6 Security Predictions for 2021—And Why They Matter
A discussion of the security threats teams may face this year and six steps that security professionals can take to better safeguard your organization's data.
Join the DZone community and get the full member experience.Join For Free
Understanding industry trends is important for any IT professional, but it’s especially critical for anyone working in security. Teams need to be able to stay a step ahead of a wide range of security threats. With the global COVID-19 pandemic altering the way enterprise organizations do business and their employees work, it’s been a particularly challenging year to achieve this, all while ensuring that the new tools employees need to stay connected and productive don’t put individuals, or the enterprise, at risk.
Just as the nature of our work style and lives have changed, so too has the threat landscape and the security tools we use to combat it. We’re constantly learning about emerging and ongoing security trends that will impact businesses and customers globally, but with breaches du jour, it’s often hard to know which are the most important. That said, there are six factors that IT and business leaders should keep top of mind to kick off the new year right.
Heightened Emphasis on Endpoint Security
As work-at-home continues into 2021, end users need to be aware of and watch for attacks vectored through the cable company equipment that provides remote access to corporate systems. These home-based, all-in-one firewalls and routers are infrequently upgraded or patched, and they are far inferior to business-class products. We expect “zero trust” vendors to continue to benefit as both a stopgap cybersecurity software for home workers and a VPN replacement. At a minimum, enterprises will need to beef up security training and education for all employees, particularly those who traditionally have not logged in from home.
Adoption of a Common Service Data Model
Siloed security information continues to threaten response times to cybersecurity incidents, leaving corporate systems vulnerable to ongoing attacks. The industry will become increasingly aware of the benefits of a common service data model, which will lead to better integration of security silos at the platform level. The use of distributed security sensors in conjunction with a common data model will decrease response times, helping enterprises mitigate the impact of threats and limit the disruption to everyday business operations.
B2C Verification Comes to the Enterprise
Commercial business-to-consumer identity verification will begin to bleed into business-to-employee transactions. Employees will begin to be verified with information from their life history, such as previous home addresses, banking relationships, or loyalty program memberships. This will be used when they are considered high-risk for completing a transaction such as obtaining a privileged password. This type of verification will make it harder for hackers to create, or potentially take over, valuable, privileged accounts.
Proactive Removal of Access for Current and Former Employees
As government benefits run out for individuals and businesses around the world, unfortunately we expect more layoffs. For some individuals who are now out of a job, desperation may set in, and security teams must prepare for the worst. A disgruntled employee in a work-from-home environment, unsupervised by managers and unencumbered by IT staff, may be tempted to sell corporate information, intellectual property, trade secrets, and passwords and/or personally identifiable information (PII). Corporations need to be aware of this potential risk and promptly take action to remove individual access ahead of time.
Increased Automation of Business Processes
The adoption of Machine Learning (ML) and Artificial Intelligence (AI) will accelerate, enabling virtual assistants and robotic process automation (RPA) to further streamline business processes and increase productivity. This will affect enterprises in two key ways. First, AI-enabled algorithms will also allow access to applications and data to be analyzed faster, which will enable governance teams to complete more reviews in less time. Employees requesting access will allow AI bots to complete their profile lookup, compare their profile to their peers, and if everything appears legitimate, will then gain access without the need for additional approvals. On the other hand, this new age of automation will require new approaches to ensure security, governance, and privacy are being controlled.
Apple Continues Its Mobile Security Differentiation
Apple continues to pioneer privacy and security. One example is randomizing MAC and BLE addresses, which makes it harder for a device to be tracked when joining different Wi-Fi or Bluetooth networks. Another is presenting indicators that show when a microphone or camera is being used. A third is highlighting passwords that users may not realize are compromised. This year, we expect to see continued benefits from Apple’s membership in the FIDO Alliance, such as further elimination of passwords to the point that mobile privacy and security become a differentiator for the company.
While 2021 may be off to an unpredictable start, these six trends will drive the work of security professionals and their teams. There’s a lot to be hopeful about — such as progress with AI automation to help streamline business processes — but with that comes new sets of access points and threats, too, and hope alone is not a strategy. Fortunately, by keeping these factors in mind, organizations can maintain a strong security posture, while staying prepared for what’s next.
Opinions expressed by DZone contributors are their own.