Virtualization Technology News and Information
Alert Logic 2021 Predictions: WFH Will Drive Urgency for New Cybersecurity Strategies

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

WFH Will Drive Urgency for New Cybersecurity Strategies

By Onkar Birk, Chief Product Officer, Alert Logic

It's safe to say 2020 arrived with a bingo card that no one would want to play: COVID-19, of course, led the way, and hackers and cyber scammers were eager to exploit it, targeting the World Health Organization, hospitals and citizens seeking government-funded economic relief.

For certain, our new environment has led to a volatile and precarious state of protection. However, there were several "lessons learned" about cybersecurity in 2020 that we can apply to the year ahead. With this in mind, here are our some of our predictions for 2021:

Working from home will redefine defense strategies. At most organizations, three-quarters of employees now work from home (WFH), compared to one-quarter at the end of 2019, and 84 percent of U.S. companies are likely to broaden WFH adoption after the pandemic. In addition, more than one-half of professionals use their personal laptops and computers for business, but three-of-five say their employer hasn't provided tools to properly protect these devices. Such patterns are increasing the risk equation, with 63 percent of security pros seeing a rise in cyber attacks since the pandemic. Ransomware incidents have grown 72 percent during this period.

With an abundance of corporate data on home networks, we should only expect these trends to continue in 2021. Small and medium-sized businesses (SMBs) are particularly vulnerable because they can't afford the staffing required to protect their data and systems. What's more, the Internet of Things (IoT)/connected devices will emerge as sources of greater risk in the next year, as employees work on home devices which are also connected to their refrigerators, air conditioning/heating systems, security cameras, etc.

To address this, enterprise-level chief information security officers (CISOs) and vendors supporting smaller businesses will need to reexamine strategies to invest more on consolidated, integrated services and tools, instead of acquiring hundreds of stovepiped solutions. The legacy mindset of "best of breed" products is now passé. With a digital transformation agenda leading the way, IT and industry leaders must focus on interoperability - with solutions that pave a clear path toward tangible ROI-boosting outcomes.

Breaches happening now will result in attacks in mid-2021. Bad actors have been taking advantage of new remote workforce and the coronavirus since at least early spring. At the same time, nearly two-thirds of security professionals indicate that they're seeing no less than 100 days of dwell time - the time it takes to detect attackers once they infect a network. And dwell time is only likely to increase. Because of this, the breaches happening now as a result of this "new normal" of the pandemic are likely to result in a spade of attacks in the middle of next year. This reinforces why constant vigilance proves critical in the post-pandemic age. By implementing effective monitoring, detection and response capabilities 24/7/365, CISOs establish total visibility of their entire digital landscape, so cyber criminals literally have nowhere to hide.

Will Coronavirus give rise to "People as a Service"? Despite the spike in threats, financially struggling organizations have been forced to make tough decisions with furloughs and staff reductions. Unfortunately, security teams aren't immune to this, and the resulting knowledge and resource gap will expose these businesses to more risks next year.

To maximize their shrinking budget spend, IT decision-makers have and will even more aggressively turn to "security as a service" offerings such as managed detection and response (MDR) to ensure their companies remain protected and competitive. Now, we may see "People as a Service" models where furloughed security experts and analysts may be contracted to fill the gap, providing 24/7 security monitoring to businesses. As we've seen the gig economy disrupt the transportation industry and others, we may see a similar phenomenon in security, at least on a short-term basis until the economy recovers fully.

Vulnerabilities will increase with the increase in software Installs. The pandemic has caused people to delay many important activities including dental visits and other health screenings, and installing new software in organizations is no exception. There are a number of reasons for this but one obvious one is that it's harder to update software remotely. In the short term, that leads to fewer vulnerabilities introduced by new software. This, however, is really a false sense of security as security teams catch up on patching their existing vulnerabilities. As we return to normal, so will the increase in software installs and with it will be a rapid increase in vulnerabilities. Security teams must be prepared. 

Perimeter? What perimeter? The traditional enterprise perimeter was on life support before the pandemic. Now, it's practically in the grave, with employees on home devices scattered about everywhere, the rising presence of IoT devices, and cameras going up all over cities, all taking advantage of greater Internet coverage brought to us from satellite-based broadband systems and the speeds brought on from 5G networks. This expands the cyber-attack surface exponentially, introducing more risk than organizations are accustomed to managing. Risk management will be even more critical in 2021 and beyond.

We never could have anticipated everything that 2020 threw at us. But we can look back upon these experiences to better prepare for what's ahead. By committing to holistic cybersecurity consolidation/integration and "as a service" acquisition/implementation approaches to achieve total incident visibility and effective response, we can dramatically reduce dwell time and threats overall. And, hopefully, this will lead to a much less stressful 2021 bingo card.


About the Author

Onkar Birk 

As Chief Product Officer, Onkar Birk oversees Product, Release and Threat Management as well as R&D for Alert Logic.

Birk has built his reputation as a leader focused on delivering products to market with customer success, swift execution, and the development of talent on his teams. Previously, he led technology transformation for global clients, driving revenue generation through customer success. Prior to his seven years in consulting, Birk was General Manager and CTO for the Avaya Services & Contact Center Solutions Division, where he helped achieve the leader position from Gartner.

Published Friday, November 20, 2020 7:24 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2020>