2021 Cybersecurity Trends
Protecting your network and data from malware and other online threats is an activity that is never completely done. Cyberattacks are always evolving, with new threat variants being introduced and new twists on existing threats catching systems off guard.
2020 was a particularly disruptive year due to the pandemic, and one in which online attacks flourished and grew as everyone relied on the internet more than ever. 1 in 6 Australians were victims of cybercrime during the COVID-19 lockdown.
Another way the pandemic has impacted cybersecurity is through increased reliance on the cloud. Companies had to quickly put systems in place to support remote teams, moving workflows to the cloud so they could continue operating.
To stay properly prepared, it’s important to review upcoming trends in cybersecurity in inform the protections you may need to put in place at your organisation.
Here are some of the major trends to watch for in cybersecurity this year.
Cloud Security Posture Management
A new term you’ll be hearing a lot of this year is Cloud Security Posture Management (CSPM). This is the automation of the identification and elimination of threats across a company’s cloud environment.
Most companies have had no choice but to fully adopt cloud processes to ensure business continuity in the face of the pandemic and potential future unknown events to come.
They’re finding that cloud security isn’t as intuitive as they thought and things like unsecure passwords and misconfiguration of security settings can leave their cloud data and tools at risk.
Misconfiguration is the #1 cause of cloud data breaches.
Some of the things that CSPM tools do are:
- Continually monitor your cloud environment for threats
- Identify misconfigurations and remedy them automatically
- Assess risk and detect vulnerable account permissions
- Ensure compliance with common standards
Zero Trust Cybersecurity Becoming a Standard
One of the reasons that attack volume and sophistication are increasing is that organised crime factions are realising the money-making potential of attacks like ransomware.
According to the Sophos 2021 Threat Report, the institutionalising of ransomware by these cybercrime cartels has made attacks more efficient and those that took weeks or days to deploy, now only take a few hours.
To combat the increased sophistication of attacks designed to get past traditional cybersecurity systems, zero trust IT security is on the rise. With zero trust, systems are put in place that continually challenge users and processes, instead of just assuming any entities that made it past a firewall are authorised inside the network.
Some of the tenets of a zero-trust strategy are:
- Continuous monitoring of network activity for suspicious behavior
- Application whitelisting
- Application ringfencing
- User whitelisting for remote desktop protocol (RDP)
- Advanced multi-factor authentication (MFA)
Endpoint Device Management as a “Must”
During the pandemic, 88% of Australian organisations have encouraged companies to work from home. The move to a remote workforce complicates network security because devices accessing company apps and data are now spread out over multiple locations.
Endpoint device management has now become something companies must put in place to ensure they can monitor and remotely manage all those devices to keep them secure.
Using a platform like Microsoft Intune (part of Microsoft 365 Business Premium), companies can handle updates and patches remotely, grant or revoke device access to company assets, and monitor endpoint traffic on the network.
Ransomware Safeguards Taking Center Stage
Ransomware is one of the multiple forms of malware that companies defend against when putting together cybersecurity plans, but it’s now taking center stage as a major threat above many others.
Over the past year, the volume of ransomware has increased along with the cost of remediation. Between 2015 and 2021, the estimated cost in global ransomware damage increased 57 times.
The threat has become so high that in the Sophos 2021 Threat Report, ransomware garnered its own threat category.
Emphasis will be put on taking a multi-layered strategy specifically to combat ransomware, which includes protections like:
- DNS filtering to block malicious sites
- Email spam/phishing filtering
- Strong data backup and recovery system
- Antivirus/anti-malware with advanced threat protection (ATP)
- Anti-ransomware configurations in cloud platforms like Microsoft 365
- Ongoing employee cybersecurity awareness training
Securing the Remote Workforce
The move to a remote team took many organisations off guard last year. They had to quickly put cloud systems in place to keep their business operating, but many weren’t sure how to address security.
Employees working from home are on home networks, which are generally less secure than a business network. Additionally, they may be using their own personal devices to connect to company resources, which could leave more holes in a security posture.
Remote teams aren’t going anywhere even after the pandemic has passed. So, this year companies will be focusing on what needs to be put in place to keep connections secure and spread their cybersecurity net out to include their remote workforce.
Is Your IT Security Strategy Ready for 2021?
GKM2 can help your Sydney area business assess your current cybersecurity strategy and make recommendations to improve any vulnerabilities so you stay protected.
Contact us today for a free consultation. Call +61 2 9161 7171 or reach out online.