How Digital Resilience Will Lead the Charge into the New Year

By Jennifer LuPiba, Senior Product Marketing Manager and Evangelist, Quest Software

Organizations were challenged with keeping teams secure from cybersecurity threats and vulnerabilities when they were forced to turn to a remote work environment earlier this year. A lot has happened since then - we've seen organizations thrive in this environment and others struggle to stay afloat. Nonetheless, this year has taught us many valuable lessons to help us persevere in the new year.

The Microsoft Platform Management business team at Quest Software comprised of security, migration, and Microsoft 365 experts got together to debrief on this past year and offer insight into what we can expect for digital resiliency in 2021.

Here are the top five predictions Quest's MPM business predicts for 2021:  

Ransomware victims will face government lawsuits.

For as long as there has been cybercrime, federal authorities have been eager to identify, investigate and sanction the perpetrators. Recently, they even investigated pressing homicide charges when a ransomware attack against a healthcare organization led to a death.

Now, however, authorities are threatening to impose fines on any victim organization that pays the ransom to unlock their data. Why? Authorities are frustrated at the number of unreported ransomware attacks and concerned that paying ransom leads to more attacks. In particular, the U.S. Department of the Treasury announced it will file civil suits against not only the victims who pay ransom, but also the cybersecurity consultants assisting in the recovery efforts, the intermediaries brokering the deal with the ransomware perpetrator and even any insurance providers who encourage a payout.

This is just the nudge that organizations need to invest in immutable or air-gapped backups and fully tested recovery processes.

Forget headline-making data breaches and DoS attacks; the battle for your org's reputation is going to be waged in a whisper campaign.

In 2021, we'll see a new type of attack that targets an organization's ability to conduct business and gain market share: dynamic denial of reputation attacks. Just like a consumer's credit score, an organization's digital reputation is made up of lots of calculations. Factors like sender reputation, URL reputation and domain reputation determine whether you're put on a threat protection service's untrusted list. Once you're on that list, your emails and website are blocked, which prevents you from doing business with your customers.

Dynamic denial of reputation turns the very tools used to defend organizations against them. In 2021, we'll see hacktivists, nation-state actors and even bitter competitors get in the game of smearing an organization's digital reputation - and companies looking for technologies and products to help them fight back.

With mergers and acquisitions on the rise, more people will realize just how hard a tenant-to tenant migration really is.

The large spending activity associated with acquisitions came to a halt during the early part of the pandemic, but 2021 will see M&A activity accelerate, and it will include newer entrants who were previously priced out of the M&A game.

Tenant-to-tenant migrations are hard, and growing datasets and more complexity are only making them harder. Although Microsoft is working to fix that, organizations will be looking for ways to ensure accurate, timely tenant-to-tenant migrations.

Transitional and project-based employees will increase the risk to intellectual property (IP).

Avoiding an IP leak can mean the difference between survival and collapse in these difficult times. Unfortunately, new business realities will put IP at increased risk. As organizations seek to stay lean and adaptive, they will hire people only when needed, and rely more on short-term employees, contractors and vendors. That means more users in your IT environment who have reduced corporate loyalty and less concern about an individual's role in corporate security. It also means a lot more users coming in and out of your network, and more chances for over-provisioning users and failing to promptly de-provision them when they leave.

In short, the coming year will bring more opportunities for intellectual property to leave the organization. To reduce that risk, IT teams will need to up their game when it comes to rigorously enforcing least privilege, auditing changes and other activity, enabling easy attestation of group membership, and more.

Increased cloud service and telco outages will drive renewed interest in bare-minimum hybrid business continuity plans.

Availability issues related to human errors or misconfigurations - like the Azure AD and Microsoft 365 outage that plagued us in September and October - and the continued remote workforce will push organizations to build out hybrid capabilities for mission-critical content in an effort to maintain business continuity.

But building digital resilience doesn't mean simply moving everything to the cloud. Rather, it requires determining the bare minimum data required to operate without cloud access, and building an appropriate hybrid model into your digitization plans and disaster recovery plans. Most organizations in critical industries have thought this through, but other companies are behind in this area because they never had so many users working from home.

This effort will involve educating users about how to make wise (and yet legally responsible) choices about what data to sync locally so they can keep working during outages, as well as developing a corporate strategy for maintaining an on-prem Active Directory and local data stores.

With organizations facing business disruptions coupled with an uncertain economy, one thing is for certain, digital resilience has the ability to turn any crisis into an opportunity. We'll keep an eye on how companies who were hesitant to digitize in 2020 fare in 2021 compared to those who were quick to adopt new digital technologies from the jump.

##

About the Author

Jennifer LuPiba, Sr. Product Marketing Manager and Evangelist at Quest Software

Jennifer LuPiba is an Evangelist at Quest Software, as well as the Chair of the Quest Software Customer Advisory Board, engaging with and capturing the voice of the customer in such areas as cybersecurity, disaster recovery, management and the impact of mergers and acquisitions on Microsoft 365, Azure Active Directory and on-prem Active Directory. She also writes thought leadership articles and blogs aimed at the c-suite to evangelize the importance of these areas to their overall business.