What does Mike Louis of NWN have to say about 2021 and cybersecurity?
We continue to catch up with all of the content shared with us as part of the first annual Cybersecurity insight Jam. As part of that, we’re pleased to share these predictions from Mike Louis, Security Practice National Lead at NWN.
Back to the Basics: Cybersecurity Predictions 2021
By Mike Louis, Security Practice National Lead at NWN
It goes without saying that 2020 ushered in a new reality for nearly every business. According to one economist, 42 percent of the U.S. labor force is now working from home full-time, while only 26 percent – mostly essential service workers – are working on their business’ premises. The coronavirus pandemic has shed light on the many consequences of working from home, including an unprecedented number of security attacks across industries.
Given this new operational state for most businesses, here are three security trends to watch for in 2021:
The Year of Returning to Basics
Over the past few years, CIOs and CISOs have adopted new, innovative security measures like artificial intelligence and machine learning-powered analytics, endpoint detection, and XDR/SOAR. But the pandemic was a stark reminder that the basics of security really matter. Bad actors around the world are capitalizing on the fact that working from home is new for many people and organizations. Hackers took advantage of the fact that employees are working from home with perhaps fewer security controls and oversight, an unfortunate trend that will continue in 2021. The knowledge that many businesses were not prepared for a mass shift to remote work allowed hackers to capitalize on simple vulnerabilities because businesses had not invested in security basics: things like employee training, strong identity access management stacks, and multi-factor authentication.
As 2021 approaches, employee training and device-level security are paramount: employees must be taught to be vigilant for cyber-attacks and to always verify the source before sharing any personal or company information. Laptops, cell phones, and apps need to be updated and required patches installed. Organizations should also consider multi-factor authentication for applications and devices.
These employee-related issues aren’t limited to typical “office” workers. Consider, for example, first responders and the call centers at which dispatchers usually work. Before the pandemic, many took these dispatch centers for granted, but now that dispatchers must work from home, basic security measures are imperative. Secure wireless networking, collaboration software, and mobile devices tailored to first responders are crucial to support local, state, and federal agencies during the pandemic and are necessary to keep communities safe.
For all businesses, security teams must configure software for mission-critical environments, ensuring that end-users have a consistent experience during this period. If end-users do not have devices to facilitate a secure remote experience, they should look for providers that offer mobile and office-based devices with remote support to ensure public-safety organizations have the necessary equipment to keep operations running smoothly.
The Year(s) of Working from Home
According to a recent Gartner survey, 317 CFOs and finance leaders do not believe working from home will end anytime soon. Seventy-four percent also expect remote working to outlive the pandemic and plan to move at least 5 percent of their previously on-site workforce to permanently remote positions. Because working from home will be a reality for the foreseeable future, it is likely that email will continue to be a primary delivery method for many attacks. In fact, the U.S. Chamber of Commerce and FICO released a special report on Cybersecure Remote Working During COVID-19 and noted that there was more than a 6,000 percent increase in COVID-19-themed spam from March 11 to May 8, 2020.
CIOs and CISOs will need to have a renewed focus on protecting against ransomware attacks. Training will also need to be a focus here: IT and security teams need to help employees identify and report email scams. Additionally, perimeter security will be vital in this new state of work-from-home permanency. Electronic Security Perimeter (ESP) refers to the boundary between secure and insecure zones. Having more secure zones and proper perimeter security has several benefits, including reduced costs associated with recovering cyber-attacks, reduced downtime caused by cyber-attacks, and minimized risk of information theft of the business.
The Year of Service Industry Growth
Historically, remote work was difficult for security teams to manage and businesses, on the whole, neglected to secure the systems they worked on. But the numbers were lower, as were the perceived risks. However, because remote work is the new normal, investments are being made – and will continue to be made into 2021 – to advance the support remote employees receive.
In 2021, there will be a major shift to managed security services. There are numerous benefits to this model; the most obvious is the access to experts who have experience across technologies and industries. A managed security team are experts in working with network issues on a range of businesses in different verticals and different sizes – a benefit for when a customer has an issue. There is also a major cost-benefit of managed services, as a small or medium-sized business may not be able to afford a network engineer salary and benefits, but they can afford a fixed cost of a managed security provider each month. A managed service provider can also scale up and down depending on an organizations’ changing needs, which was evidenced in the early days of the COVID-19 shutdown.
Managed security systems also can help large entities – like school districts – get the hardware and software they need quickly and efficiently, something that many IT teams don’t have the resources to accomplish. For example, school districts across the country relied on managed security and unified communications teams to deliver laptops to students at the start of the pandemic to help bridge the gap between those that could afford laptops on their own and those that could not.
As businesses look to 2021 with a renewed focus on cybersecurity to protect their employees and their assets, it will be critical that investments be made in the fundamentals like employee training, device-level, and email security; they should also consider how they might up-level their employee support with managed security services.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021