March 23, 2021
2021 Cyber Security Trends in a Post Pandemic World
What Changed in 2020 that is Requiring Companies to Relook at their Security?
2020 forced all companies to focus on survival. The first task was to support remote workers and make sure that all servers, applications and data were accessible. Many companies never got beyond that. 2021 is the year to refocus on growth and securing and preserving your data and ensuring system availability. Here we look at 2021 cyber security trends and the top 4 priorities for your security.
So what happened in 2020 that is impacting 2021’s need for cyber security?
- Nearly all your employees are working from home (WFH) and many will continue to do so
- More and more of your IT infrastructure has moved to the cloud
- More applications are in the cloud
- More servers moved to public and private clouds like Amazon AWS and Microsoft Azure
- IT organizations have prioritized effective WFH over security, creating new security holes
- Some companies have cut back on security to save money, but now need to catch up
Cyber Criminals have Ramped up their Attacks against Recently Created Security Gaps
Here are some key examples:
- Targeted phishing and CEO fraud attacks
- Exposing the lack of internal communication and processes caused by remote everything
- Attacks against weakest links, unsecured servers, home data storage, and cloud applications
- Increased use of, and new types of, ransomware
- Adding new types of ransomware methods such as:
- Stealing your data and holding it ransom. Threats to not return, publicly disclose, or use of Denial of Service attacks
- Use of stronger harder to break encryption
- Attacks against 3rd party data you have and those customers, vendors, partners
- New ransomware attack kit business models allow for revenue sharing by attacker and tool maker
- Adding new types of ransomware methods such as:
- Ramped up efforts to steal login credentials for easy access to company servers, apps and data
- Supply chain attacks exposed by everything in the cloud and the need to trust vendors
Four 2021 Security Initiatives that Companies Need to Combat New Threats
Coping with 2021 Cyber Security Trends
Here are four areas that companies should look at to cope with these 2021 cyber security trends.
- Secure your “entire infrastructure” as it has moved to the cloud
- With everything remote and in the cloud, focusing on securing your corporate network alone will not suffice
- Solutions like the following need to be considered:
- Software Defined Perimeters (SDP) to secure your key assets regardless of where they are. Putting a dynamic user identity-based perimeter around key assets helps solve the problem of servers, users, and applications in the cloud accessible from anywhere.
- Zero Trust – Applying this principle to security policies and products restricts access to approved users, systems, networks etc. Zero trust products and features of products are being designed to focus on zero trust.
- Identity management and access controls is another zero trust concept and includes multi-factor auth (MFA), access roles, access rights, approval processes etc.
- “Detect and Respond” solutions to achieve compliance level security
- The only way to build a balanced security system is to assign high value to detect and respond solutions to catch and respond to threats that get past traditional prevention type security.
- Partnering with 3rd party security expert organizations enables companies without the expertise or resources to monitor and respond to threats and attacks effectively. Normally expensive solutions like SIEMs, user and event behavior analytics (UEBA), network monitoring and 24×7 security operation centers (SoCs) can now be utilized by companies of all sizes. These solutions overlay your inhouse solutions and provide more complete regulation compliant security.
- Advanced Endpoint Security to protect against ransomware and multi-stage attacks
- With the endpoint (PCs, laptops, mobile devices, servers) as the last defense position for mobile and remote devices/users, we need to build in the best security we can at the endpoint. There may be no firewall or corporate security in-between endpoints and internet based attackers. Layered security utilizing advanced endpoint security is best approach giving us multiple chances to catch attackers.
- Modern advanced endpoint security goes well beyond old antivirus solutions. These solutions provide protect, detect and respond capabilities for threats such as ransomware and other malware attacks.
- Current generation endpoint security products have ten (10) or more overlapping methods for detecting threats and attacks. They also have the ability to block and potentially role back attacks like ransomware, and provide strong monitoring and forensic capabilities.
- Future solutions will connect endpoint security to other company security product providing an integrated security solution where threat information and actions are shared between security solutions.
- Overkill your Email Security
- It seems like email security ought to be assumed and handled by your email provider, right?
- If 94% of all malware is delivered with email and if Microsoft and Google host 65% of all email, then their security is obviously not enough. 56% of 1,300 surveyed IT security experts (by CSO) agree that phishing prevention is their top priority.
- The Simple answer? Add another email security solution to your mix and yes you can use two and never notice it. But use an industry leader with features such as CEO fraud detection, phishing link checks, attachment scanning, and even email content evaluation to detect deceptive propositions.
We Can Help
Contact us to discuss we can help with your security strategy, risk assessments, managed security or security product solutions.