Barracuda Networks revealed predictions that will shape the future of enterprise security in the coming year. It indicated that the threats of today will continue to target the weakest link in the chain, which normally is the human element. Year 2021 will witness many of the key trends in 2020 to continue.
Distributed enterprises and remote workers
Considering that in a span of a few weeks, companies went from 10% of workers being remote to over 90% of workers moving to remote, by 2021 we will see many of them slowly bringing back some key workers to their facilities and adopting measures that will give their employees flexibility if they can maintain productivity. While many companies had some experience of setting up temporary and limited remote access for contractors and vendors, every company will need to make sure they have clear processes and controls for managing a large percentage of their employees remotely for extended periods. Every company will need to have policies and procedures for managing remote access.
Accelerated migration to cloud adoption
Meanwhile, there will be an accelerated adoption of cloud services. First, new applications are being delivered as Software as a Service (SaaS) instead of on-premises implementation. Second, and more importantly, existing on-premises applications are also migrating faster to the cloud. 2020 was that inflection point for many with the cloud. COVID-19 forced many companies to significantly accelerate their migration to cloud services to address shutdowns and remote workers. IT executives will need to understand whether and how the assets and services delivered in the public cloud are adhering to compliance regimes as more and more capabilities are now delivered as cloud services. In addition, as more and more companies are exposed to threats that impact the privacy of their customers or enterprises, the risk of breaches will require IT security executives to be able to effectively communicate and execute plans that encourage and require other teams to enforce compliance.
Shortage of key resources to help mitigate growing security issues that will take advantages of the new reality
There will be a continued shortage of cybersecurity talent to help mitigate security issues, despite the recession and COVID-19 job losses. Attacks will also increase to take advantage of the new reality like distracted workers, global pandemic, cost pressures from the recession, remote access, accelerated adoption of cloud services. Each of these alone would be cause for concern for cybersecurity professionals. All these macro trends happening simultaneously demands the highest level of vigilance against those who would take advantage of these situations.
However, security executives will need to achieve the same level of security or more with tighter budgets due to the economic recession. There will be a growing need for security executives to get fully comfortable with novel cloud-centric security architecture. Additionally, 5G adoption will start to get more tangible in many regions of the world. IT security executives will need to come up with a more holistic understanding of risk and adequate protection measures as it pertains to the entire corporate network, including OT and industrial IoT environments
Zero Trust Network Access solutions are the way forward for enterprises to keep risks at bay
The COVID-19 pandemic has transformed work habits, which means corporate endpoints will be predominately used outside the perimeter of the corporate network in work-from-home environments. This will require organizations to review their current endpoint security and compliance enforcement approaches. As more consumers and businesses are becoming aware of the data breaches, there will be increasing discussion about the role of trust in security. While the concepts like Zero Trust and micro-segmentation are emerging as ideal ways to decrease attack surfaces, these solutions will be part of a broader approach that will leverage social graphs and machine learning to identify issues and enforce trust relationships.
Speaking on these security predictions, Hatem Naguib, COO, Barracuda Networks said, “In 2021, we foresee the threat landscape to become more challenging and COVID-19 will continue to impact security in many ways. Every industry needs to make sure it is prepared to deal with security issues. IT security executives should make sure these plans include security compliance checks that are straightforward and quick to implement without having a long-term impact on productivity. In addition, thorough and comprehensive backup and recovery solutions will be critical. Any business that has customers, employees, and transactions is a target. Healthcare, infrastructure (utilities), and government are more vulnerable than normal as they have stretched resources and will continue to be target-rich environments for those who would use simple methods like spear phishing, malware, and ransomware to create the most damage.”
Emerging security technologies in 2021
There is no reason to believe the threats of today will not be the threats of tomorrow. There will just be more of them, and they will be more effective and continue to see a proliferation of distributed denial of service (DDOS) attacks, ransomware, business email compromise, and malware-based attacks. These attacks will be more successful as companies deal with a series of events that have changed the attack surface.
Considering the enterprise security trends, it is clear that there will be a sharp increase in the demand for cybersecurity talent next year. Solutions that move security closer to the edge (people, places, and things) will become much more popular in 2021.
Classic gateway-based solutions will be augmented by CESS solutions
In email protection, classic gateway-based solutions will be augmented by Cloud Email Supplemental Security (CESS) solutions that leverage API access and social graphs/artificial intelligence/machine learning to mitigate messaging-based attacks. More such solutions will be used to address the threats on collaboration-based tools such as Zoom, Slack, and Teams. These platforms have become very popular tools for collaboration and are susceptible to the same type of attacks that we see with email.
SD-WAN solutions have become more prevalent
Secure Software-Defined Wide Area Network (SD-WAN) solutions have become more prevalent. As public cloud adoption increases, many companies have started to leverage Azure, Google, and Amazon backbones as a delivery vehicle for their own WAN. This makes sense as more applications and services are delivered on these cloud services and their points of presence continue to expand worldwide.
Zero Trust is the new standard in secure remote access
With remote workers and cloud-delivered services becoming a de facto part of every business, solutions that manage access at the highest level of granularity with the least level of complexity to setup and manage, will become more popular in 2021. Trust-based solutions that implement Zero Trust and other trust-based solutions will be effective mechanisms to manage privileged access to services. Traditionally, customers used complicated solutions like NAC or VPN. In 2021, we will see great adoption of lightweight solutions that quickly and effectively manage access at the device and individual level.
To this, Klaus Gheri, VP, Network Security, Barracuda Networks added, “Cybercrime will go where money can be made. By 2021, the market will start adjusting to the major and lasting shift that COVID-19 has caused in corporate work environments. Security products and architectures will be under increasing pressure to be flexible to deploy and operate, minimally invasive to the users, and as effective as possible without conflicting with the privacy legislation in various regions of the world.”
In addition, the physical world is expected to respond to concerns about privacy and security with increased local legislation to ensure companies are implementing and maintaining the highest level of protocols to protect themselves. There will be a continued sharp increase in the demand for cybersecurity talent into 2021 as every company will have to implement measures and augment their resources to manage and monitor solutions for addressing the COVID-19 mayhem.
