Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
The Future of Passwords, Cloud Security and Ransomware Attacks
By Joseph Carson, Chief Security Scientist & Advisory CISO
at Thycotic
What started out as normal year became the year that no one had
imagined. A year where individuals, organizations and society would face so many
adversaries, challenges, and unexplainable loss because of a global pandemic.
The reality is no industry or business was left completely unscathed
by the COVID-19 pandemic as many organizations had to adapt their business
models and rethink strategies for the sake of business continuity. For many businesses,
it was the rapid shift to remote work, that put their technology infrastructure
and security measures to the test due to the huge increase in activity on
cloud, SaaS, and collaborative applications.
Organizations had to hastily adapt security measures to
protect company devices that had never previously left the organization's
managed network which has a strong protective fabric of firewalls, IDS, DMZ's,
and security solutions to keep cybercriminals out. Solutions that supported
remote access and security got increased priority. Laptops going into the security
unknowns of public internet relied on endpoint protection solutions to keep company
data secure as many employee's home networks still have default credentials and
security disabled leaving them exposed.
Remote work meant that in 2020, cybersecurity needed to
start at the endpoint and with the employee working on the frontline where strong
cybersecurity awareness training was essential for preparing an employee to be
a stronger defense mechanism.
As we look ahead of 2021 to what will hopefully be a more
prosperous year, what are some of things that businesses should prepare for? Well,
here are some trends organizations should expect to see emerge in the new year.
Passwords replaced with stronger alternatives
In recent years, there has been a lot of buzz about the
possibility of a "passwordless" world. The truth is passwords are not completely
disappearing anytime soon. However, they are continually moving out of the
limelight and into the background for users as alternative log-in and verification
methods such as biometrics, PIN's, behavior analytics and multifactor authentication
grow in prominence. In 2021, we will see user interaction with passwords
continue to decline. Passwords will still exist but predominantly be hidden
from view of the users as authentication and authorization will occur behind
the scenes. As we move away from relying
on employees to configure and change complex passwords and instead delegate
these tasks to experienced password manager or privileged access security
solutions, we will see a dramatic increase in the strength of organizations'
authentication security measures and reduce one of the biggest causes of cyber
fatigue.
The biggest financial cyber threat to organizations will
remain ransomware
In 2020, we witnessed thousands of ransomware attacks across
the world, including hundreds of attacks directed towards the healthcare and transportation
industry at a time when they were already under extreme pressure. As we start
the new year, ransomware attacks will without a doubt continue to be the
biggest cyber security challenge and threat organizations will face. In 2021,
ransomware will continue to evolve, and organizations will need to remain prepared
and vigilant. Organizations should ensure enough budget and resources are
allocated towards security solution investments to not only reduce the risk,
but also allow for a proper incident response plan and resiliency should these
attacks occur.
Data privacy concerns will continue to force compliance
initiatives
As seen in 2020, ordinary users of the internet and indeed
the media became more concerned about the level of personal information and
data which popular social platforms and sites collect from users and visitors. Many
citizens still do not know how much of their data is collected or how it is
stored and retained on certain platforms. Next year, as the focus on citizens'
privacy and regulatory compliance adherence grows, the pressure for companies
to provide adequate security measures and implement least privilege policies
that protect the data they have been entitled to collect or process, will
continue to mount. Ultimately, the issue of data privacy will start to evolve
into a "Data Rights Management" movement meaning that it will become more about
how the personal data is used and what monetarization results from the data. Imagine a browser plugin that calculated the
value of the data you share with internet platforms and the cost of each click
or time staring at an ad, that would make the real impact transparent.
Every user is now a "Privileged User"
In 2021, we will also continue to see that almost every
employee at an enterprise is now classified as a ‘privileged user' with access
to confidential and highly sensitive data within an organization. It used to be
considered that privileged access was only reserved for the domain
administrator or the root account who held the "Keys to the Kingdom". However,
many of today's data breaches have not been because of a compromised domain
account but instead emerged from the privileged accounts held by employees who
have access to important data. There is no doubt that every user is now
becoming a privileged user as most users have access to some type of sensitive
data within an organization. As not all users will have the same level of
privileged access, organizations must take a risk-based approach and apply the
appropriate security controls to each user based on the level of access they
have to privileged data.
Cloud Security to become the First Choice Security
Strategy
As we move into 2021, organizations
around the world will not only continue to have a cloud first strategy in place
but this will also expand to include a cloud first choice security
strategy. In 2020, as remote work was widely adopted, organizations became
more experienced in utilizing and quickly accelerating to cloud solutions. In
2021, as many enterprises will look into the possibility of implementing a more
permanent hybrid or completely remote work structure, cloud security will
enable those employees to access business applications using privileged cloud
access security.
##
About the Author
Joseph Carson is a cybersecurity professional with more
than 25 years' experience in enterprise security and infrastructure.
Currently, Carson is the Chief Security Scientist & Advisory CISO
at Thycotic. He is an active member
of the cybersecurity community and a Certified Information Systems Security
Professional (CISSP). Carson is a cybersecurity adviser to several governments,
critical infrastructure organizations, and financial and transportation industries,
and speaks at conferences globally.