2021 Cyber Security Trends & What We Can Take Away From Them
As cybersecurity and regulatory compliance became two of the biggest concerns in 2021, organisations of all types and sizes have realised the need for a defensive posture, and clarity on what it takes to remain secure.
2021’s cyber security trends highlight shifts in the ecosystem that may not yet be widely recognised but are expected to have broad industry impact and significant potential for disruption.
So, let’s look at some of the key cyber security trends of 2021 so far, and see what we might be able to take away from them.
Cyber-attacks as a service
2021 has seen cyber-criminals move from writing code to execute attacks themselves, towards selling so-called “ransomware kits” to the underworld at large — greatly increasing the rate of attacks overall.
Often purchased on “Dark Web” marketplaces, criminals can “invest” in these kits and use them to leverage the expertise of more skilled ransomware developers. Some vendors even offer “profit-sharing” schemes, lowering the cost of entry, and offer the sort of support and maintenance services we’d usually associate with legitimate software vendors.
It’s a worrying development, and all but guarantees that attacks of this type are not going to subside any time soon.
“Remote working” is now just “working”
According to a recent Gartner survey, 64% of employees are now able to work from home, and two-fifths are working from home.
As a result of COVID-19, what was once only available to the few is now widely available, with plans to shift some employees to remote working permanently post pandemic.
From a security perspective, this requires a re-examination of policies and tools, and has led to…
When COVID-19 accelerated digital business, it also accelerated the trend wherein many digital assets and individuals are increasingly located outside of the traditional enterprise infrastructure.
Cybersecurity teams are being asked to secure remote users and new technologies on a larger scale than ever before.
This requires security options that are flexible, agile, scalable and composable, that will enable the organisation to move into the future, but in a secure manner.
This has led to the adoption of a holistic approach to cyber security, known as “the cybersecurity mesh”, that enables the distributed enterprise to deploy and extend security wherever it’s most needed.
Cybersecurity mesh is a cyber defence strategy that independently secures each device with its own perimeter, rather than “traditional” security approach that focussed on a single perimeter to secure an entire IT environment.
The latest Gartner industry survey found that 78% of IT Administrators have 16+ tools in their cybersecurity portfolio, while 12% have 46 or more.
This is a lot to manage and results in complex security operations and an increased headcount.
Most organizations recognize vendor consolidation as an avenue for reduced costs and better security and are seeking cyber security providers that can bring together a range of services and provide a holistic approach to cyber security.
Identity security refers to user authentication — typically a username/password combination, but also biometrics (fingerprint, facial recognition, etc.) and 2-Factor Authentication (2FA).
Identity has always been a critical part of securing networks and systems but is even more vital now that users are expected to have the ability to work securely beyond the traditional “perimeter” of their organisations network.
The perfect storm of several events made identity the primary means of securing access to systems, encouraging organisations now towards increasing their identity security (adding 2FA for example).
Machine identities govern the confidentiality and integrity of information between machines. To assure their unique identities, machines use keys and certificates, much like people employ usernames and passwords.
As digital transformation progresses, managing machine identities has become a vital part of the security strategy.
Attack simulation & compliance monitoring
A new market is emerging to help organizations validate their security posture as IT Administrators are required to provide evidence to their Boards that their environments meet compliance and other standards.
Attack simulation services offer the means for organisations to test their security and raise/maintain the awareness of their staff to the ever-evolving threat landscape. These tools help to identify issues when it comes to the efficacy of security controls, configuration issues and detection capability.
Meanwhile, compliance monitoring tools are increasing in popularity, not only to help maintain security but to provide further evidence that the organisation was doing everything it should to protect itself and the data of its stakeholders, should they ever be the subject of a CIO investigation.
Are you looking at cybersecurity for your organisation?
If you would like to know more about IT managed services that can drastically reduce your cybersecurity risk, get in touch with us.