The global impact of the shift to teleworking in 2020, as a result of the COVID-19 pandemic, has transformed the daily lives of corporations.
With many employees working from home, the companies now have several computing assets that reside outside of their internal infrastructures, in addition to legacy security controls.
This triggered a huge increase in all types of cyber-attacks. Criminals began to take advantage of telecommuting and the lack of management of these endpoints to circumvent companies' digital protection and apply their attacks
Most companies still do not have consistent security rules or systems focused on the home office, nor professionals trained to deal with this new scenario. As a result, many have become easy targets for cyber-attacks.
Because of this, not to repeat the same mistakes of the past year, many corporate leaders have come to recognize the risks growing security cybernetic to and are facing the challenge of reviewing their traditional initiatives of protection.
However, for this to be possible, the security and risk management teams need to know the expected trends for this year. Only then will it be possible to adapt to changes and ensure business resilience.
Key Security and Risk Management Trends from 2021
The COVID-19 has made the daily lives of companies turned inside out. The pandemic accelerated the modernization of information technology, propelling companies to undergo Digital Transformation.
Most of the workforce that used to work in an office was forced to work from home. This reflected an accelerated increase in devices accessing company sensitive information in the cloud from home offices.
This new reality made companies face the following trends that will influence corporate daily life in 2021 and in the coming years.
Trend #1: Cybersecurity Mesh
“With many IT assets now outside traditional corporate perimeters, IT leaders must rethink security. ” This modern approach to protection aims precisely at implementing controls at the points where management is most needed.
Through it, you can perform basic security services as well as more advanced centralized policy management and orchestration.
Trend #2: Identity -Focused Security ( Identity-First Security )
This trend implies placing Identity as the new security perimeter. Companies had to review the unrestricted access that users previously had, and can access corporate data at any time and place.
The identity as the new perimeter becomes the centre of the safety design, executing a major shift in priorities protection of thought of traditional LAN edge design.
Trend #3: Security support for teleworker
"According to Gartner's 2021 CIO Survey, on average 64% of employees are able to work from home, and two-fifths are actually working from home." Therefore, the home office security support trend is here to stay.
As a result, organizations are accelerating their migration to more modern security infrastructures . For many of them, this migration requires a full reset of policies and tools suitable for a modern remote workspace. You need to create use cases that define who the user is, what kind of device they have, what applications and data content they need to access, and where in the world they are located.
Trend #4: Creation of a cyber environment management board (Cyber- Savvy Board of Directors)
Large companies are now beginning to create a dedicated cybersecurity committee at the board level responsible for strategy and risk management. This committee must be overseen by a qualified board member with experience in cybersecurity.
The Gartner predicts that “by 2025, 40% of boards have a dedicated cyber security committee, supervised by a qualified member of the board, against less than 10% today.”
This will allow for greater oversight across the organization, as well as ensuring that cybersecurity receives attention beyond the board, such as audit, risk and technology committees.
Trend #5: Consolidation of Security Providers
The complexity of security operations and integration costs are increasing due to the large number of security products used by companies, which results in higher expenses and the need to increase the number of employees.
Therefore, companies need to look for suppliers capable of simplifying operations and reducing overall costs. According to Gartner's CISO 2020 Effectiveness Survey, “80% of organizations expect to use security as a service by 2023."
Trend # 6: Computing to improve privacy ( Privacy-Enhancing Computation )
Through emerging technologies that protect data, companies are including computing capabilities that enhance the privacy of information. Thus, while data is being processed, shared, transferred, and analysed, it is possible to ensure its protection even in untrusted environments.
The adoption of the PEC is increasing, especially in cases of use as analysis s fraud, intelligence operations, data sharing, financial services and healthcare.
The Gartner predicts that by 2025, “50% of large organizations will adopt computer for added privacy in data processing in untrusted environments or cases of data analysis use with multiple parties.”
Trend # 7 : Simulation of breach and attack (BAS)
Breach and Attack Simulation (BAS) are becoming popular among businesses by providing for continuous assessments of defensive posture, mitigating the limited visibility provided by estimations and tests such as penetration testing.
BAS can be aligned with deploying and updating key systems, custom applications, and new infrastructure to increase confidence in security controls and architecture.
Trend #8: Machine Identity Management
Managing machine identities such as devices, workloads and their credentials has become critical for businesses as non-human entities are now at the forefront of digital transformation.
Therefore, it is necessary to develop an enterprise-wide machine identity management strategy to monitor all existing non-human identities.
As it is evident that companies are undergoing major transformations. Therefore, is essential to update the corporate cybersecurity strategy. IT teams should always be aware of the various available resources and market trends to structure efficient security systems adapted to the new reality.