Cybersecurity in 2021: What Should Enterprises Expect?

By Jim Zuffoletti, CEO and founder of SafeGuard Cyber

In 2020, global losses from cybercrime reached nearly $1 trillion USD. That's roughly equal to the GDP of Indonesia.

2020 was a boom year for cybercriminals for a range of reasons. The pandemic accelerated digital transformation initiatives, most obviously the shift to remote work. In many cases, operational changes preceded the creation of corresponding security guardrails. There were other causes, too. For example, ransomware became more sophisticated, and took special aim at financial services and government units and agencies.

How will these and other trends play out into 2021? What should enterprises expect next year? At my company, SafeGuard Cyber, Javvad Malik sits on our Board of Advisors. Javvad is a Security Awareness Advocate at KnowBe4, and is a real thought leader when it comes to predicting the cybersecurity threats on the horizon. Javvad and I have been discussing what we're expecting from next year. We landed on three key forces:

• Companies will need to quickly secure the remote office to repel threats to collaboration channels and other tools
• Social engineering will become more sophisticated and threatening
• Employee stress and burnout will be prevalent, threatening security outcomes

The Rush to Secure the Remote Office

At SafeGuard Cyber, we surveyed 600 senior enterprise IT and security professionals. We discovered that they rate collaboration tools such as Slack and Microsoft Teams as the technology stack representing the most risk.

This concern is warranted. This year, for obvious reasons, collaboration tools recorded record amounts of new users. They were essential to keeping intra-office operations up and running. However, the volume and velocity of communications on these channels defies manual monitoring, and security teams lack visibility. Next year, we expect to see a much larger investment in the security of remote workers, with collaboration tools being key to this effort.

Why? Because for one, many workers will stay remote. Globally, the percentage of workers permanently working from home is expected to double in 2021. This includes executives; according to a Gartner survey, 74% of CFOs will be shifting employees to remote work permanently.

The danger here is that home offices are by their nature less secure than traditional offices. (This is why Q1 of 2020 alone saw spear phishers launch over 100,000 attacks against remote workers.) Home offices are blighted by VPN issues and legacy routers, and suffer from all the issues that attend IOT devices. Bad actors know this, and they are targeting the remote office. Collaboration tools are in the centre of their crosshairs.

Securing the collaboration tools that are key to the remote office will likely be a bigger job than most enterprises anticipate. It will require a bottom-up review of which security controls are working, and which are not. Another prediction: The enterprises that secure the remote office effectively will be those that implement better training, and rapidly onboard tools that offer end-to-end digital risk protection.

The Sophistication of Social Engineering

The 2020 Trustwave Global Security Report went through a trillion security and compromise events, and concluded that "social engineering reigns supreme in method of compromise."

Expect this trend to gather apace in 2021. Bad actors know that targeted, tailored attacks work better than the mass phishing blast of the past. In 2021, cyber criminals will double down on social engineering as an effective way to exfiltrate data, extort money, and so on.

The increasing sophistication of social engineering will see attackers layer their attacks. An attack won't simply be a DM containing a toxic attachment. It won't simply be an email with a spoofed login. It will be a coordinated attack that starts light on LinkedIn, eventually moves to email, links to a fake domain, and ends with the infiltration of the company's Teams instance. Attacks will be multifaceted, and spread across multiple channels.

To combat this layering, enterprises will need to train their employees properly. More than this, companies will need security tools that are built to detect malicious activity across the entire tech stack and entire network of possible threat vectors.

Increasing Burnout and Stress

Turning our attention to a more human-centred phenomenon we expect to see in 2021: raised levels of burnout and stress look more likely.

Enterprises are composed of human beings with complex emotional needs. And 2020 has been a tough, tough year. According to the American Psychological Association's (APA) Harris poll, the average level of stress of US adults for 2020 is 5.4, which marks the first significant increase in reported stress levels since this poll began in 2007. The Global Organization for Stress reports 6 out of 10 workers experience increased stress in the workplace globally.

All good leaders have empathy. This year has been marked by economic struggle, a lack of job security, extended periods of lockdown, health threats, Zoom fatigue, and more. While not a direct security issue in the traditional sense, these issues affect your people.

Improving your staff's emotional wellbeing is the right thing to do. It also makes you more secure. If your staff are stressed and exhausted, they become a bigger security risk. They are more likely to make an error leading to data leakage. They are more likely to fall victim to a clever phishing scam. Criminals know that stressed, harried staff are easy marks; they will target them mercilessly.

In 2021, savvy organizations will get ahead of this building tsunami of employee stress. Their managers will focus on supporting and helping remote workers. The quicker they can support employees by improving work-life balance, listening to their needs, and more, the quicker they will secure their organization to the max.

Preparing for 2021

Heading into 2021, anything could happen. We learnt that this year. But Javvad and I believe these three trends are almost guaranteed to play out. In response, companies should:

1. Invest in tools that are custom-built to secure the remote office and protect collaboration tools from cyberattack
2. Educate employees on social engineering, and onboard tools equipped with natural language processing to detect the subtle signs of malicious contact
3. Focus on ways and means to reduce stress levels in the workplace and improve the overall mental health of employees

Get these three things right, and organizations will position themselves well to thrive in 2021. Good luck!

##

About the Author

Jim Zuffoletti has been a founder of start-up organizations as both an entrepreneur and an intrapreneur for the past twenty-five years. Jim is CEO and founder of SafeGuard Cyber, a digital risk protection company securing brands, VIPs, and team members in the new world of social media and digital communications. Jim was previously CEO and President of OpenQ which enabled pharmaceutical, biotech, and medical device companies to discover, regulate, and leverage the social networks forged with outside influencers and researchers.