By Sivan Nir, head of research, Skybox Security
With threat actors becoming more sophisticated and attack surfaces expanding, 2021 is the year that cybersecurity must rethink traditional strategies to adapt to the changing threat landscape.
Skybox Security research highlights there were nearly 20,000 new vulnerabilities in 2020. The pandemic forced changes that increased surface area for attack. Strong security posture management will have a key role in contributing to business resiliency and growth in a post-pandemic economy.
Key trends for enterprise security include:
Increasing cloud security
Major enterprises will continue adopting more public cloud solutions – which are beyond the protection of firewalls. To ensure strong security posture management across cloud services, security and risk leaders will prioritize network modeling. This will enable them to plan and analyze the potential impact of changes across hybrid environments. Network modeling also makes it easier to identify high-risk attack vectors. Many of the successful cloud services attacks today are due to misconfiguration and human error. With a comprehensive view of enterprise cloud deployments, cloud security architects and CISOs can facilitate and verify proper segmentation across hybrid infrastructure. Mature security organizations will focus on identifying and remediating vulnerabilities ahead of incidents to make it harder for bad actors.
Competing in the digital-first landscape
In 2021, security will become a business differentiator. Companies with legacy business models will struggle to compete with agile organisations that have strong security credentials. Moreover, with continued digital transformation, security will move from being an afterthought once business decisions are already made to becoming an integral part of business strategy discussions. Organisations that make targeted investments in IoT, 5G and cloud and execute them with a proactive, holistic security strategy will be more competitive in today’s market.
Reducing risks in the supply chain to block security exploits
In 2020, organisations worldwide were targeted in supply chain attacks, including hundreds of Mongolian government agencies via Able Desktop and the South Korean government via WIZVERA VeraPort. Third-party vendors will continue to be used as conduits as part of larger attacks. Because of this, enterprises will develop zero-trust frameworks to reduce this risk as ’trusted’ vendors often are no longer ‘trustworthy’ in this sophisticated threat landscape. There will be a balancing act between selecting or maintaining vendor relationships that meet critical business needs and evaluating whether those vendors have the requisite security protections in place.
Growing visibility to tackle distributed workforce vulnerabilities
Due to distributed workforces, more cloud-native solutions and IoT devices are connected to corporate networks than ever. Bad actors have not been blind to this change: Studies show ransomware samples alone increased by 72% in the first six months of 2020. Also, nearly 75% of C-level executives expressed concerns over the newly created vulnerabilities and risk brought about by newly distributed workforces. The reality is that there are too many vulnerabilities to ever believe they are 100% patched. The organisations that avoid costly attacks will be those that seek increased visibility and insight across the entire enterprise.