We’ve lived through the greatest change to working practices most of us will ever see, which placed huge demands on security teams.
But when the world finally opens up again, what will have changed in cybersecurity and the wider threat landscape?
When the first lockdown was ordered, organisations were forced to hurriedly build the infrastructure needed to support remote working, as well as the security systems to protect a newly distributed workforce.
Today, we know that at some point in the future there will be no more lockdowns and companies will demand that their staff spend at least some time in the office – although how much remains to be seen.
Here are 10 predictions which should help to guide your security decisions in the coming year or so as the pandemic (hopefully) subsides.
1) Remote Workers Will Continue to Be a Target
We’ve learned a lot about securing remote workforces during the pandemic. But cybercriminals have also been developing their skills.
Remote workforces will still spend a lot of time outside the perimeter during the shift to hybrid working but will probably pop inside it from time to time for the occasional office visit.
Which means organisations still need to follow the processes put into place during the pandemic as the great unlock gathers pace. Cross-channel attacks will remain a threat, as will advanced phishing scams like CEO fraud.
Knowledge is still power, which means organisations should take advantage of the visibility of cloud applications offered by Censornet.
2) Secure Remote Access Will Replace Remote Access
Many organisations hastily introduced Remote Access solutions at the beginning of the pandemic. These systems will now have to be carefully risk-assessed and improved to become Secure Remote Access solutions.
Secure Remote Access is now a non-negotiable part of companies’ IT infrastructure, yet it must combine flexibility with security to avoid losing data and control.
Organisations need to gain insight into users and manage access and activity on a granular level. All of this whilst maintaining data security across all services.
3) The VPN Is Dying a Slow Death
The VPN is doomed. It is being replaced by Zero Trust Network Access (ZTNA) and, ultimately, Secure Access Service Edge (SASE) in the future.
A VPN is a network-centric solution that’s increasingly unsuited to the modern era. Conversely, modern solutions operate in the cloud and can better protect distributed workforces.
Security teams should start to limit further investment in VPNs and start to make plans to phase them out altogether.
The road from ZTNA to SASE could be a long one. Most organisations are barely in the planning stages right now, with Gartner predicting that just 40% of businesses will have a SASE strategy by 2024.
It’s unlikely the VPN will survive this stretch of the security industry’s ZTNA odyssey, never mind SASE, so it’s best to start preparing to jettison it now.
4) We’ll say goodbye to ‘connect, then authenticate’’
This trusty old slogan is looking rather long in the tooth and is now in the process of being replaced by ‘authenticate, then connect’.
There has been a fundamental shift in attitudes to security. We’ve seen a move away from implicit trust and towards a default position where no one is trusted without good reason. Zero Trust, in other words.
The traditional method of gaining remote access involved logging into a network through a VPN, which then performed authentication and other security routines inside a data centre.
Today, we have moved away from this site-centric architecture, which reinforces that point that you shouldn’t let anyone near your network before authentication has been carried out.
5) Context Will Be King
The traditional safety of the corporate perimeter and its firewall aren’t sufficient to support a newly distributed workforce.
An entirely new perimeter built on identity and context is needed to protect modern companies.
Context is an increasingly important aspect of security and assesses the behaviour of a user or entity. It’s no longer enough just to pass identity checks – the logon should be completed from a location, time and device which are familiar.
6) A New Perimeter Will Form
Fueled by increased cloud adoption, identity and context will combine to become a new perimeter as the traditional enterprise firewall becomes less and less relevant.
In its place will rise Firewall-as-a-Service (FWaaS), which is a market predicted to have a compound annual growth rate of 22% between 2021 and 2026.
Ultimately, FWaaS is destined to become a part of the wider SASE package, which represents the convergence of network as a service, including solutions like software-defined WAN (SD-WAN), with security as a service, a category including CASB and FWaaS, which will all be combined and delivered wherever users or devices are located.
7) Cloud Platforms Will Supplant Point Products
No business is too small to suffer a cyberattack. In fact, SMEs are often easier to target because they do not use the enterprise-grade security systems employed by large multinationals.
The rise of security platforms is changing this. By combining technologies like cloud access security broker (CASB) or MFA with email and web security, integrated cloud platforms can offer full spectrum protection against a range of threats.
We expect to see platforms replace point products because they are not only cheaper but offer a wider range of services.
The Censornet Platform is part of this trend, offering autonomous, integrated attack protection for organisations and their users – no matter where they are – via a single cloud security platform.
8) Automation Will Become Ever More Important
We know organisations are struggling with a perfect storm of cybersecurity problems. These range from a wider skills shortage to budget pressures and alert overload, caused when humans struggle to cope with the huge array of trivial and serious security alerts generated daily.
Automation can – and will – help solve these issues.
Censornet’s Autonomous Integrated Cloud Security platform enables traditionally siloed services to share security context, state data and events throughout clients’ digital bloodstreams. If a threat is detected, individual engines mobilise like white blood cells, operating automatically at machine speed to stop threats before they even enter the kill chain.
9) AI and ML Will Transform Event and Alert Analysis
Robots aren’t about to replace human security staff – but automation will make their jobs a lot easier.
Solutions which employ artificial intelligence and machine learning will be able to automatically respond to low-level alerts as well as carrying out triage.
Automated systems can learn from their immediate experiences as well as plugging into to international threat databases where they are constantly updated with the latest intelligence.
The benefits of automation are already being felt across all the industries protected by cybersecurity vendors. Soon, automation will be a must-have in any security solution.
10) User and Entity Behaviour Analytics Will Increase in Importance
If a worker logs on at 2am on a Saturday morning, or suddenly tries to access the network from Singapore just five minutes after attempting a logon from London, something is not right.
In an era where identity and context are the new perimeter, it is extremely important to monitor behaviour.
Systems that can spot unusual or anomalous behaviour will become increasingly important parts of organisations’ security postures as the industry shifts towards a more context-focused security paradigm.
11) Data security will become a major focus for organisations
The world’s shift towards cloud-powered collaborative working has put data at increased risk.
Security teams are well aware of the potential for services such as Google Drive, Office 365, Slack and others to fuel data sprawl and invite data leakage and theft by insiders or external threats.
To secure cloud applications and services, a cloud access security broker (CASB) is critical. Adaptive Multi-Factor Authentication (MFA) can also help reduce the risk from poor employee password hygiene. Preventing credential re-use averts straightforward unauthorised access to accounts.