Author: Richard Harpur
We’re all exhausted by 2020, a year that was unpredictable to say the least. Many companies and organizations were forced into a storm of reactionary steps necessary for business continuity reasons at best, and commercial survival at worst. Unprecedented as times were, many cybersecurity predictions for 2020 remained valid, but the operating context transpired to be completely different than anticipated. As we all moved away from working in fixed office locations to working remotely, this made the environment easier for cybercriminals to target users in the comfort of their own homes.
Instead of trying to predict 2021 cybersecurity trends, which may not leave much room for agility depending on what the year has in store for us, we propose a 2021 playbook for cybersecurity, to help IT and Security teams prepare a roadmap of projects and focus areas likely to take precedent in the year ahead. In this article we will make a recommendation for each scenario as follows:
- Procure and implement: A technology or practice you should be planning to implement in 2021.
- Trial or pilot: A technology or practice you should be testing or evaluating to assess value and implementation effort in 2021 in anticipation of a full implementation in 2022 if the pilot is successful.
- Research: Start becoming aware of this technology or practice as it will grow more dominant in future years, grow your awareness in 2021.
Scenario 1: Browser Isolation
Recommendation: Trial or pilot
Threats: Ransomware, phishing, social engineering, malware
Although this tech has been mainstream for a number of years, widespread adoption has been hindered by proprietary implementation requirements and the inertia and difficulty of moving users from their “favorite” browser to an alternative. However, several factors may now result in better ROI than previously possible, and therefore 2021 is a year in which this technology should be tried in a controlled way in your organization to understand the barriers to full implementation as well as the friction, if any, that is introduced for users.
The efficacy of such products is generally high; however, difficulties commonly arise in a user’s workflow. In addition to serving up visual content, we now use browsers for file transfer, audio and video streaming, form filling with attachments being uploaded and other rich activities. Browsers are also a major channel for cybercriminals to exploit.
Scenario 2: SASE (Secure Access Service Edge)
Recommendation: Procure and implement (Trial or pilot for complex network environments)
Threats: Remote work, network breach, cloud security
In 2020 workers moved from defined office locations to remote locations, at a scale never seen before. This brings challenges of securing users’ access to corporate assets from locations that are outside the control of the corporate IT or security departments. Secure Access Service Edge is a model for network security in the cloud proposed by Gartner. This approach sees a convergence of technologies such as Firewall as a Service (FWaaS) Cloud Access Service Broker (CASB), Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) promising a reduction in complexity and the number of point solutions being used to secure the enterprise.
Your 2021 playbook should include the procurement and adoption of this technology, or if you have a complex environment you may want to trial and pilot in the first instance.
Scenario 3: Write Once Read Many (WORM) backup solution
Recommendation: Procure and implement
Threats: Ransomware
Ransomware incidents persisted again in 2020 and there is no reason to believe they will decline in 2021. The impact of such attacks has been highly publicized in healthcare and educational settings. Write Once and Read Many (WORM) technologies for data backup can be deployed to provide a guarantee that data residing in these repositories can never be lost to ransomware. It may be possible for existing solutions to be upgraded to enforce WORM protection, providing an easy win without requiring a major infrastructure project.
Scenario 4: Security automation
Recommendation: Procure and implement
Threats: Data breach, application vulnerabilities, cloud configuration vulnerabilities, faster incident response
Shortages of skilled cybersecurity professionals is a constraint that is going to continue into 2021 and beyond. IT and Information Security leaders need to maximize the utilization of their existing talent pool. Automation of everything that is possible to automate will help free capacity for other security related tasks. DevSecOps can greatly assist with freeing up resources for other tasks and projects. Many cloud service providers now offer services to script automated incident response and compliance as code activities. 2021 should incorporate, at a minimum, a starting point for automation for security activities, delivering on the basic workflows.
Scenario 5: IOT cloud services for non-IOT devices
Recommendation: Research
Threats: Remote working
The original application of IOT cloud-based security was to ensure we integrated all types of non-typical computing devices such as building sensors, factory automation and other classic IOT devices. However much of the cloud based IOT services could be applied to classic IT environments. As we move to a zero-trust architecture, I recommend you don’t overlook this category of cloud services; instead undertake research and learning to ensure you are aware of what services are available and how it might impact your environment in the future.
Summary
We’ve seen many threats emerge and dominate over the last number of years. 2020 accelerated human-targeted attacks, making it easier for cybercriminals to exploit human weakness. The theme for 2021 is focused on deploying solutions to help users avoid cyberattacks by providing additional protections in a remote working situation.