Security Landscape in 2021
2020 was a different year. Zoom became a verb. Masks became a required article of clothing. Working from home became the norm. With so many daily routines completely changing overnight, our world will be playing catch up for some time.
2021 is projected to be a year of mass adjustments. Several industries are either working towards embracing a semi-permanent work-from-home model or adapting to the new on-site social distancing requirements. Regardless of which camp your organization is in, everyone’s focus is now on the changes that must be made and that includes your security team. And as it ought to be expected, bad actors will come out of the woodwork to take advantage of their distraction.
What should we expect?
More phishing attacks. Employees are no longer on their egress-controlled office networks. All those powerful application-based firewalls you deployed in your office to prevent access to malicious sites are now sitting idle waiting for handshakes. With employees working from home, nothing is stopping them from falling victim.
Malware/ransomware will make a comeback. The days of work vs personal computers are gone. The same work computer will be used for everything from streaming media to playing games. We are likely to see a comeback for old Trojan Horse malware that won’t be stopped by your home router.
Corporate espionage will rise.
What should we do?
Zero Trust. You’ve heard the term. You probably have embraced it to a certain degree. More than ever, this needs to be adapted at full capacity. Every device that accesses your data is a target of attack on random home/hotel/coffee shop networks. You must assume compromise for all those devices and treat them as such.
SSO and MFA. Your users are much more likely to lose their passwords. Being able to systematically disable a suspicious account is key. Requiring your users to enter a one-time token upon login is a must.
Endpoint Protection. Your mobile devices are more susceptible than ever to malware and ransomware. They are no longer protected behind your advanced firewalls within your walled garden office network. Plus, traditional antivirus software is not as effective in protecting your devices from advanced threats. It is imperative that you consider upgrading your endpoint protection to the next generation autonomous endpoint protection.
Invest in security awareness training. More than ever, employees need to be equipped to spot a phishing email. As a result, more security awareness training companies will shift their focus from being a compliance/HR nice-to-have, to an essential part of employee onboarding. It is absolutely essential to embrace the reality that security is a shared responsibility, and empower your employees to spot and report such phishing attempts.
Overall, I am excited to see the changes this year will bring. The pandemic only accelerated an already fast wave of technological changes to our day to day lives. I am confident that tech companies will adapt quickly to provide more relevant solutions to today’s challenges.