Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Cybersecurity 2021: The New Year will Bring New Challenges
And with attacks on the rise and a
larger-than-life surface to defend, security teams will need a new mindset in
order to keep their systems, data and people safe
By Fermin Serna, Chief Information Security Officer at Citrix
Defending corporate systems and
information has never been easy. But the
global pandemic has complicated things in ways no one could have predicted and
is accelerating trends that promise to upend the way organizations think about
and approach security in the year ahead. What will things look like in 2021? In
a world where figuring out what will happen today is all but impossible, it's
hard to say what the future holds. But a few things are clear:
Remote work is here to stay
At the outset of 2020, remote work was
something most companies were experimenting with. But mid-way through the year,
things got serious as COVID-19 began to spread and mandates forced the masses
to work from home. While many companies viewed remote work as a short-term
solution to the pandemic problem, they are now realizing that it is here to
stay. Research shows that over three-quarters of
more than 3,700 IT leaders in seven countries believe most workers will be
reluctant to return to the office post pandemic. And they will need to revamp their security policies to support them
as they work from anywhere.
There will be no perimeter
Three years ago, everything was on
prem and the security perimeter was defined by firewalls. Today, applications
and services are rapidly moving to the cloud, people are working from anywhere
and the perimeter has all but disappeared. Corporate information security teams
will no longer rely on traditional, VPN-based strategies to provide access. Instead,
they will shift to a Zero Trust model that uses contextual awareness to
adaptively grant access based on user behaviors and access patterns.
Experience will influence strategy
In a recent survey conducted by
Citrix and Pulse, 97 percent of 100 IT decision makers in North America,
Europe, the Middle East, Africa and the Asia Pacific region said employee
experience is a key influence on their security strategy. And 75 percent said
they are looking to improve the user experience through their design and
execution. Security teams will take an intelligent , people-focused approach to
security that protects employees without getting in the way of their experience
by securing all tools, apps, content, and devices they need and prefer to use
in a simple experience that can be customized to fit personal preferences and
evolving work styles.
Cyber actors will become more sophisticated
and scale
New ways of working mean new
ways of attacking corporate networks. Ransomware
and other malicious attacks are on the rise, with cybersecurity researchers reporting a seven-fold increase in malware campaigns at
the mid-point of this year. Flush with cash from their demands, bad actors, have
been empowered to scale their operations. And they will. Attacks will continue
and become more sophisticated and dangerous.
Security will get smarter
As attackers get smarter and scale,
security will get
smarter and more creative as well. Machine learning and artificial
intelligence will deliver real-time insights into user behavior and access
patterns, and security teams will use them to automate the process of identifying security incidents, atypical activity and policy violations and
defend across gaps.
Vendors will get a closer look
The data chain is longer and more complex than
ever And with the perimeter gone, companies need to think beyond protecting
their own systems and data and closely monitor all third-parties with whom they
interact, as all it takes is one weak link to create a breach. With corporate
brands, customer trust and business continuity at stake, security teams will
place more scrutiny on their vendors and select only those who meet the highest
standards for data privacy and protection.
CISOs will become more agile
Companies are rapidly moving to simplify and
shift things to the cloud. And CISOs are adapting to secure the new environment.
But ten years ago, there was no cloud. And five years from now, there will be
something else. CISOs will become more agile in adapting to changes as
technology evolves in 2021 and align closely with business leaders to provide a
secure environment that fuels innovation and growth.
Looking ahead at a time when things have never
been more uncertain may seem like a futile exercise. But there are lessons to be learned today that
can help shape a better tomorrow. Just like work, cyberattacks can happen
anywhere, anytime. And in order to successfully protect the systems and
information people need to get things done, wherever they happen to be,
security organizations need to become more intelligent and flexible. In doing
so, they can create the secure environments needed to keep employees engaged
and productive and fuel innovation and business growth.
##
About the Author
Fermin J. Serna, Chief Information Security Officer, Citrix
Fermin J. Serna is Chief Information Security
Officer at Citrix. Before Citrix he served as CSO for Semmle (acquired by
GitHub) and as Head of Product Security at Google for almost eight years where
he built, ran and oversaw the application security program for Google products.
Prior to that, Fermin worked at Microsoft with the MSRC Engineering team where
he envisioned and built the industry recognized EMET tool. Fermin also served
as CTO and co-founder of NGSEC and S21SEC in Spain.