For any organization that felt prepared, with their operations well-planned as they headed into 2020, that feeling disappeared quickly.
2020 became the year of the unexpected, forcing organizations to adapt, repeatedly. Looking ahead to 2021, companies of all types and sizes are working to be as prepared, agile, and adaptable as possible. This is certainly true when it comes to building or restructuring an organization’s cybersecurity posture. With that in mind, here are my top three predictions for what’s ahead for cybersecurity in 2021.
#1: IoT will continue to expand the threat landscape in a post-pandemic world, but at an accelerated pace due to COVID-19.
Before COVID-19 devastated the globe, if you had asked me what would happen in cloud migration during the next 5 years, I would have told you the same thing I would say now—IoT devices are proliferating and impacting security. But now with COVID-19, that growth is exponential. With more remote workers than ever before, the dark web is shifting to the perimeter of large organizations. The combination of IoT and the boom in remote workers has significantly increased the points of entry for bad actors.
The 2020 Devo SOC Performance Report found that 70% of IT and security professionals find lack of visibility into their IT security infrastructure as one of their biggest barriers—and that’s before most of the workforce and operations moved remote due to the pandemic. In 2021, as we enter the new normal of a more geographically dispersed workforce, more of our devices will be connected—from cars to home appliances to thermostats—and more organizations will be forced to migrate fully to the cloud, and we’ll see a steep jump from the 29% of security and IT professionals that were deploying cloud-native capabilities in 2020. As a result, there will be a much broader threat landscape that must be secured.
#2: Organizations will have to budget for securing remote workers.
As a result of the previous prediction, in 2021 organizations must continue implementing a security posture beyond just the typical IPS or firewall that was sufficient when most, if not all, employees worked in an office or other official location. Even before the pandemic, 70% of security and IT professionals predict their organizations are likely to invest in new technologies to improve security. In this new normal, we’ll likely begin to see even more technology invested in and assigned to the end user as they work remotely. This could include being given laptops and even mobile phones with corporate security controls installed, and requiring employees to always use a VPN when connecting to their corporate networks.
One measure I think we will definitely see adopted, en masse, is broad use of multifactor authentication. Organizations will need to cover all of this added security by reallocating budget that was previously directed at brick-and-mortar expenses and shift it to cloud-native security tools. From 2019 to 2020, the Devo SOC Performance Report found that security budgets increased by nearly 20% and in 2021 that number will only get bigger.
#3: Many organizations will learn a lesson in humility, regarding the need for threat intel sharing.
2020 is closing out with all eyes on the security industry, given the related high-profile breaches at FireEye and SolarWinds. These explosive stories forced organizations to acknowledge their security weaknesses, inspired empathy across the security community, and shined a very bright spotlight on the need for better threat intel sharing. In 2020, only one-third of organizations were prioritizing threat intelligence integrations, a number that is no longer acceptable.
Heading into 2021, faced with a rapidly expanded threat landscape, we’ll see the security industry come together with a greater sense of community and openness so it can better protect some of the most important institutions across the globe. It’s unlikely that we’ll see the same high numbers of security and IT professionals reporting that it would take a significant financial loss due to an IT security incident (63%) or significant data loss resulting from an IT security incident (61%) to motivate an organization to employ security measures like deploy a security operations center.
