8 Security Developments to be Thankful For in 2021
Rising security risks are happening across multiple fronts—from ransomware attacks aimed at defense contractors to threats stemming from hybrid work environments.
Meanwhile, midsize companies are still struggling with security issues and the lingering effects of the pandemic and the accelerated evolution of the threat landscape are having a negative impact on organizations’ security practices.
However, there have been several positive developments this year as well, including the United States and the European Union’s plans to join the Paris Call, an international effort to combat cyberthreats that endanger citizens and infrastructure.
The U.S. Department of Justice (DoJ) has also taken steps to crack down on ransomware with the creation of a National Cryptocurrency Enforcement Team (NCET) and the launch of the department’s Civil Cyber-Fraud Initiative, not to mention recent successes in prosecuting ransomware offenders and cryptocurrency thieves.
As it turns out, there are several positive developments in the IT security space to be thankful for as we approach the end of the year—here’s a list of the developments that are giving the nation’s top security pros hope for the future.
The Rise of AI and ML Security Tools
Using artificial intelligence (AI) and machine learning (ML) technologies to scan and analyze threats, malware types and activities transitions IT operations from being reactive to proactive.
“We’re thankful that the use of AI for threat identification and trends in cyberattacks is becoming more common,” said Timur Kovalev, chief technology officer at Untangle. “As software and hardware continue to gather data from global deployments, the ability to identify harmful malware links or phishing emails becomes more refined, stopping these attacks before they reach the gateway.”
He added that more and more cybersecurity products are storing information about threats in a cloud location so that as soon as a threat is identified, it can be blocked everywhere else immediately with this real-time, cloud-based intelligence.
The Shift to Cloud Security is Firmly Underway
Tim Wade, technical director, CTO Team at Vectra, said he’s thankful cloud migration is in full swing and organizations have internalized the need to shift towards this model.
“There’s a ton of resilience that just comes along for the ride during this journey, and in some respects it’s an opportunity for IT organizations to take a mulligan on decades of technical risk,” he explained. “Naturally there still are pitfalls on this journey and organizations that are carrying the legacy ‘set and forget’ mentality of classic IT security are going to get burned, but for organizations that are truly invested in understanding and managing their risks, this is a trend we should all be grateful for.”
Security is Finding a Seat in the Boardroom
Bud Broomhead, CEO at Viakoo, noted security leaders have been told to tie their efforts more closely to the company focus and bottom line to get a seat at the boardroom table and budget.
“It’s happening. With the attack surface rapidly expanding into IoT, OT, ICS and other forms of business-critical non-IT devices and services, cyberattacks have become more of an existential threat to organizations,” he explained. “Increased board-level visibility and more direct connection between security spend and corporate goals is clearly a security trend to be thankful for.”
More International Collaboration on Cybersecurity
In October, President Biden held a 30-country virtual meeting aimed at combating the growing threat of ransomware to economic and national security. The goal of the alliance will be “to accelerate our cooperation in combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency and engaging on these issues diplomatically.”
In addition, the U.S. and EU recently announced plans to join the Paris Call for Trust and Security in cyberspace, a multi-stakeholder group of supporters that includes states as well as private sector and civil society actors. The Paris Call is built around a shared commitment to safeguard the benefits the internet provides all people, protect individuals and infrastructure and promote the widespread acceptance and implementation of international norms of responsible behavior.
Security is Commanding More Wallet
IoT vulnerabilities are becoming more deadly (contaminated water supplies, industrial processes failing, deepfakes replacing real evidence) which backs up Gartner’s prediction that by 2024, 75% of CEOs will be personally liable for cybersecurity breaches.
“Cyber vulnerabilities, especially IoT, are already in the minds of corporate leaders, and there is every expectation that budgets to prevent and remediate these vulnerabilities will continue to increase as a consequence,” Broomhead said.
The Need for Insurers to Crack Down on Ransomware
Erkang Zheng, founder and CEO at JupiterOne, said ransomware has gotten scarier, and he expects to see a lot more of it. That’s another unfortunate trend for cybersecurity.
“To some extent, we have seen insurance companies coming out with some hard policies to address ransomware, either by not paying out the ransoms or demanding very strong security requirements as a condition of issuing their insurance policies,” he said.
From Zheng’s perspective, that is a good stance to take.
“The previous trend was that we needed to simplify compliance, which was not a good thing,” he explained. “But for insurance companies, money always talks, and until there is a breach, security is preventing nothing. The only driving factor is compliance or the monetary factor of insurance firms having very hard policies regarding cybersecurity protections.”
Vendor Consolidation is Coming for Security
Zheng noted another important trend involved security leaders who will direct their teams to consolidate and simplify their operational systems rather than adding new stuff.
“Consolidate, simplify and go back to the basics,” he said. “By ‘the basics’, I mean you can get the best-of-breed focus on some things and the average large enterprise already has some 50 to 70 big tool vendors.”
He said he expects many teams will consolidate their security vendors down to what may not be the best-of-breed in all cases, but good enough to allow users to have a cohesive view of things, rather than everything being siloed.
“If asked to put numbers to it, I would expect to see the number of security vendors at large organizations reduced by 20% to 30%,” he said.
Zero-Trust Gaining Ground
The growing number of cyberattacks and security risks has agencies and companies investigating or moving to zero-trust strategies, with the Biden administration even mandating zero-trust for federal agencies.
Kovalev said zero-trust is one of the latest cybersecurity approaches to protect digital environments based on the key principle that instead of first making services available and then locking down access to those services, no access is granted at all unless it is specifically and deliberately given.
“In addition, zero-trust can incorporate VPN technologies and build on the investments that have already been made,” he said. “In a zero-trust model, before access to anything is granted, the connection must receive explicit confirmation that the user has specifically and deliberately been given permission to access it.”
Kovalev pointed out many VPN technologies available are provided alongside technology that aids with assessing the permission, such as deep packet inspection, application awareness and decryption and encryption.
