As the new year begins, it is time for CISOs to think and plan their strategic security initiatives for 2021. It is getting more critical for enterprises to get ahead of the upcoming trends and use them internally while beating the competition. The COVID-19 pandemic, early this year, disrupted the world as we knew it. When the world went into a global quarantine, organizations increasingly went digital in their struggle to remain afloat. Digital transformation initiatives accelerated, particularly cloud migrations, and the development of remote-work capabilities picked up the pace. There has been a fundamental change in the way we work and consume data, not just by the exciting new paradigms but also with its associated risks.
As the world continues to fight the pandemic, there has been a massive surge in cyberattacks. Let’s look at some of the most significant security breaches of 2020:
• WHO staff credentials were leaked online, leading to widespread email scams before it was identified and contained.
• Zoom, the virtual meeting application, was relentlessly targeted in a data breach where more than 500,000 Zoom passwords were stolen and available for sale or even being given away for free across dark web forums.
• Twitter witnessed a brazen online attack when verified Twitter accounts of many high-profile figures and celebrities. Everyone from Kim Kardashian and Kanye West to Barack Obama, Elon Musk, and Bill Gates were hacked.
• Magellan Health, a Fortune 500 healthcare giant, suffered a ransomware attack and faced a data breach impacting over 365,000 patients.
The focus for the year ahead will be on the security projects that should take “tip of the spear” priority. And businesses will need to analyze the countermeasures that would have been vital for preventing these attacks. Planning will reduce your enterprise attack surface and better protect your organization’s changing perimeter.
What’s in store for security in 2021?
The impact of the pandemic on the world, economies, and businesses will last for a long time to come. Most essential services — such as commerce, education, financial services, and healthcare — are leveraging new ways of working. These services must continue to grow without the fear of being attacked or getting interrupted. Here are the top security trends that will have a key impact on your strategic initiatives.
1: Increase investment in zero-trust architecture
Regardless of where you are in the digital transformation journey, one precaution you must consider is to move toward a Zero Trust security model. Those who don’t will be headed toward the corporate graveyard in 2021 because it is too costly, inefficient, and risky to keep doing business with yesterday’s security model. For companies looking to undergo a security overhaul but do not know where to begin — start with a good consultancy partner to help charter your security roadmap. Businesses that are not exactly at the head of the line need to consider investing in a robust identity management solution. And larger enterprises need to move beyond merely authenticating identities. They need to adopt endpoint visibility, vulnerability management, and data protection to scale toward a zero-trust model steadily.
In 2021, understanding your organization’s risk posture will help in full process redesigns and other disruptive changes that could’ve been deprioritized due to “change fatigue.” COVID-19 has demonstrated that we are all far more resilient than we may have believed ourselves to be (personally and professionally). In reality, people are more open to new technologies and take on significant changes that make their work and lives more manageable. The zero-trust model may take considerable time to achieve. Still, it considerably reduces the attack surface and makes it difficult for bad actors to infiltrate your business systems and wreak havoc.
2: Understand your enterprise security risk posture
Many enterprises underwent rapid change as a result of the pandemic. CISOs must conduct a risk assessment and understand the risks of rapid and widespread change. With the results of such an assessment in hand, your organization will be able to understand its current security risk posture and build a roadmap toward mitigating vulnerabilities. In 2021, your organization’s security risk posture will determine the cyber resiliency, agility, and innovation factor for your business — and this must include the risk that comes from your supply chain.
3 Make security awareness a business priority
The importance of security has only increased with the pandemic as technology becomes the primary vehicle for communication, automation, and digital reinvention. As employees work remotely from wherever they choose, and the younger generation enters the workforce, endpoints are now scattered across the world, and vulnerabilities have multiplied. Security awareness training and policies need to become embedded into your organizational culture. And security awareness programs must become an integral aspect of the workforce’s responsibility and accountability. Just as no parent would allow their child to drive a car without teaching them road safety, companies should ensure employees have the security training they need to avoid cyberattacks when working from home.
Is your business primed to meet future challenges?
The number one priority for every business, irrespective of industry, remains to ensure its uninterrupted day-to-day operations without any impediment. And securing systems is one of the biggest tasks facing all businesses. The increase in security breaches and cyber threats makes it imperative for your organization to establish a simplified, modern, and future-ready security environment that can adapt to a continually changing IT landscape. These trends are more like advisory and guidance for every business to anticipate, prepare, and meet upcoming challenges.
Access our CSA CloudBytes Connect webinar on-demand
NTT DATA was proud to be a Diamond sponsor of the 2021 CSA CloudBytes Connect symposium, a virtual event focusing on cloud, technology and security. At CSA CloudBytes Connect, the top minds came together to discuss strategies to secure the modern enterprise from malicious cyberattacks. Edmund Tribue and I presented a session titled "Zero Trust Identity Protection to Enable the Adaptive Workforce." Feel free to access the webinar on-demand.
Contact an expert
Find out more about how NTT DATA Security Services can help you build, integrate and modernize your security infrastructure and keep your business running efficiently, effectively and affordably.
Post Date: 1/22/2021