4 Trends for Security Leaders to Consider in 2021

security leader

If there’s one thing that 2020 taught us, it’s this—predicting the future can sometimes be a sloppy thing to do.

When the COVID-19 pandemic waltzed in this year, it threw a curveball on everyone’s plans and predictions. 

And yet, 2020 is not going to stop us from making calculated guesses about our future. Your top priority is to control the “known unknowns” before they happen and mitigate the dangers of completely unknown risks as much as possible.

And predictions help us do just that. We bank on predictions because they give us tentative visibility of what threats and opportunities to expect in the coming year.

Like always, experts are already sounding alarms about how worse the situation is going to be in 2021. Keeping with the spirit of things, I have my own set of thoughts about the future that awaits us next year. Below, I look at four major trends that cybersecurity leaders should be aware of in 2021.

Consider these trends like a four-course meal that will arrive in staggered waves—one comes often in a sequence of the previous trends.

Let’s dig in.

1. Remote work is closer than you think

If I had to take a wild guess, I’d bet that you’re reading this article from your home instead of your office. That’s because 2020 gave us the gift of remote work we all secretly wished for.Now that work-from-home is here, it’s not going away anytime sooner. Gartner forecasts that 74% of companies worldwide plan to keep a portion of their workforce remote for good.But every cloud has a touch of grey. For security leaders, the increase in remote work’s popularity means spreading the surface area of risks and vulnerabilities thin.Take for example the 127% increase in exposed remote desktop protocols (RDPs) reported since March of this year.2021 will make a lot of headlines about remote work bearing the brunt of security breaches because most businesses aren’t prepared to handle security in the remote front.We can’t blame them though—nobody knew that remote work would go on such as overdrive out of nowhere.And let’s be honest here—asking your employees to use VPNs is not going to fix the issue.The long-term solution to this predicament is two-fold:a) CISOs have to shift their IT security priorities to include remote work as an integral part of the business continuity policy.b) IT will have to eventually roll out a hybrid security model to secure all endpoints both on-site and present remotely.

2. The future is cloud-y with a chance of mishaps

cloudIt’s abundantly clear that more and more businesses are moving to cloud-deployed platforms. 2020 accelerated the pace of digital disruption by forcing organizations to move their operations completely online or to take the hybrid route.As an example, the market potential for technological containerization technologies is expected to reach $4.3 billion by 2022.But every technological advancement during its nascent years suffers inevitably from the lack of robust security infrastructure. Kubernetes, containers, and Docker are relatively new technologies that are prone to security breaches in the coming years.As more companies are adopting Kubernetes to move their DevOps to the cloud, security leaders will have to make sure their respective businesses understand how to correctly configure Kubernetes to avoid any security mishaps.

3. Businesses will lean heavily on vendor consolidation

So far, we have covered how the pandemic pushed us to embrace the rise of cloud-native apps which in turn has enabled the remote work culture at scale.That naturally leads us to the third trend that will emerge when the digital attack surfaces multiply while IT resources deplete, i.e., keeping the costs down without impacting your security posture.This will be easier said than done, especially when new zero-day vulnerabilities are constantly lurking around the corner.One way to offset this problem is to apply the process of elimination to your existing IT resources. Keep only what you need and get rid of everything else that can act as a potential window for cybercriminals to sneak in.In other words, keep high-ROI applications and declutter low-impact point-solutions from your stack.A recent research report from McKinsey validates this idea. According to their finding, businesses can cut 30% of all IT spends by decommissioning redundant applications or delaying smaller projects—among other things.Consolidating your tools and vendors will help you close critical security gaps and also help you save a ton of time and money that goes into managing these resources.

4. Security training will be the new business frontier

trainingEveryone knows the damage COVID-19 has had on a majority of businesses all around the world. What most people don’t know about is the equally dangerous and widespread damage that cybercrime has caused since the pandemic.According to the FBI, there’s been a 300% increase in reported cybercrimes since the onset of COVID-19.Most of these instances include ransomware attacks, business email compromise (BEC) scams, phishing attacks, VPN brute-force attacks, and MFA bypassing.And guess who is responsible in most of these instances?That’s right—humans.But here’s the thing. If I found a security patch every time I heard someone say “humans are the weakest link in a security chain,” I might perhaps build the most impregnable security software.I think it’s time to retire this humans-are-the-weakest-link rhetoric because it’s lame to shift the blame to something that we can actually control.By the end of 2021, I predict a significant number of enterprises will start prioritizing security awareness as a non-negotiable aspect of their business—like tax filing, customer service training, or as a prerequisite to hiring.Consider the dangers of not doing so in an increasingly remote-friendly business environment. Your employees might download their work documents to an unsecured personal laptop before flying to Bora Bora island as part of their nomad lifestyle.It’s an insider threat you can’t control unless you inject a heightened sense of security awareness in each of your staff.I hope you see value in the above trends I have shared and you will use them to navigate the coming year more confidently and judiciously. Being prepared and having a contingency plan are the only keys to your organization’s data security.