Anurag Kahol, Bitglass: In 2021, Legacy Security Architecture Like Vpns Will Be the Weak Link
This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Anurag Kahol, CTO and co-founder, Bitglass:
Legacy security architecture like VPNs will be the weak link for many organizations
"To quickly ramp up remote operations and comply with stay-at-home orders, many organizations looked to legacy security architectures like VPNs as a silver bullet solution for remote work. However, this is not a sufficient long-term solution as VPNs introduce latency, hamper productivity, can be difficult to scale, and can grant employees excessive access to internal resources.
VPNs also represent significant liabilities as cybercriminals can easily exploit unpatched VPNs with ransomware. Even a “perfect” VPN setup and deployment is vulnerable to attack. For example, looking back at the July Twitter hack, attackers were able to use stolen employee VPN credentials to access high-profile users’ accounts to promote a Bitcoin scam without having their identities authenticated. With 400 million businesses and consumers using VPNs across the globe (according to GlobalWebIndex), it’s likely that we will continue to see VPNs targeted by cybercriminals in successful attacks.
Fortunately, there is hope for the future. 34% of IT security teams across the globe have shared that they are in the process of implementing a zero-trust security model which can ease many of the challenges presented by a traditional network approach. Additionally, 60% of enterprises will be phased out of VPNs in favor of zero trust network access by 2023. With a zero-trust implementation, users only have access to the smallest set of permissions necessary to perform their work duties. This trend toward zero trust network access is likely to accelerate in 2021 as organizations realize the gaps that legacy architectures like VPNs pose to their security postures.
The adoption of new technologies and increase in internet users means most of the world’s population is at great risk of data exposure
History shows that attackers refine their methods to take advantage of global events and the adoption of new technologies. In fact, online crimes reported to the FBI’s Internet Crime Complaint Center (IC3) have nearly quadrupled since the beginning of the COVID-19 pandemic. This comes as no surprise, as there were close to 4.6 billion active internet users as of July 2020, which represents 59% of the world’s population. The number of internet users will continue to increase in the coming year, and 84% of organizations will continue to support remote work even after stay at home orders are lifted. Combining these trends with the rapid development and adoption of technologies like 5G (which enables malicious actors to execute attacks and move data much more quickly) suggests that we will see an increase in the number of people around the world who are impacted by data breaches.
However, this shouldn’t prevent organizations from implementing new technologies or continuing remote work. With the right security strategies and solutions, organizations can benefit from new technologies and support their remote workforce without exposing themselves to additional risk.”