Here’s one prediction that you can bet on: Forecasting enterprise security trends will never go out of style. That’s not a bold call but it’s a bankable one. Technology trends come and go; security is an everlasting issue. There’s no finish line where everyone gets to clink glasses and declare: “All secure!”
In the same vein, security trends tend to be a consistent mix of “old” – think phishing scams and malware – and “new,” such as the COVID-19 pandemic and its widespread impacts on organizations and individuals. That was true in 2020 and it will remain so in 2021.
[ How can automation free up more staff time for innovation? Get the free eBook: Managing IT with Automation. ]
We asked a wide range of IT and security leaders to share with us their insights and expectations for the year ahead. Here’s what they are keeping tabs on as we open a new calendar – and what IT leaders should be paying attention to as well.
1. The new normal for the security architect(ure)
We’ll likely see organizations re-clarify their security focus – though potentially with new constraints – because security didn’t necessarily top priority lists in 2020. In particular, organizations will more intentionally begin adapting their security playbooks to reflect the lasting changes to how they operate, including remote workforces.
“The focus on the need for stability and operational efficiency in 2020 because of the pandemic has deflected the attention and focus on security,” says E.G. Nadhan, chief architect and strategist, North America, Red Hat. “With the gradual transition to the new normal, security will get renewed focus, reviving the proactive execution of security strategies.”
Those strategies will need to become more intentional about the realities of remote work and other lasting changes to how many businesses will operate, even if effective vaccines become widely available in 2021. “Normal” has been permanently redefined; security programs will need to adapt accordingly.
“Securing the next normal will be a top priority for 2021,” says Shawn Burke, chief security officer at Sungard AS. “Following the seismic shift to remote working, we will continue to see an increased focus on securing beyond the perimeter and cloud deployments.”
Nadhan expects the role of security architect to become more visible and in-demand, as hybrid cloud and multi-cloud strategies proliferate and both the workforce and IT portfolio become increasingly distributed.
“The role of the security architect will become more critical across the various platforms and cloud providers, driving a ‘security first’ approach to architecture,” Nadhan says.
This isn’t solely a matter of remote workers. It’s fundamentally an architecture issue, especially as cloud-native applications and infrastructure become more common.
2. Automation will help support a security-first approach to architecture
“A key area I see for cybersecurity in the years to come is related to businesses seeking methods to innovate and build software at quicker speeds,” says Chris Wyspoal, founder and CTO, at Veracode. “This need for speed is resulting in development teams breaking down comprehensive applications into the smallest reusable blocks – microservices – so they can be put together in multiple areas of the business. While it helps drive increased speed, it will be a challenge for development and security teams to assure the security of these microservices[-based] technologies.”
[ Read also: 5 approaches to security automation and How to automate compliance and security with Kubernetes: 3 ways. ]
That’s where automation becomes not just nice-to-have but necessary, fueling the rise of Kubernetes and enterprise Kubernetes platforms in organizations working with microservices and containers at scale. That’s often happening in tandem with the DevOps or agile ways of working, both of which emphasize speed.
To secure all that work happening at speed, enterprise IT organizations will pursue integration, automation, and orchestration of cybersecurity systems’ workflows. “Various functional cybersecurity securities will be tied together to form an orchestrated system to handle identification of vulnerabilities, attack vectors, and automated remediation workflows,” says Michael Cardy, Red Hat’s chief technology strategist and director, solution architecture, Canada.
[ Read also: OpenShift and Kubernetes: What’s the difference? ]
3. Phishing and ransomware remain ubiquitous – and the home office will be under siege
You’ll be hard-pressed to find many security pros predicting a sharp decline in phishing scams, ransomware, and other common attack methods in 2021. These threats exist because they work – and that’s not going to change in 2021.
“Phishing and ransomware will continue to be a primary means for malicious activity,” says Mitchell Kavalsky, director of security governance, risk and compliance at Sungard AS.
In 2021, these already widespread threats will increasingly target the many thousands of people who will continue to work from home indefinitely.
“There will be an increase in attacks on personal emails and systems in the coming year,” Kavalsky says. “More people are working from home than ever before, and with that trend not changing any time soon, attackers will go after people’s personal systems. Since they are typically running on the same home network as their work laptop, hackers will use that as a conduit to gain access to the work laptop. Diligence in preserving and protecting not only work but home systems will be of the utmost importance.”
The shift to working from home (in businesses where that was possible) was a 2020 story, and Sixgill CEO Sharon Wagner says that both companies and individuals alike handled the rapid transition quite well. But the security impacts of widespread remote work – and employee homes becoming significant entry points into corporate systems – haven’t really landed yet. That’s the 2021 story.
“While the cybersecurity fallout of this global shift has yet to be felt, it’s likely we will see a spike in data leaks and breaches on endpoints in the next year,” Wagner says. “The shift to remote work brought with it increased risks of attacks on home networks, personal devices, and other endpoints that are now more exposed than ever.”
[ Get the primer: What is SOAR (Security Orchestration, Automation, and Response)? ]
Subpar or unpatched VPNs will probably be a renewed focus as a potential weak link. SAS chief information security officer Brian Wilson thinks more organizations will move toward edge-based authorization tools, diminishing the role of VPN as a primary guardian of network security. He also expects Zero Trust security models to regain some of their earlier buzz since user access and privileges are as big of a threat vector as ever. Count Wilson among those IT and security leaders who expect remote work setups to last indefinitely, even as some people begin to return to traditional offices when it is deemed safe to do so.
“Educating employees about how to keep their home environments secure is more critical than ever,” Wilson says.
4. COVID-related threats will continue even when the pandemic is subdued
Even if the active phase of the COVID-19 pandemic is brought under control in 2021, COVID-related security threats are likely to continue for a long time after that milestone. Bad actors will attempt to capitalize on a flood of information related to vaccines, government and private sector responses, and other long-term impacts of the pandemic. Jerry Gamblin, manager of security and compliance at Kenna Security, thinks many of these bad actors will have government ties.
“We will likely see an increase in cyberattacks from state-sponsored groups and an aggressive move by state-linked ransomware groups to cash in on uncertainty around the translation back to ‘normal life’ after a widely distributed COVID-19 vaccine,” Gamblin says.
That eventual return to “normal life” – a relative term, to be sure – itself will create new risks. If in-person conferences return at some point in 2021, for example, the planning required to hold them safely might become an attractive target.
“Next year, businesses may look to require proof of a COVID vaccination to travel or attend in-person events,” Gamblin says. “Companies that collect this sensitive data will be an attractive target for malicious actors given the dubious track records of organizations tasked with protecting normal customer data.”
It’s virtually certain that cybercriminals will continue to use the pandemic as a mask for phishing, ransomware, and other campaigns. It’s also clear that attackers will go after the global effort to mitigate COVID-19 itself.
That’s already underway in advance of the new year: On December 3, the IBM Security X-Force team announced it had uncovered a worldwide phishing campaign targeting organizations associated with a COVID-19 vaccination cold chain. (In short, a “cold chain” is a critical part of the global supply chain for distributing an approved vaccine.)
Let’s delve into three more key security trends to watch: