The past 12 months were a challenge for many. From a security perspective, the pandemic forced businesses to reevaluate their cybersecurity strategy. Remote working, VPNs, digital transformation, business continuity, and employee health and safety became security priorities. IT departments had to ramp up to keep critical systems running and available while combatting an increase in cybersecurity threats.
As 2020 comes to a close, it’s time to look ahead towards 2021 and the cybersecurity trends that will shape the next 12 to 24 months. Here are a few of the trends I am following and a few predictions for 2021.
Remote Is Here to Stay
According to a Gartner survey, 88% of the organizations, worldwide, made remote work mandatory or encouraged their employees to work from home after COVID-19 was declared a pandemic. While remote work was on the rise, 2020 made it the norm for many and that is not likely to change in 2021. Statistics show telecommuting can improve employee productivity. Many employees are happier and have more time when working from home. For businesses, there are cost savings as well – reduced office space and operational expenses. But beware, remote working comes with significant security risks. Traditional VPNs serve as a front and backdoor to your data and applications.
As companies embrace remote working, I expect many IT departments to will rethink their VPN strategy and move towards remote access gateways. Implementing remote access strategies force remote users to go through the gateway to access corporate systems. This eliminates the “all or nothing” access approach of VPNs and allows companies to control access at a very granular level using the principle of least privilege.
Cybercrime Targeted at Critical Infrastructure
There is no shortage of cybercrime. Phishing and malware attacks have been around for a while and target consumers and businesses alike. As governments and pharmaceutical companies focus on the distribution of vaccines, I anticipate we will see an increase in high-profile cyberattacks that move beyond stealing credentials and identity to interfering with critical infrastructure such as hospitals, energy facilities, transportation, and supply chain networks. Serious attacks could force hospitals or logistics companies to go back to pen and paper reporting, slowing down care or delaying medicine and PPE deliveries.
Companies that are part of critical infrastructure should examine their security strategies, update security patches, lockdown privileged credentials, and set up automated alerts that identify new privileged accounts and potentially suspicious activity as it happens. I’d also recommend that companies examine their off-boarding policies to ensure access permissions are quickly removed as employees leave an organization.
Combatting Misinformation with Natural Language Processing
The issue of fake news has become a serious problem in our society and threatens our security. One report found that false news stories spread 10 times faster than real news.
Over the last few years, AI and Natural Language Processing technology (NLP) have been used to detect misinformation. Advances in natural language message hashing technology will be used to add digital hashes or certificates to new content. This will be used to trace ultimate media origins across many sources and marginalize reposted, manufactured, misattributed, or anonymous (experts agree) news. Already Microsoft is working on this technology and I expect we will hear more on the topic in the year(s) to come. The idea is to use advancements in NLP to create authenticators as a way to address misinformation.
Growth of Online Privacy Laws and Fines
Consumer privacy continues to be a hot topic. The California Consumer Privacy Act (CCPA) went into effect at the beginning of 2020 and New York’s Shield went into effect in March 2020. Modeled after the EU GDPR, these laws are designed to enhance privacy rights, improve data security, and provide additional consumer protections. So far, a few big-name companies have been hit with CCPA lawsuits – Walmart and TikTok.
I expect we will see more states enact privacy laws like CCPA in the upcoming year and more fines/lawsuits. Privacy bills were considered in at least 30 states and Puerto Rico in 2020. While few passed, we are likely to see more bills introduced as new legislatures take office. With the growing number of consumers online and security breaches on the rise, I anticipate that legislatures will be more likely to pass comprehensive privacy legislation in the next few years.
Cybersecurity and the US Military
The recent news of the SolarWinds Orion software hack underscores the importance of cybersecurity at a national and federal level. SolarWinds technology is used by the Pentagon, all five branches of the U.S. military, the State Department, NASA, the NSA, the Postal Service, the National Oceanic Atmospheric Administration, the Department of Justice, and the Office of the President of the United States. As a result of the hack, the US government (through the Cybersecurity and Infrastructure Security Agency (CISA)) issued emergency calls for all federal civilian agencies to disconnect Orion IT management tools. While the scope of the attack is still being investigated, it brings cybersecurity to the forefront of national security discussions.
The new presidential administration has indicated it will place more emphasis on cybersecurity and already suggested it would like a Whitehouse cybersecurity director to help coordinate the government’s efforts. Over the next few years, it’s possible we could see cybersecurity operations become an independent branch of the US military along with the Army, Navy, Space, and Air force.
New Year, New Resolutions
With a new vaccine and more in the final stages, there is hope and optimism for 2021. Businesses will adjust, re-evaluate, and return to a new and hopefully better normal. Executives and IT leaders will make cybersecurity a New Year’s Resolution and begin with remote access gateways and privileged access management software. Here at Xton Technologies, our team of security experts will continue to help customers with their security needs and implement a modern approach to privilege access management. Contact us today to schedule a meeting and see a demo of Xton Access Manager.