2020 was a tough year for cybersecurity. Security teams had to secure remote work environments in a matter of days as the COVID-19 pandemic triggered widespread, extended lockdowns. Then, they had to maintain secure operations throughout the year without physical access to the resources they typically use. Meanwhile, ransomware attacks expanded in scale and intensity, sometimes making the majority of an organization's computers unusable all at once, while also stealing sensitive data.
To end the year, the SolarWinds incident, where nation-state attackers infiltrated tens of thousands of organizations across all sectors and went undetected for several months, underscored that we all need to do things differently in cybersecurity in the future. Here are five of the cybersecurity trends that will help shape our work in the years to come.
Trend 1: Work from anywhere becomes permanent
The COVID-19 pandemic has drastically changed the accepted culture at many organizations. The original expectation of people working from home for a matter of weeks has turned into month after month for many. Some organizations have given up office leases and opted for permanent work from anywhere for employees to save money. In other organizations, the workforce has demanded to continue working from anywhere part time or full time.
When COVID-19 hit, most organizations had to quickly shift their services and apps from on premises to the cloud, and this new architecture -- with cloud-based resources and work-from-anywhere workforces -- was meant to be temporary. Functionality was naturally prized instead of security because the main objective was to keep organizations running.
This article is part of
But, with organizations making long-term or permanent shifts to work from anywhere, security teams need to rethink the "temporary" arrangements and do what's needed to update security policies, processes and technologies. There will almost certainly be challenges in implementing security controls, maintaining visibility into security events and demonstrating compliance with security requirements.
One last element of recalibrating your cybersecurity strategies for remote work: Don't forget to spend some time ensuring that the members of your security team are able to work together well in this new environment, as well as interact and communicate with other technology and business teams.
Trend 2: Automate, automate, automate
Security teams have been in a no-win situation for years. They can't possibly keep up with all the threats that their increasingly large and complex web of computing resources faces. The demand for cybersecurity experts keeps growing, and it's about time that organizations accept that it won't be remedied any time soon.
Instead of trying to increase their human resources to accommodate for shortcomings in tools and technologies, organizations must increase their reliance on automation. Security technologies that use artificial intelligence and machine learning and that perform constant data analytics on monitored security event data can detect new threats much faster than people can. They can find subtle patterns of malicious activity that a human wouldn't see. Similarly, security automation can continuously identify the presence of new software vulnerabilities, configuration errors and other problems and ensure that each problem is quickly mitigated.
Increasing the amount of automation and improving the quality of automation technologies reduce the day-to-day burden on the scarce cybersecurity experts. These experts can then spend their time focusing on more strategic matters that could greatly benefit the organization in the long run.
Trend 3: Adopt zero-trust principles
Zero trust is a new name for an old concept: Don't assume that anything or anyone should be trusted. Verify the trustworthiness of each device, user, service or other entity before granting it access and frequently reverify trustworthiness during access to ensure the entity hasn't been compromised. Give each entity access to only the resources it needs in order to minimize the impact of any violation of trust. Zero-trust principles can reduce the frequency of incidents and the severity of incidents that do occur.
Zero trust is a principle, not a security control or technology. It relies on the entire technology infrastructure being designed to check and recheck the identity and security posture of each entity and to continuously monitor the activities involving each entity. Achieving this requires widespread cooperation among security architects and engineers, system and network administrators, software developers and other technology professionals. Implementation is almost always a phased, multiyear effort, and that's why there's increasing pressure to start adopting zero-trust principles as soon as possible. This is one time when you should bow to pressure.
Trend 4: Improve response capabilities
It's become painfully obvious that most organizations need to improve their response capabilities. Attacking organizations through ransomware has become an actual business, with attackers effectively locking users out of their systems and data and then demanding -- and receiving -- large ransoms to restore access. At the same time, these attackers are conducting large data breaches, collecting enormous amounts of sensitive data and demanding ransoms to prevent its release or sale.
Organizations need to be prepared to respond to large-scale ransomware incidents, and that means incident responders working closely with not just security experts, but also system administrators, legal counsel, public affairs and others to ensure the response goes smoothly and services are restored quickly. Prepare to handle ransom demands before they're made.
Trend 5: Recognize the risks from supply chains
We typically trust what our vendors and service providers give us. The SolarWinds incident illustrated just how risky that trust in our supply chains is. A single company can be successfully infiltrated by a nation-state, and that company may provide compromised technology products or services to thousands of other companies. Those companies, in turn, will not only be compromised themselves, but they may expose their own customers' data to the original attackers or provide compromised services to their customers. What started with a single infiltrated company can lead to millions of organizations and individuals being compromised.
There's no easy answer to addressing this. Many aspects of our security strategy and technology need to be improved. What's most important at this time is for organizations to recognize and acknowledge the risks from our supply chains and to demand that we all do better. Whether that means holding vendors accountable for poor security practices that lead to compromises, requiring more transparency into vendors' security practices before renewing contracts or adding requirements to new procurements, individual organizations can raise awareness of these issues and put pressure on vendors and service providers to do better.