This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Hatem Naguib (Chief Operating Officer), Barracuda Networks:
As we head into 2021, what are your predictions for the cybersecurity and tech space?
Distributed enterprises and remote workers: In the span of a few weeks, we went from 10% of workers being remote to over 90% of workers moving to remote. This required IT organizations to scramble to setup access and security controls for their employees. This trend will continue in 2021 as we see many companies slowly bringing back some key workers to their facilities and adopting measures that will give their employees flexibility if they can maintain productivity.
Cloud adoption: Here we see two key trends — first, new applications are delivered as Software as a Service (SaaS) instead of on-premises implementation. Second, and more importantly, existing on-premises applications are migrating faster to cloud. Typically, macro-level trends like digital transformation and leveraging of cloud services tend to increase in a hockey stick fashion, where there is a period of time where we see accelerated adoption and then an inflection point of activity. 2020 was that inflection point for many with the cloud. COVID-19 forced many companies to significantly accelerate their migration to cloud services to address shutdowns and remote workers.
Shortage of key resources to help mitigate security issues: There will be a continued shortage of cybersecurity talent despite the recession and COVID-19 job losses.
Increase in attacks that will take advantage of the new reality — distracted workers, global pandemic, cost pressures from recession, remote access, accelerated adoption of cloud services. Each of these alone would be cause for concern for cybersecurity professionals. All these macro trends happening simultaneously requires us to have the highest level of vigilance against those who would take advantage of these situations.
What new skills will IT security executives need in 2021 that they may not have today?
Securing remote workers. While many companies had some experience setting up temporary and limited remote access for contractors and vendors, every company will now need to make sure they have clear processes and controls for managing a large percentage of their employees remotely for extended periods of time. Every company will need to have policies and procedures for managing remote access.
Cloud security and privacy. This will be a critical skill every IT executive will need to understand as more and more capabilities are now delivered as cloud services. Cloud security posture management—understanding whether and how the assets and services delivered in public cloud are adhering to compliance regimes—will be a requirement for every IT executive. In addition, as more and more companies are exposed to threats that impact the privacy of their customers or enterprises, the risk of breaches will require IT security executives to be able to effectively communicate and execute plans that encourage and require other teams to enforce compliance.
Disaster recovery and emergency preparedness. Many companies don’t have such plans, and if they do, they typically don’t test them out to ensure they would work well in case of emergencies. 2020 has shown us emergencies are not just natural disasters. As companies worldwide deal with shifting local requirements to adhere to COVID-19 outbreaks or potential downtime due to outbreaks in their offices, emergency measures may need to be implemented quickly and repeatedly. Every IT security executive should make sure these plans include security compliance checks that are straightforward and quick to implement without having a long-term impact on productivity. In addition, thorough and comprehensive backup and recovery solutions will be critical.
Klaus Gheri (Vice President, Network Security), Barracuda Networks:
As we head into 2021, what are your predictions for the cybersecurity and tech space?
The COVID-19 pandemic and the transformational pressure it has created on work habits and work environments will continue to provide increased attack surfaces. Zero Trust Network Access solutions and accelerated adoption of cloud-based solutions are the way for organizations to keep risk under control. Corporate endpoints will be predominately used outside the perimeter of the corporate network in work-from-home environments. This will require many organizations to review their current endpoint security and compliance enforcement approaches.
What new skills will IT security executives need in 2021 that they may not have today?
Security executives will need to achieve the same level of security or more with tighter budgets due to economic recession. There will be a growing need for security executives to get fully comfortable with novel cloud-centric security architecture. Additionally, 5G adoption will start to get more tangible in many regions of the world. IT security executives will need to come up with a more holistic understanding of risk and adequate protection measures as it pertains to the entire corporate network, including OT and industrial IoT environments.
What threats do you see proliferating in 2021?
Threats will continue to target the weakest link in the chain, which normally is the human element. Work from home and weaker security postures allow the typical email-borne attacks to become even more effective. As in previous years, we will continue to see a growing number of attacks targeted at critical infrastructure such as healthcare and cyber-physical systems.
What are the most important ways the COVID-19 pandemic will impact security in 2021?
We will continue to see the revival of corporate-owned devices provided to employees. Zero Trust Network Access concepts will flank traditional network-based VPN access concepts. Ironically, this is a rebirth of NAC concepts from 15 years back in a somewhat different more modern guise. Email will continue to be the primary attack vector.
###