Sapsiwai - Fotolia
It might be hard to believe, but 2020 is finally in the rearview mirror and 2021 is here. The past year has been a whirlwind of events for everyone, even for the cybersecurity industry, which is typically used to such a rapid state of change. As we see what 2021 brings and reflect on the challenges last year posed, it's important to acknowledge the lessons learned and the road ahead.
Although the future can be difficult to predict, there have been telling signs when it comes to certain cyber trends. Most notably, critical sectors like healthcare and government remain prime targets for cyber attackers, and the emphasis on IoT and BYOD security has only heightened in this new societal lifestyle. Not to mention the hype around artificial intelligence (AI) and machine learning (ML) and election security concerns, there's quite a bit we can expect from the industry in the next year.
Ready or not, here they come: Prime targets for cyber attackers
Although nearly every industry, ranging from state and local governments and universities to hospitals and financial services, have all fallen victim to attacks, it's been surprising that we haven't seen a greater number of successful attacks, especially against state and local governments and hospitals. Cyber attackers often cast an extremely wide net to increase their odds of a successful breach, so we'll continue to see more governments and hospitals either learn that they've already been compromised, or admit they were previously compromised sooner rather than later. These types of organizations are often short-staffed and lack security budgets, even before considering the economic impacts of COVID-19, and they don't have the proper resources to analyze historical data when implementing new security measures. Also, since state and local governments are currently in the transition process following the recent 2020 elections, security issues could very easily be left on the backburner by outgoing staff or even fall between the cracks for incoming members.
Ghosts of legislations past
The results of the 2020 presidential election will bring about significant changes to cybersecurity policy in 2021. Due to COVID-19 precautions, there are currently differing opinions on whether or not employees are able to safely return to their offices, or if remote work is needed for a longer period of time. Additionally, with a new FCC commissioner, net neutrality is likely to make a comeback in the news, and backdoor encryption is another hot topic a new administration will have to deal with. Regardless of the final decisions, organizations and security leaders must be educated on the current policies and understand their far-reaching security ramifications.
No vaccine for IoT and BYOD devices
Many business leaders and decision-makers believe that the era of remote work will be forever, but that's unlikely to be the case, as many organizations are already starting to implement a tentative return-to-work plan. Not only should the physical health of employees be considered during these times, but the digital health of devices and networks must be given serious consideration. Employees' personal laptops and mobile devices have been connected to potentially compromised networks outside the typical layers of security provided by an employer. Frequent and in-depth scans and security due diligence will be a necessary requirement before these devices return to the network, as employees have never had to deal with these types of issues on such a large scale, or at all, before.
Jumping the gun: AI and ML
The hype around AI and ML is getting out of hand, especially as it relates to cybersecurity. Sure, they are potentially revolutionary technologies that could have either extremely beneficial or extremely disruptive implications, but the industry currently does not have a good enough understanding of AI and ML to be able to use them at the scale that's necessary to make them effective and useful (or harmful). More often than not, organizations use these terms for marketing purposes, especially considering the price associated with them is unrealistic for all but a very select few.
2021 and beyond
In short, there are no silver bullets for cybersecurity. Organizations need to carefully and continually evaluate everything in their security stack, ranging from the adoption of new and improved technology solutions to employee training services. Not only should business leaders focus on the right solutions for today and tomorrow, but they should always be looking ahead to the future, whether that means 2021 or even five or 10 years down the road. The constant state of change in our community has become customary, but by anticipating what the future has in store, we can be as prepared as possible to handle the threats and challenges that are bound to arise.
About the author
Jonathan Meyers is the head of IT and a principal infrastructure engineer at Cybrary. He is responsible for designing, maintaining and securing all corporate infrastructure, including the security enablement platform supporting over 200 companies and 2.5 million users worldwide. He previously worked as a senior DevOps and senior operations engineer at Forcepoint (formerly RedOwl Analytics) where he oversaw the operations and deployment of its hosted and on-premises UEBA e-surveillance product. Meyers holds an information technology degree from The U.S. Military Academy at West Point.