10 Cybersecurity Predictions for 2021: Trends in Protecting Remote Workforces, Part 2

In our first post, we covered what cybersecurity could look like in a remote work landscape in the new year. This post looks at how processes will drive the rapid shift to digital transformation for organizations.

Security predictions for Processes

CISOs will encourage their SOC teams to be more open about staffing and technological shortcomings. To aid in the fight against sophisticated digital adversaries, SOC teams will take center stage in the fight against cyber attacks. Analysts are tasked with combing through thousands of security alerts a day, which is exacerbated by the fact that over half of their time is spent on data collection and chasing false positives. Leadership should be concerned that analysts are at a severe risk of becoming overwhelmed and constantly feeling like the odds are stacked against them. 

CISOs are ultimately responsible for developing and maturing the security program and reevaluating what tools are missing. With SOCs being distributed in the remote work environment, CISOs must encourage their teams to report staffing and technological shortcomings and to help develop and enhance security programs. When security teams express issues that may be heavily affecting their work, it lessens the burden on the CISO to evaluate from the top down.

A CISO acts as a bridge between the security analysts and stakeholders such as the CFO, CEO, and board of directors. In 2021, “By empowering their analysts to be vocal, a CISO can cite real life situations and evidence to the leadership team. The goal should be to expedite approvals necessary to create capabilities that simplify investigations and aid in response in order to combat risks and lessen burnout,” predicts Steve Moore, chief security strategist at Exabeam. “In addition, giving analysts voice would help narrow the gap between analysts who feel they don’t have a career path and CISOs, on the other hand, who don’t see this as an issue.”

Data breaches from cloud apps and services will rise. Security will have to quickly catch up with the move to the cloud. “For most security teams, 2021 will be a time to take stock and retrospectively apply due diligence to all cloud applications and services brought online to support remote working in 2020,” says Sam Humphries, security strategist at Exabeam, “This means ensuring that security controls meet at least pre-COVID standards — with visibility, detection and response capabilities across cloud services, applications, and infrastructure — across both current and ‘old normal’ cloud applications and services.”

The pandemic forced an almost overnight transformation in the way most businesses operate, particularly for those that did not already have cloud security tools in place. The hasty nature of these changes — combined with reduced staffing, less investment in security and an increase in attacks — presents some major data security issues. A survey of cyber professionals conducted in May 2020 painted a bleak picture: 71% of cyber professionals were seeing an increase in threats, three quarters had furloughed members of their SOC team, and 60% needed to defer planned investments in security technology.

Most organizations — out of necessity — reduced security standards to quickly meet the demands of a newly remote workforce. Unfortunately, this has created a bigger playground for cybercriminals, and unless controls are strengthened this will lead to a flurry of data breach notifications. Sam continues, “With far more entry points open to attackers, securing and monitoring the credential is more important than ever.”

Monitoring of insider risk indicators will increase. Insider risk to end user data will be easy pickings — whether the threat actor is employed by the organization, a contract worker or an external actor — and external threats will continue to mask themselves as insiders. “The easiest way into an enterprise is through the employees. So the more we can protect them, the more we can protect our enterprise,” says Colin Anderson, chief information security officer at Levi Strauss.

Barry Shteiman, VP, Research and Product Management at Exabeam explains what it means for the workforce today, “Our new work reality meant for many a fundamental change in the way users connect. This means that behaviors that were once trivial to track are now more difficult due to the nature of a distributed workforce. Security organizations must adapt and collect signals and indicators that help them see that new picture, in order to reduce insider risk.”

“Security organizations should view this as one giant risk assessment and be careful not to think of these changes as temporary. Instead, they need to apply what they’ve learned this year to 2021 and beyond,” says Mark Wojtasiak of Code42.

Mark advocates for a proactive risk-based approach to protecting data. One that is not rooted in ‘identify, protect, detect, respond, recover’ but that goes upstream and prevents the risk before it happens. As workforces become more distributed, organizations will need to increase efforts to track what’s happening with data both on and off the corporate network. Enhanced data tracking, when done appropriately, provides organizations much needed insider risk indicators and the data risk intelligence they need to continuously improve their risk posture. This will be crucial as security teams try to keep pace with the cloud-based, collaborative and remote working landscape they are now facing.

“It’s about extending our security protocols and expectation around trust and integrity to third parties…we’ve had good security programs, but can I trust you on passing incredible amounts of public and customer data, credit card information, etc.?” says Charlie McNerney, VP and chief information security officer at Expedia Group. He predicts organizations will focus on the different journeys of employees, customers, developers, third parties, and more to evaluate ways to protect comprehensively and how far to extend that protection.

Look out for our next post on security predictions for Technology.