Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
The Events of 2020 Had a Big Impact on Cybersecurity - What to Do Now to Prepare for 2021
By Jeff
Brown, CEO of Open Systems
2020 was a
year unlike any other. And it had important implications for cybersecurity.
The pandemic
greatly expanded the work-from-home (WFH) population. This enabled social
distancing to address public health concerns. But it also greatly expanded the
enterprise threat surface.
As the world
grappled with the coronavirus and the resulting strain on hospital capacity, good
people were contending with bad actors attacking healthcare organizations on
a regular basis.
But with new
challenges come new learning opportunities.
Here's a
brief review of what happened on the business front in 2020, what organizations
learned in the process, and what business and cybersecurity leaders can do to
prepare for 2021.
Understand
That the Network Edge Continues to Expand
Traditionally,
businesses have secured their organizations much like royalty once protected
castles. They fortified the perimeter. In the case of businesses, this involved
- and still includes to a large extent - point solutions such as firewalls to
keep bad actors outside the walls.
But this
approach alone to cybersecurity doesn't work in today's increasingly
distributed and dynamic world. The problem is that much of the data and many of
the devices that enterprises and other organizations want to protect are no
longer within the walls of the enterprise.
In recent
years, mobility, telecommuting and travel took workers - and enterprise data
and devices - beyond the physical enterprise. This year, as risks from
on-the-go connections decreased, risks related to working from home increased.
Forty-two percent of the U.S. labor
force is now working from home full time. Leading companies such as Facebook, Google, Square, and Twitter have announced that their employees may
work from home forever. And there is a broader expectation that some knowledge
workers will work from home routinely following
the pandemic.
Bad actors
continue to find new ways to exploit the work-from-home workforce. Just
consider the Zoom-based phishing attacks that surfaced this spring and
summer. The holiday shopping season presents yet another opportunity for bad
actors to infiltrate your enterprise. Research suggests that 35% of employees use the same devices
for business and personal use - such as online shopping, putting these devices and
everything on and connected to them at risk.
All of the
above highlight the need for enterprises like yours to find integrated,
flexible and scalable solutions that address the new normal. The good news is
that the secure access service
edge (SASE) architecture was created to meet many of these needs. By
integrating security with connectivity, SASE enables you to provide WFH workers
with access to the applications, clouds and data they need to do their jobs
remotely and securely.
Realize
That Breaches Are Inevitable, and Fast Action Is Key
The past
year has provided further evidence that breaches are inevitable. You may have heard
this before, but it bears repeating: the question is not if but rather when you
will be breached.
Ransomware, for which ransom payments are
increasing, has been
particularly problematic lately. It used to be limited to large enterprise
targets, but now ransomware is cheap and easy to execute, so there's a much
larger number of enterprises that can be targeted - and no one is immune. Bad
actors can now easily execute these attacks using ransomware as a service - for which developers sell or lease
ransomware to others to use.
The U.S.
Cybersecurity & Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and the Federal Bureau of
Investigation (FBI)
recently issued alerts about ransomware activity targeting the healthcare and
public health sector. Recent research indicates that the frequency of daily
ransomware attacks impacting healthcare increased 50% in the third quarter of
2020 as compared to
the first half of 2020.
And
ransomware and other attacks can spread like wildfire. One estimate suggests
that the global cost of cybercrime is poised to exceed $11 million per minute by
2021. That said,
you'll want to make plans now so that you can identify and contain cyberattacks
as soon as possible.
To do that,
you will want to leverage a broad set of data - including flow-related
metadata, authentication logs and security information - so you respond to only
the alerts that matter. Also, create a playbook that details how you want to
respond to various attack scenarios. That way, you'll have a plan in place when
attacks occur - because you can plan on that, too.
Be Aware
That Cybersecurity Is a Massive Job That You Don't Need to Do Alone
Working to
secure your digital enterprise is no easy task. As a security expert, if you
don't do it well, you could lose your job. As a business leader, you may even
be personally liable for a cybersecurity incident that hurts people, property
or the environment, according to Gartner.
Cybersecurity
involves monitoring your increasingly distributed and diverse IT landscape for
threats. You need to make sense of alerts to understand when your enterprise
has been breached. And if you are under attack, you need to act fast -
preferably even before enterprise employees and your customers are aware
there's a problem - to contain the threat.
That's a
tall order considering that most enterprise cybersecurity efforts rely on
poorly integrated point solutions for protection and limited datasets and
manual processes for threat identification. Affording, finding and retaining
top cybersecurity talent only makes establishing and running an in-house
security operation center (SOC) a harder mountain to climb.
To secure
the growing threat surface - and prepare for the year ahead - we see a trend of
chief information security officers (CISO) implementing managed detection and
response (MDR) services. We see savvy CISOs leveraging MDR to enable their
organizations to meet current requirements and scale their cybersecurity
operations over time as needed.
Choose
the Right MDR Provider for You
Not all MDR
providers offer these capabilities, however.
To select
the right MDR partner in the year ahead, ensure that provider has the ability
to contain threats and not just send alerts. You don't need one more email in
your inbox. You need solutions - from setting up compliant response playbooks
to integrating your MDR with network security to immediately contain threats
before they spread.
As you shop
for an MDR provider to meet your needs in 2021 and beyond, also be sure to pick
a service provider that delivers high-fidelity threat detection. An MDR
provider that uses a broad dataset can see that a login attempt that appears to
be from an employee is actually coming from an IP address on the other side of
the world and it can block that user, for example.
Working with
an MDR provider also means that you won't have to struggle with persistent
shortages in cybersecurity talent in the years ahead. An MDR provider will
enable you to work with renowned experts with stringent training programs that
can attract and retain top talent.
##
About
the Author
Jeff
Brown is CEO of Open Systems, the preeminent
networking and cybersecurity provider for the enterprise cloud. Open Systems
services combine 24×7 expertise with an intelligent platform to predict,
prevent, detect, and contain cyberthreats, so enterprises can securely scale in
the cloud. Brown
joined Open Systems to accelerate the company's growth trajectory and lead it
through a global expansion. With an established record of successfully
scaling companies across multiple industries and leading through acquisition
and IPO, Brown previously served as CEO of Sierra Monitor Corp., Accuris
Networks, Kineto Wireless, RadioFrame Networks, and Data Critical/GE Medical
Systems.