Future Trends in Cybersecurity

Cybersecurity has risen to the top of the corporate agenda as organizations continue to grapple with cyber threats to online commerce associated with increased remote work and driven by the New Crown epidemic. Here are five cybersecurity trends that enterprises should recognize as they emerge from the New Crown epidemic.

Cybersecurity has risen to the top of the corporate agenda as organizations continue to grapple with cyber threats to online commerce associated with increased remote work and driven by the New Crown epidemic. Here are five cybersecurity trends that enterprises should recognize as they emerge from the New Crown epidemic.

According to research firm Gartner, 88 percent of enterprises now view cybersecurity as a business risk, not just a technical issue that IT teams need to address.

Gartner predicts that increased concerns about cybersecurity, coupled with a continuing shortage of cybersecurity professionals, will also drive changes in cybersecurity strategies and workplace policies in the coming years, including

• By 2025, 60 percent of enterprises will cite cybersecurity risk as a major deciding factor in conducting third-party transactions and business dealings.

• By 2025, 80 percent of enterprises will adopt a strategy of unifying Web, cloud services, and private application access from a single vendor's security services edge platform.

• By 2026, 50 percent of enterprise executives will include risk-related performance requirements in their employment contracts.
  
  

Here are five cybersecurity trends that enterprises should recognize as they emerge from the new crown epidemic.

1. Ongoing remote work

The new crown epidemic has dramatically changed the way businesses work. For many, what started as an expectation to work from home for a few weeks has turned into long-term remote work. Some companies have given up on having employees work in the office and are giving them the option to work remotely from anywhere they choose to save money. Others have given employees the ability to work part-time or full-time from anywhere.

When the new crown epidemic hit, most enterprises had to quickly move their services and applications from on-premise facilities to the cloud. This new architecture with cloud-based resources and a work-from-anywhere workforce was supposed to be temporary. Functionality naturally took precedence over security, as the primary goal of the enterprise was to keep the business running.

However, as the enterprise shifts to remote work, security teams need to rethink their work arrangements and take the necessary steps to update security policies, processes, and technologies. There will be challenges in implementing security controls, maintaining visibility into security events, and proving compliance with security requirements.

A final element of retooling a cybersecurity strategy for remote work: some time will need to be spent ensuring that enterprise security team members can work well together in the new environment and interact and communicate with other technologies and operations.

2. Adopt automation technologies

For years, security teams have faced challenges. They often cannot address all the threats facing an increasingly large and complex network of computing resources. As a result, the need for cybersecurity experts in the enterprise continues to grow.

Rather than increasing human resources to accommodate the shortcomings of tools and technologies, enterprises must increase their reliance on automated technologies. Security technologies that use artificial intelligence and machine learning and perform continuous data analysis on monitored security event data can detect new threats faster than people can. They can spot subtle patterns of malicious attacks that are invisible to humans. Similarly, security automation can continuously identify new software vulnerabilities, configuration errors, and other issues and ensure that each is quickly mitigated.

Increasing the amount of automation and improving the quality of automation techniques can reduce the daily burden on cybersecurity experts. These experts can then spend their time on more strategic matters that can benefit the enterprise in the long run.

3. Adopt the zero-trust principle

Zero trust is the new name for an old concept: the assumption that nothing or no one is to be trusted. Verify the trustworthiness of each device, user, service, or other entity before granting access, and re-verify trustworthiness frequently during access to ensure that it has not been compromised. Allow each entity access only to the resources it needs to minimize the impact of any breach of trust. The zero trust principle reduces the frequency of incidents and the severity of the incidents that do occur.

Zero Trust is a principle, not a security control or technique. It relies on an entire technology infrastructure designed to check and re-check each entity's identity and security posture and continuously monitor activities involving each entity. Achieving this goal requires extensive collaboration among security architects and engineers, system and network administrators, software developers, and other technical professionals. Implementing zero trust is typically a phased process, so organizations must adopt zero trust principles as soon as possible.

4. Improve responsiveness

Most enterprises need to improve their responsiveness. Gaining access through ransomware attacks has become a real business for cyber attackers, effectively locking victims out of their systems and data and demanding large ransom payments from victims to restore access or data. At the same time, these cyber attackers are conducting massive data breaches, collecting large amounts of sensitive data, and demanding ransom payments.

Enterprises need to be prepared for large-scale ransomware incidents, which means that incident responders must work closely not only with security experts but also with system administrators, legal counsel, public affairs, and others to ensure a smooth response and rapid restoration of services and that victims need to deal with cyber attackers before they can make ransom demands.

5. Recognize supply chain risks

Enterprises often trust the services or products their suppliers and service providers provide. The data breach suffered by SolarWinds illustrates how dangerous trust in the supply chain can be. Cyber attackers can infiltrate companies and may provide compromised technology products or services to other companies. 

In turn, these companies may not only be compromised, but they may expose their own customers' data to cyber attackers or provide compromised services to their customers.

There are no easy answers to this problem, and many aspects of a company's security strategy and technology must be improved. 

The most important thing at this point is to recognize the risks in the supply chain and defend against them in advance. Whether this means holding suppliers accountable for poor security practices that lead to data breaches, requiring more transparency in their security practices before renewing contracts, or adding requirements for new purchases, companies need to raise awareness of these issues and put pressure on suppliers to do better.