3 Cyber Trends in 2021

It’s been a year since most of our offices shifted to a work-from-home (WFH) schedule. In that time, the world of cybersecurity has changed entirely. Recently, I wrote an article for Enterprise Security about the challenges WFH policies posed for IT professionals. Here’s a further look at the subject.

For years IT professionals worked on “protecting the palace” with layers of security built around the office with “moats” designed and created to catch intruding cyber criminals. Over the last year, that the perspective has progressively changed. For 2021, here are three trends we see emerging for IT departments as they embrace the new geographic challenges of employees and newly formed attacks from cyber bad actors.

Work from Anywhere

When most of corporate America shifted to a work-from-home schedule, IT professionals had massive challenges to adjust to. The individual and their IT – and how to protect their actions -- became far more important than it had ever been. As time continues, we are seeing a continued trend of employees not only working from home but working from varied and distributed locations. This work from anywhere (WFA) approach will cause continued stress to IT departments as they try and create IT security controls that can adjust and adapt to this work style. A possible key to solve this will be to create technology ecosystems that are standardized and have an inherent risk-based security controls framework built from within.

New IT Systems

To answer many of the new technology needs we have found that oversight committees have increased IT budgets and acknowledged the need to spend more to facilitate the changing work locations. This boom in IT spend has been welcomed by most senior IT professionals but it has also come with caveats, one of the biggest of which is how to manage all the new technologies. Adding new platforms and new services is easy to do with cloud-based applications instantly available; but finding ways to control implementation and integration into the larger ecosystem of security will be continuing this year and going forward. The desire to control security for an organization with a “single pane of glass” continues to be a challenge and perhaps is becoming even harder now, unless a security ecosystem can be put into place.

User Education

The most beneficial piece of security we see needed is: continuous user education. This concept consistently provides the best “bang for the buck” in preventing and protecting any organization. Last year, approximately 80% of our experiences in security breaches came from user actions. Examples of these actions include: using personal free email accounts to send sensitive information, clicking faulty links, and opening suspect emails and attachments. Creating a robust cybersecurity training program for users is one of the most important and beneficial steps to be instituted in any organization.

There are many layers to cybersecurity and the above ideas mention only three facets our advisory practice is seeing. There are many more. IT departments must continually examine the internal and external forces that are affecting their organizations and inform executive committees to these trends in advance so proper roadmaps of security deployments and spend can be planned. An excellent way to get this assistance is to have an external IT risk assessment performed annually by a firm that is knowledgeable in these trends and uses an established framework (such as NIST-National Institute of Standards and Technology) to perform consistent evaluations and offer recommendations.