As 2020 draws to a close, many information security professionals will be glad to see the back of it. It has brought no small amount of disruption to cyber security teams and the issues presented by the pandemic have challenged the ability of many companies to adapt.
Data security has become an even more prominent issue and, as we eye up the end of the year, it is important to take a step back and consider the data security trends in this space which will be impacting organisations in 2021, and what steps to take to remain secure:
1. COVID-19 will continue to present a risk to data security
From a macro perspective, the ongoing impact of the global pandemic is a universal issue which will continue to form a backdrop to many cyber security problems in 2021. With the pandemic demanding increased digital touchpoints for employees and customers, the attack surface will continue to grow.
The accelerated digital transformation and cloud adoption which coincided with the first lockdown show no sign of slowing in 2021. This presents opportunities for attackers.
From a strategy point of view, while it is hard to predict specific problems, broadly this requires increased vigilance, resilience and adaptability.
2. Cloud applications will factor greatly in data security issues
Greater usage of cloud applications for collaborative working means cyber security teams will need to practice increased diligence when it comes to configuring and protecting such services.
Security teams need to be aware of the potential for things such as Google Drive, Office 365, Slack and others to invite data leakage and theft, by both external and internal actors.
3. Data leakage by remote workers
Remote workers present a greater insider threat to data security. Home workers are often in a mind-set that sees them less careful about established data security processes, sharing things they might otherwise think twice about.
The absence of physical co-workers also gives rise to the temptation of data theft, as well.
4. Securing the user at point of access will remain a priority
An unhelpful blend of home working, more applications and services, and poor password and authentication policies, will continue to present a risk into 2021.
Our own research has highlighted how 22% of security specialists said employees were recycling work credentials on personal accounts, for example. These behaviours present a significant opportunity for attackers.
5. A higher volume and sophistication of phishing
If current trends are anything to go by, 2021 will also continue to see an increased volume and sophistication of email attacks.
With more targeted attacks such as Business Email Compromise (BEC) and Invoice Scams ratcheting up the heat on senior management, finance and marketing teams, ever-adaptable criminals will continue to invent convincing new ways to steal money, data and IP through social engineering.
What can be done to keep data secure in 2021?
Moving into 2021, having a clear view of the attack surface outside of the traditional perimeter to understand all points of potential data exposure, both technological and human, is important.
To secure cloud applications and services, a CASB is a critical piece of this puzzle.
A comprehensive CASB allows security teams to apply policies around data sharing and use of platforms such as Office 365, Google Workspace (formerly known as G Suite) and more by monitoring and managing thousands of different actions in hundreds of business applications, in a way which doesn’t restrict productivity.
For example, by allowing certain groups of users time-limited access to certain files, or stopping people without the relevant permissions from sharing documents.
Data Loss Prevention solutions can also form a valuable layer of protection, preventing the leakage of everything from sensitive personal information and IP out of an organisation, whether intentional or accidental.
Typically deployed inside a CASB, email solution or as part of a web filtering tool, they act as an outbound filter, enforcing policies protecting data from theft at every digital touchpoint an employee has.
To protect organisational data exfiltration via email, progressive email security solutions should be used alongside those native to Exchange Online or Gmail.
This advanced layered approach analyses outbound content in the main body or attachments to prevent sensitive data being extracted via email and allows high value targets to be protected with custom rulesets.
For particularly sensitive data or to meet strict compliance requirements, encryption features can be added.
For example, Censornet SecureMail is an add-on to Email Security and provides a simple, yet effective, solution for user-based encryption of specific messages.
By adding customisable keywords to the start of the email message a subject can send a message containing a secure link to the recipients that can then log in to a secure website to view the contents of the message.
Adaptive Multi-Factor Authentication (MFA) can also help reduce the risk from poor employee password hygiene, preventing credential reuse from enabling straightforward unauthorized access to accounts.
In today’s cloud application-heavy environment, where sensitive data is a few clicks away from logon, this is crucial.
As the world grapples with one of the biggest transitions of modern times, security teams must continue to enhance the protection of their cloud-first environment, as this technological battleground holds the key to all our future successes.
For insight into how to approach the top cyber security challenges of 2020 and protect your organisation from tomorrow’s threats download our recent report.