What does 2021 behold? - Blue Cube Security

In his blog below, Rob Swainson, Sales Director at Blue Cube Security shares his insight on Cyber Security predictions and trends for 2021.  

The global pandemic continues to dominate the news in 2021, overshadowing everything else.  We have had a rapid rise in remote working, a host of pandemic-related scams and pressure to accelerate digitisation whilst cutting costs. Although 2021 brings with it the promise of a brighter future, there’s still a long road ahead. There are a number of whitepapers and useful articles circulating that detail various predictions for 2021, I have attempted to summarise some of the key points and recurring themes from a Cyber Security perspective.

Perhaps unsurprisingly, 96% of Execs have changed their Cyber strategy due to Covid-19 (Forbes.com).  IT departments have been forced to accelerate their plans and roll out new processes and systems – rapidly.  55% of enterprise executives plan to increase their investments in Cyber Security in 2021, while 51% intend to increase the level of full-time Cyber Security resource within their organisations – all of this comes against a backdrop where 64% of these Execs expect business revenues to decline.

IDC predicts enterprise Security spending to grow the fastest in four key industries, including healthcare systems and services, banking and financial, technology and media telecom, and public and social sectors, with Analysys Mason predicting mobile device Security the fastest-growing Cyber-Security category of all, attaining a 17% CAGR between 2019 and 2025, reaching $13 billion.

A report from Securitymagazine.com highlights that the growth in Cyber breach costs will outpace the growth of the global economy, so it is perhaps alarming that only a small proportion of organisations have a plan to both prevent and respond to Cyber Security incidents (McAfee)

Forbes has also identified that many CIOs and CISOs acknowledge that they need to do more with less, or at least more with what they already have.  Perhaps unsurprisingly FireEye have identified that owing to economic uncertainty many organisations are looking to maximise their return on investment in existing Cyber solutions, with Security validation becoming a key part of their approach in order to assess the effectiveness of their solutions (and to identify gaps and vulnerabilities).  According to research by McAfee, large organisations use an average of 47 different Cyber Security solutions, from an average of 10 different vendors.  This will come as no surprise to many, within Blue Cube we have seen some of our customers struggle to managed the 40+ (and in some cases 60+) tools in place.  All of this comes against a backdrop of the well-publicised gap in Security skills, making it increasingly difficult for organisations to derive value from the multiple tools that have been deployed.

As we progress through the first quarter of the year, here are some of the most prevalent rising trends (a roundup from my research*) set to dominate Cyber Security in 2021 and beyond:

1. Cyber Security skills shortage

Many organisations are reporting a shortage of Cyber Security staff, with a lack of skilled or experienced Security personnel their number one workplace concern. As a result of the ever increasing complexity in IT systems and the pace of change in Security tools to protect this rapidly shifting infrastructure, organisations are extending detection and response tools, machine learning and automation capability – all of which are emerging as a way of improving Security operations productivity and detection accuracy.

2. The migration to cloud computing

The relentless adoption of cloud and mobile computing is finally disrupting the traditional infrastructure Security market and reshaping network and Security requirements. The cost and efficiency gain that cloud computing promises, together with its easy scalability, have secured its place in the business world. However, organisations can’t afford to make assumptions about the Security standards of cloud partners. Cloud services are a prime target for attackers.  Organisations need to compile a clear picture of how their cloud services fit together and where data resides.

Network Security is changing to a cloud-based Security model known as Secure Access Service Edge (SASE), that merges network Security functions with extensive WAN capabilities to support the secure access to applications anywhere.  Container Security and serverless abstraction (the concept that software can be totally separated from the hardware servers that it runs on) are creating many challenges for securing workloads as teams adjust to an agile application world. Expect application delivery scale and complexity to keep growing as a result of component containerisations and native cloud delivery.

3. Regulatory Compliance requirements 

Digital business is producing pressure for Security organisations to restructure and address privacy, digital trust and safety, because of regulatory mandates. Policies must be revisited and modernised. Leadership must send clear messages and maintain regular communications.

Implementing compliance without good processes, people, training and diligence could leave organisations susceptible to a breach.  The joint pressures of increased compliance requirements and over-stretched resources sometimes lead to “tick box” compliance, rather than using compliance requirements as an enabler/business advantage. Organisations need to consider training a key component of any compliance process – McAfee cite a lack of user knowledge as being central for the success of attacks.  

4. Unrelenting evolution of threats

Since 2018, McAfee estimated the cost of global Cybercrime reached over $1 Trillion (>1% of Global GDP) and the growth of Cyber breach costs will outpace the growth of the global economy.

Both nation-state actors and Cybercrime organisations will intensify their activity in 2021. The ongoing COVID-19 pandemic will offer them new opportunities to target businesses. A multi-layered approach to Cyber Security and the involvement of private and government stakeholders is necessary to prevent Cyberattacks from having even more dramatic consequences.

Conclusions

• We are in a period of economic uncertainty, and Security validation will help ensure organisations are maximising their return on their Cyber Security investment.
• With the Cyber Security skills shortage there are other ways organisations can use experts to support these gaps. Often what is required is simply access to the right capabilities at the right time via an expert third party.
• Expanding cloud usage will require organisations to improve visibility into their cloud footprint, assets, and provider relationships to manage risks.
• Compliance is not just a tick box exercise.  By implementing the right processes, people, training and diligence will increase the chances of avoiding a breach. Internal contextual Cyber awareness training is paramount, to ensure our own staff are aware of the current threats posed by threat actors.
• With Cybercrime rapidly on the increase, taking precautionary measures to prevent the chances of threats will be key – reviewing your Cyber Security posture is a great starting point.  Organisations should limit the access to confidential data, undertake third-party vendor assessments – think the unthinkable and evaluate your supply chain process.  Training and development is also key with survey results indicating that employees don’t have sufficient training when it comes to Cyber Security.

*Research sources came from – Forbes, McAfee, Security Magazine, Gartner/Palo Alto Networks, FireEye.

Get in touch with us below or speak to us via our live chat at the bottom right of this page to find out how we may be able to help you or in the meantime learn more about our Cynergy Services by clicking here