Cyber Security challenges in 2020
2020 was a Cyber Security headache for business owners and security teams. Although some were well set up for supporting home workers and experienced no transition period, a huge proportion of firms simply did not have the infrastructure or devices to accommodate this sudden technological shift. Security professionals were faced with impossible decisions, which meant they had to choose between the security of data and the longevity of the business itself.
Amongst the internal challenges of implementing a company-wide remote working strategy, securing business critical data and ensuring staff can access the necessary resources, cyber-attacks were growing daily. With the weight of the entire business already on their shoulders, these attacks had become the proverbial icing on the cake for security professionals. However, with more users accessing corporate systems on insecure devices and networks, the attack surface had grown exponentially and security teams were too stretched to eliminate the risk exposures.
Whilst security teams were playing catch up, cyber-criminals quickly adapted their tactics to suit the changing attack surface. As the pandemic developed over the course of 2020, phishing emails changed to fit the current concerns of the public. For example, back in March they focused on fake Covid-19 information, which then changed to supposed ‘Covid cures’ and more recently scams which invite victims to receive their vaccine. By preying on public fear, scammers hope to lure people into ‘clicking’ on malicious links, disclosing passwords or entering financial details.
Alongside the unprecedented increase in phishing scams, an 80% rise in ransomware and a staggering 800% increase in web application attacks in the first quarter, there was a whole host of high-profile breaches in 2020, these include: Marriot, Nintendo, Solarwinds, EasyJet, Claire’s, The Ritz, Google, Virgin Media and Zoom. Although these breaches all involve large corporations, this is not to say the SMB market are not a target for cyber-attacks- they simply do not make the headlines.
What Cyber Security trends will we see in 2021?
We are now one year into the global pandemic, and it has become clear how Cyber Security is likely to change in 2021. Now that the dust has well and truly settled after the shock of lockdown 1.0, it is clear that remote working is here to stay. In 2021, businesses will begin to rethink their strategies, adapt to the changing threat landscape and continue on their journey of digital transformation. Read on to find out more about the key Cyber Security trends of this new decade.
1.Developing more secure applications: For the most part, app developers and app security teams operate as separate entities. Usually, developers create an application and the security teams test the code upon completion. However, this often results in security teams picking apart the weaknesses in the code. Moving forward, it is likely that the two teams will work more collaboratively as they need to be singing from the same hymn sheet. By integrating security measures at the development stage, developers will build stronger applications from the outset. This will help to reduce the risk of compromise caused by application vulnerabilities.
2. Using security to shorten app development cycles: This year, rather than identifying flaws after app development, we are set to see more integrated tools which help developers prevent coding mistakes. Developers will increasingly be led by penetration testing frameworks that follow web app security best practice. This will not only help to shorten application development cycles, but also create more robust, reliable applications.
4. More breaches due to human error: Although human error has always been the number one cause of data breaches, it is likely that we will see far more of this in 2021. With a huge proportion of the population working from home, employees may become complacent and fail to follow the usual security protocols. This calls for phishing simulation exercises and comprehensive training which is tailored to a remote workforce. During lockdown, your employees can no longer pop to the IT department to ask Dave about a suspicious looking email. Therefore, there needs to be processes in place to ensure staff know how to raise security concerns, and who they need to report to.
4. Strengthening cloud architecture: Whilst many firms planned to adopt a cloud-first architecture in the coming years, as the pandemic struck, they were forced to accelerate their plans. Although businesses may have successfully shifted to a cloud native infrastructure, there will be many internal process issues that need ironing out by security teams. In 2021, they will need to recodify processes and strengthen/test their new IT environment, this will help businesses gain the real advantages of agility from the cloud.
5. AI and machine learning: We will undoubtedly see a trend towards utilising artificial intelligence and machine learning, from both a security perspective and for cyber-crime. Although AI advancements will aid the sophistication of our security strategies, unfortunately, hackers will also be using these tools in order to evade our security defences. When it comes to Cyber Security, AI and machine learning will be used to detect new and difficult to detect malware. It will also be used to analyse network data and identify anomalies which could help to detect an attack in its early stages. After all, the sooner you can respond to a cyber-attack, the less disruption and damage it will cause to business operations. On the other hand, cyber-criminals will be using AI to help them automate processes which will lead to quicker and more distributed attacks. In other words, artificial intelligence is a double-edged sword.
6. Increase in cyber managed security services: The ever evolving threat landscape, alongside the Cyber Security skills shortage, will mean more businesses will turn to Cyber Security Managed Services to defend their infrastructure from the latest threats.
What are your Cyber Security plans for 2021?
Last year, as businesses faced sudden and transformative network changes, combatting advanced threats became a mammoth challenge. To accommodate this new network model in 2021, we must reflect, consolidate and strengthen our security strategies. Unfortunately, cyber-attacks are only set to increase and become more advanced in the coming year. In order to stay ahead of the curve, security strategies should not be static, businesses must continue to innovate and evaluate their approach to securing critical data. Here at Equilibrium, we help our customers achieve complex Cyber Security initiatives. If you are looking to continue your journey of Cyber Security digital transformation in 2021, our cyber experts are well placed to offer specialist guidance and support. If you would like to get in touch, please use our contact details below.
Ready to achieve your security goals? We’re at your service.
expertise to help you shape and deliver your security strategy.
