The Events of 2020 Had a Big Impact on Cybersecurity - What to Do Now to Prepare for 2021

By Jeff Brown, CEO of Open Systems

2020 was a year unlike any other. And it had important implications for cybersecurity.

The pandemic greatly expanded the work-from-home (WFH) population. This enabled social distancing to address public health concerns. But it also greatly expanded the enterprise threat surface.

As the world grappled with the coronavirus and the resulting strain on hospital capacity, good people were contending with bad actors attacking healthcare organizations on a regular basis.

But with new challenges come new learning opportunities.

Here's a brief review of what happened on the business front in 2020, what organizations learned in the process, and what business and cybersecurity leaders can do to prepare for 2021.

Understand That the Network Edge Continues to Expand

Traditionally, businesses have secured their organizations much like royalty once protected castles. They fortified the perimeter. In the case of businesses, this involved - and still includes to a large extent - point solutions such as firewalls to keep bad actors outside the walls.

But this approach alone to cybersecurity doesn't work in today's increasingly distributed and dynamic world. The problem is that much of the data and many of the devices that enterprises and other organizations want to protect are no longer within the walls of the enterprise.

In recent years, mobility, telecommuting and travel took workers - and enterprise data and devices - beyond the physical enterprise. This year, as risks from on-the-go connections decreased, risks related to working from home increased.

Forty-two percent of the U.S. labor force is now working from home full time. Leading companies such as Facebook, Google, Square, and Twitter have announced that their employees may work from home forever. And there is a broader expectation that some knowledge workers will work from home routinely following the pandemic.

Bad actors continue to find new ways to exploit the work-from-home workforce. Just consider the Zoom-based phishing attacks that surfaced this spring and summer. The holiday shopping season presents yet another opportunity for bad actors to infiltrate your enterprise. Research suggests that 35% of employees use the same devices for business and personal use - such as online shopping, putting these devices and everything on and connected to them at risk.

All of the above highlight the need for enterprises like yours to find integrated, flexible and scalable solutions that address the new normal. The good news is that the secure access service edge (SASE) architecture was created to meet many of these needs. By integrating security with connectivity, SASE enables you to provide WFH workers with access to the applications, clouds and data they need to do their jobs remotely and securely.

Realize That Breaches Are Inevitable, and Fast Action Is Key

The past year has provided further evidence that breaches are inevitable. You may have heard this before, but it bears repeating: the question is not if but rather when you will be breached.

Ransomware, for which ransom payments are increasing, has been particularly problematic lately. It used to be limited to large enterprise targets, but now ransomware is cheap and easy to execute, so there's a much larger number of enterprises that can be targeted - and no one is immune. Bad actors can now easily execute these attacks using  ransomware as a service - for which developers sell or lease ransomware to others to use.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) recently issued alerts about ransomware activity targeting the healthcare and public health sector. Recent research indicates that the frequency of daily ransomware attacks impacting healthcare increased 50% in the third quarter of 2020 as compared to the first half of 2020.

And ransomware and other attacks can spread like wildfire. One estimate suggests that the global cost of cybercrime is poised to exceed $11 million per minute by 2021. That said, you'll want to make plans now so that you can identify and contain cyberattacks as soon as possible.

To do that, you will want to leverage a broad set of data - including flow-related metadata, authentication logs and security information - so you respond to only the alerts that matter. Also, create a playbook that details how you want to respond to various attack scenarios. That way, you'll have a plan in place when attacks occur - because you can plan on that, too.

Be Aware That Cybersecurity Is a Massive Job That You Don't Need to Do Alone

Working to secure your digital enterprise is no easy task. As a security expert, if you don't do it well, you could lose your job. As a business leader, you may even be personally liable for a cybersecurity incident that hurts people, property or the environment, according to Gartner.

Cybersecurity involves monitoring your increasingly distributed and diverse IT landscape for threats. You need to make sense of alerts to understand when your enterprise has been breached. And if you are under attack, you need to act fast - preferably even before enterprise employees and your customers are aware there's a problem - to contain the threat.

That's a tall order considering that most enterprise cybersecurity efforts rely on poorly integrated point solutions for protection and limited datasets and manual processes for threat identification. Affording, finding and retaining top cybersecurity talent only makes establishing and running an in-house security operation center (SOC) a harder mountain to climb.

To secure the growing threat surface - and prepare for the year ahead - we see a trend of chief information security officers (CISO) implementing managed detection and response (MDR) services. We see savvy CISOs leveraging MDR to enable their organizations to meet current requirements and scale their cybersecurity operations over time as needed.

Choose the Right MDR Provider for You

Not all MDR providers offer these capabilities, however.

To select the right MDR partner in the year ahead, ensure that provider has the ability to contain threats and not just send alerts. You don't need one more email in your inbox. You need solutions - from setting up compliant response playbooks to integrating your MDR with network security to immediately contain threats before they spread.

As you shop for an MDR provider to meet your needs in 2021 and beyond, also be sure to pick a service provider that delivers high-fidelity threat detection. An MDR provider that uses a broad dataset can see that a login attempt that appears to be from an employee is actually coming from an IP address on the other side of the world and it can block that user, for example.

Working with an MDR provider also means that you won't have to struggle with persistent shortages in cybersecurity talent in the years ahead. An MDR provider will enable you to work with renowned experts with stringent training programs that can attract and retain top talent.

##

About the Author

Jeff Brown is CEO of Open Systems, the preeminent networking and cybersecurity provider for the enterprise cloud. Open Systems services combine 24×7 expertise with an intelligent platform to predict, prevent, detect, and contain cyberthreats, so enterprises can securely scale in the cloud. Brown joined Open Systems to accelerate the company's growth trajectory and lead it through a global expansion. With an established record of successfully scaling companies across multiple industries and leading through acquisition and IPO, Brown previously served as CEO of Sierra Monitor Corp., Accuris Networks, Kineto Wireless, RadioFrame Networks, and Data Critical/GE Medical Systems.