attack numbers mirrored COVID-19 events. The data looked at a series of different countries across a variety of geographic regions, showing that phishing attacks focused on local issues. For example, COVID-19 themed attacks in the United Kingdom tracked to new about the Prime Minister’s hospitalization and slowed after his discharge.
Although a subset of malware attacks, ransomware attacks often block user access rather than silently stealing data in the background. With ransomware attacks, cybercriminals take control over databases, blocking user access. Then the criminals request money, or a ransom, before providing access back to the organization.
Since workforce member productivity relies on the ability to access cloud-based resources, cybercriminals will likely continue to advance these threats and increase their usage, assuming that the desperation to maintain business continuity will lead more companies to pay the ransom. Research supports this belief with 46% of surveyed consumers wanting businesses to pay a ransom if their financial data is involved.
As organizations continue to proactively prevent employee physical health problems, they will also need to proactively mitigate cybersecurity risks associated with these changes. AI/ML solutions with rich data sets ensure that organizations are appropriately analyzing threat patterns, ultimately keeping pace with new methodologies.
The use of AI/ML is not simply a “purchase technology for technology’s sake,” either. The 2020 IBM Cost of a Data Breach report supports the positive impact that these solutions have on cybersecurity posture, noting that AI/ML reduced the average cost of a data breach by $259,354.
Cloud services adoption, particularly in response to stay-at-home orders, continues to increase and will continue to increase for the long term. Securing these assets, however, means that organizations will need to focus on enhancing their cloud security programs.
Research published in August 2020 found that misconfigured storage services in 93% of cloud deployments contributed to more than 2,000 breaches encompassing more than 30 billion records since 2018. Organizations that plan to further expand their digital footprint will be focusing on cloud-native solutions that help them more rapidly detect and remediate misconfigurations.
Bring Your Own Device (BYOD) policies and employee-owned device security have been more important in recent years. However, 2020 proves that organizations with robust security controls for applications, networks, and devices were more prepared to secure the remote workforce. Looking towards 2021, analysts believe that the security testing market is set to grow by 22.3% between 2020 and 2025, up to an expected $16.9 billion.
As part of organizations’ need to mature their cybersecurity programs, many will likely look to supplement their third-party penetration testing programs with automated solutions for real-time insights that support a continuous monitoring approach.
Many IT security professionals worry that remote employees will accidentally or purposefully break policy. According to the BlackHat USA attendee survey, 72% of respondents worried that many remote workers are unfamiliar with best security practices which could lead them to accidentally expose enterprise systems and data to new risks.
More robust end-user training offers a way to start protecting data better. Just as continuous monitoring for potential technical control weaknesses ensures a more robust approach to securing data, continuous education offers a better way to close security gaps arising from the “human element.” Hands-on experiences and educational tools that meet users where they are in their security education journey enable organizations to better secure this attack vector.
The future is in the cloud from both revenue and security perspectives. As organizations build out their 2021 budgets, they need to find solutions that help mitigate the most pressing risks. In a constantly evolving digital and physical threat landscape, securing data becomes more important than ever before. Organizations need to find agile solutions that give them to continuously monitor for, detect, and mitigate new risks in real-time. However, they also need to bridge the communication gap that can exist between CISOs, CIOs, and the rest of the senior leadership team.
Organizational leaders can focus on protecting their IT stack by looking back at 2020 to fill gaps created by accelerated cloud-first or cloud-only strategies. Although we may not know what tomorrow will bring, we do know what happened yesterday. To appropriately mitigate future risks, organizations should look to solutions that mitigate current risks while enabling scale as the digital footprint grows.
Seeking to mitigate these risks requires cloud-native solutions that meet users and cybercriminals where they work - in the cloud.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.