5 Security Trends to Keep on Your Radar Right Now
Share with Your Network
As we approach the second half of 2021, more and more companies are finding their footing and settling into a new normal in a post-pandemic world. The operational upsets last year’s global pandemic introduced, including and especially remote work, have settled into a somewhat steady state. This has many business and security leaders looking ahead and asking, “What’s next?”
To that end, we’ve compiled a list of cybersecurity trends you should have on your radar for the remainder of the year.
5 Security trends to watch for 2021
- Cybersecurity mesh. As the boundaries of today’s work environment continue to expand, cybersecurity mesh offers teams a modern, distributed approach to account for the increasing number of external assets and endpoints. Last year’s pandemic accelerated the need for security architecture options that help manage environments by person or identity, rather than perimeter. And as the new norm includes a more hybrid and mobile workforce, security teams should focus less on creating workarounds for current challenges and instead on laying the groundwork for a “flexible, agile, scalable, and composable” future.
- Expanded expectations for board members and C-level execs. A recent Gartner survey revealed that corporate directors rated cybersecurity the second-highest source of risk, following compliance. As breaches and security concerns intensify, board members are increasingly expected to be knowledgeable and decisive when it comes to security-based decisions. And as boards become more invested and supportive of cybersecurity initiatives, CISOs will come under increased scrutiny. Today’s CISO must be able to effectively communicate risk with their board, bringing them up to speed on overarching strategy, KPIs, and project status updates, along with more detailed, tactical, boots-on-the-ground matters.
- Ransomware and malware…but meaner. It seems as though no list is complete without a mention of increasingly sophisticated ransomware and malware attempts. So here we are. 2020 saw a surge in ransomware attacks as hackers took advantage of the vulnerable state businesses found themselves in. They’ve also upped the ante by improving encryption, incorporating threats to expose sensitive data, and executing ransom-based DDoS attacks. Fileless malware is another problematic form of attack where threats can infiltrate an environment, bypass the usual detection methods, and utilize the existing infrastructure. Heightening attack efforts is the rise of cloud-based infrastructure which helps threat actors orchestrate more aggressive attacks and execute larger degrees of data theft. It’s worth investigating how some vendors are bolstering cloud security.
- Phishing…still? It’s 2021 and yet phishing is still going strong. This fact was underlined in a recent TalentLMS survey conducted earlier this year, testing 1,200 employees on basic workplace security knowledge and awareness. Of workers who said they received workplace cybersecurity training, 61% failed a seven-question test. As phishing scams continue to evolve, putting a heavy reliance on employee training is incomplete. Companies need a sound and robust vulnerability management security framework for those times when an exploit inevitably makes it past an employee and targets what attackers are really after. Additional detect and respond capabilities also play a role here.
- Security simplification. The events of the past year coupled with the ever present lack of resources has proved to be a painful yet eye-opening stress test for companies. As part of increased business agility efforts, many organizations are examining their security operations to determine what can be automated or streamlined. Many are turning to solutions with machine learning, automation and predictive analytics baked in to remove more of the manual backend work that requires specific skill sets. Pivot tables, data entry, data auditing, correlation analysis, and vulnerability investigation and prioritization are areas where automation excels. Security automation creates an opportunity for companies to optimize their existing investments, and allow Security and IT teams to partner more effectively and efficiently, freeing up time and opportunity for everyone to focus on more strategic initiatives.
How to get ready: Align your culture around risk
2020 proved that the future is unpredictable in ways not yet previously imagined. Traditional, even manual security measures have been abandoned in the wake of the disruption and opportunistic attacks brought on by the COVID-19 pandemic.
If cybersecurity is the second most critical risk to businesses, doesn’t it make sense to take a risk-based approach to securing networks, assets, applications and infrastructure? A growing number of enterprises appear to think so.
Many of these organizations are creating a culture aligned around reducing risk, a culture that extends from that employee perimeter all the way to the Security staff and remediation teams responsible for identifying and patching the weaknesses within the infrastructure. They’re building a risk-based vulnerability management program designed to keep them ahead of the next attack. And they’re ensuring that their C-Suite and board of directors are active advocates for reducing cyber risk.
To learn more about a risk-based approach to cybersecurity and vulnerability management, check out Kenna Katalyst, our on-demand educational series offering actionable tips, industry best practices, and useful hands-on knowledge about going risk-based.