Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Cybersecurity in 2021: What Should Enterprises Expect?
By Jim
Zuffoletti, CEO and founder of SafeGuard Cyber
In
2020, global losses from cybercrime reached nearly $1 trillion USD.
That's roughly equal to the GDP of Indonesia.
2020
was a boom year for cybercriminals for a range of reasons. The pandemic
accelerated digital transformation initiatives, most obviously the shift to
remote work. In many cases, operational changes preceded the creation of
corresponding security guardrails. There were other causes, too. For example,
ransomware became more sophisticated, and took special aim at financial services and government units and agencies.
How
will these and other trends play out into 2021? What should enterprises expect
next year? At my company, SafeGuard Cyber, Javvad Malik sits on our Board of
Advisors. Javvad is a Security Awareness Advocate at KnowBe4,
and is a real thought leader when it comes to predicting the cybersecurity
threats on the horizon. Javvad and I have been discussing what we're expecting
from next year. We landed on three key forces:
- Companies will need to quickly secure the
remote office to repel threats to collaboration channels and other tools
- Social engineering will become more
sophisticated and threatening
- Employee stress and burnout will be prevalent,
threatening security outcomes
The Rush to Secure the Remote Office
At
SafeGuard Cyber, we surveyed
600 senior enterprise IT and security professionals. We discovered that they
rate collaboration tools such as Slack and Microsoft Teams as the technology
stack representing the most risk.
This
concern is warranted. This year, for obvious reasons, collaboration tools
recorded record amounts of new users. They were essential to keeping
intra-office operations up and running. However, the volume and velocity of
communications on these channels defies manual monitoring, and security teams
lack visibility. Next year, we expect to see a much larger investment in the
security of remote workers, with collaboration tools being key to this effort.
Why?
Because for one, many workers will stay remote. Globally, the percentage of
workers permanently working from home is expected to double in 2021. This
includes executives; according to a Gartner survey, 74%
of CFOs will be shifting employees to remote work permanently.
The
danger here is that home offices are by their nature less secure than
traditional offices. (This is why Q1 of 2020 alone saw spear phishers launch
over 100,000 attacks against remote workers.)
Home offices are blighted by VPN issues and legacy routers, and suffer from all
the issues that attend IOT devices. Bad actors know this, and they are
targeting the remote office. Collaboration tools are in the centre of their
crosshairs.
Securing
the collaboration tools that are key to the remote office will likely be a
bigger job than most enterprises anticipate. It will require a bottom-up review
of which security controls are working, and which are not. Another prediction:
The enterprises that secure the remote office effectively will be those that
implement better training, and rapidly onboard tools that offer end-to-end
digital risk protection.
The Sophistication of Social Engineering
The 2020 Trustwave Global Security Report went through a
trillion security and compromise events, and concluded that "social engineering
reigns supreme in method of compromise."
Expect
this trend to gather apace in 2021. Bad actors know that targeted, tailored
attacks work better than the mass phishing blast of the past. In 2021, cyber
criminals will double down on social engineering as an effective way to
exfiltrate data, extort money, and so on.
The
increasing sophistication of social engineering will see attackers layer their
attacks. An attack won't simply be a DM containing a toxic attachment. It won't
simply be an email with a spoofed login. It will be a coordinated attack that
starts light on LinkedIn, eventually moves to email, links to a fake domain,
and ends with the infiltration of the company's Teams instance. Attacks will be
multifaceted, and spread across multiple channels.
To
combat this layering, enterprises will need to train their employees properly. More
than this, companies will need security tools that are built to detect
malicious activity across the entire tech stack and entire network of possible
threat vectors.
Increasing Burnout and Stress
Turning
our attention to a more human-centred phenomenon we expect to see in 2021:
raised levels of burnout and stress look more likely.
Enterprises
are composed of human beings with complex emotional needs. And 2020 has been a
tough, tough year. According to the American Psychological Association's (APA)
Harris poll, the average level of stress of US adults for 2020 is 5.4,
which marks the first significant increase in reported stress levels since this
poll began in 2007. The Global Organization for Stress reports 6 out of 10 workers
experience increased stress in the workplace globally.
All
good leaders have empathy. This year has been marked by economic struggle, a
lack of job security, extended periods of lockdown, health threats, Zoom
fatigue, and more. While not a direct security issue in the traditional sense,
these issues affect your people.
Improving
your staff's emotional wellbeing is the right thing to do. It also makes you
more secure. If your staff are stressed and exhausted, they become a bigger
security risk. They are more likely to make an error leading to data leakage.
They are more likely to fall victim to a clever phishing scam. Criminals know
that stressed, harried staff are easy marks; they will target them mercilessly.
In 2021, savvy
organizations will get ahead of this building tsunami of employee stress. Their
managers will focus on supporting and helping remote workers. The quicker they
can support employees by improving work-life balance, listening to their needs,
and more, the quicker they will secure their organization to the max.
Preparing for 2021
Heading
into 2021, anything could happen. We learnt that this year. But Javvad and I
believe these three trends are almost guaranteed to play out. In response,
companies should:
- Invest in tools that are custom-built to secure the remote office
and protect collaboration tools from cyberattack
- Educate employees on social engineering, and onboard tools
equipped with natural language processing to detect the subtle signs of
malicious contact
- Focus on ways and means to reduce stress
levels in the workplace and improve the overall mental health of employees
Get these three things
right, and organizations will position themselves well to thrive in 2021. Good
luck!
##
About the Author
Jim Zuffoletti has been a
founder of start-up organizations as both an entrepreneur and an intrapreneur
for the past twenty-five years. Jim is CEO and founder of SafeGuard Cyber, a
digital risk protection company securing brands, VIPs, and team members in the
new world of social media and digital communications. Jim was previously CEO and
President of OpenQ which enabled pharmaceutical, biotech, and medical device
companies to discover, regulate, and leverage the social networks forged with
outside influencers and researchers.