2020 took a sharp turn in March, sending most of the world back home, and forcing businesses to rapidly make changes to how day-to-day business was conducted, relying more heavily than ever on cloud-collaboration and business apps.
When the pandemic hit, our research found that only 34% of security professionals felt they were very prepared to support employees working from home securely, and cyber criminals were acutely aware of that. Phishing, ransomware and cyber attacks increased drastically, with targeted campaigns preying on people’s fears and need for answers.
The cyber pandemic
Working from home gave many employees the added benefit of more flexible working practices, but the security gap between the home and office network left cyber criminals with an abundance of opportunities.
At the time lockdown was announced, 72% of professionals felt that the cloud had improved their organisation’s security posture, putting them in a strong position to deal with increasing cyber threats. Unfortunately for the 28% of organisations who were not prepared, the response to the pandemic from cyber criminals resulted in 80% of firms seeing an increase in cyber attacks.
According to Google’s Transparency Report, it detected an average of 46,000 new phishing websites every week in 2020, which is strong evidence that the coronavirus pandemic has boosted the opportunity for online scams. Cyber criminals stopped at nothing to exploit a bad situation this year.
The major shift in work location and the jump to adopt new tools to ensure productivity and connectivity in a remote working environment only intensified cloud-associated risks and in the rush to roll-out many companies failed to radically re-evaluate their security posture.
This year has shown that security professionals need to take stock, exercise caution and ask hard questions about the capability of their cyber security tools going into the new year.
The year ahead: what does 2021 have in store for security teams?
- Context and identity go hand in hand
This year has shown that you must develop a zero trust stance to security. With teams dispersed away from the safety of the organisation’s network, IT teams are continually having to review risk. Context will become especially important; where an employee is, what time zone they are in, what documents they are trying to access, will all play an increasingly important role next year.
With the move to the cloud, a combination of identity and context will effectively become the new perimeter, as the traditional enterprise firewall becomes less and less relevant. Because of this, 2021 will see an increase in momentum towards a Zero Trust approach based on an ‘authenticate then connect’ model, where employees are allowed to connect only to the services they have permission to once they have authenticated, ideally using adaptive Multi-Factor Authentication (MFA).
Adaptive MFA can also help reduce the risk from poor employee password hygiene including reuse of passwords across multiple services.
- Behavioural analytics over time
2021 will see a move to increased analysis of activity over time to spot patterns, identify anomalous behaviour and mitigate risk.
User and Entity Behaviour Analytics (UEBA) will assist in identifying patterns outside of normal – as well as outside of the new normal – to detect and prevent suspicious or outright malicious activity.
This coupled with Data Loss Prevention (DLP) solutions will deliver a stronger layer of protection around sensitive, regulated and personal data.
- Keeping apps secure
With many people still likely to work from home next year, cloud applications will still be vital to ensuring businesses remain productive and operational. For 2021 cloud applications will still need to be secured. A CASB will be critical for this.
A comprehensive CASB allows security teams to apply policies around data sharing and use of platforms such as Office 365, Google Workspace and more. It does this without restricting productivity and, alongside adaptive MFA, for example, it can add time restrictions on access or even stop people without the relevant permissions from sharing files.
Enhance and empower with cyber security in 2021
As we move into 2021, whether staying home again for a year, or slowly transitioning back into the office, security teams must continue to enhance the protection of their cloud-first environment.
Cyber criminals will find new and inventive ways to get at critical information, so security teams need to use the latest intelligence and self-learning technologies to ensure the safety of employees and the organisation overall.
For an in-depth discussion and demonstration of how Censornet can help to overcome the top cyber security challenges of 2021 and automatically protect your organisation from tomorrow’s threats, request a demo here.