The world and enterprises panicked due to the unprecedented COVID-19 pandemic’s surge at the beginning of 2020. The ambiguity around the crisis and the sudden rush for setting-up work-from-home for all employees magnified the concerns related to cybersecurity and impacted the most elementary IT business operations.
One of the critical concerns that most IT leaders confronted was to develop a robust business continuity plan in remote work environments and augment their IT frameworks to manage growing cybersecurity threats.
Based on our interactions with top cybersecurity leaders, we’ve identified some of the top cybersecurity trends of 2020. Let’s look at them and understand how they will evolve in 2021.
Businesses are adapting to the new normal
The majority of the enterprises are fast-tracking their digital transformation goals and modernizing their IT infrastructure to ensure their distributed organizational resources get secure access to the network (See: Combating cyber threats in the new normal).
The initial focus of organizations was to enable work-from-home in the quickest manner possible. As the businesses are getting settled in the new normal, enterprises are now focusing on protecting their people, devices, and data from cybersecurity threats.
Across organizations, there has been a greater emphasis on real-time security assessment across various endpoints, irrespective of employees’ location or network.
Zero Trust model gaining acceptance
Enterprises have been making efforts to deploy solutions that can immediately detect and halt anomalies and suspicious behaviors. One such approach that is now gaining mainstream acceptance is Zero Trust. It has become a key cybersecurity trend in 2020.
With the Zero Trust model, organizations can evaluate a remote-users’ behavior and bring up a timely alert to prevent any unscrupulous activity. Many tech-leaders believe that this methodology can circumvent over 90% of modern-day cyberattacks attempts.
Backed by real-time intelligence, the Zero Trust methodology verifies a user’s credentials through secure VPNs and monitors suspicious activity. It works on the concept of ‘never trust; constantly verify.’
The Zero Trust approach is different from the trust-based perimeter defense approach. In Zero Trust, users and their job requirements get adequately demarcated. It provides employees with adequate network permissions to access applications and tools relevant to perform their job virtually while withholding the rest of the corporate data visibility (See: Covid-19: Reimagining work with a zero-trust lens).
Focus on Dark Web monitoring for business
Another cybersecurity trend in 2020 is the Dark Web monitoring for business. The Dark Web is that segment of the Internet that cannot be accessed via conventional search engines such as Google or Yahoo. Over the past twelve months, it has swiftly turned into a booming black market place where cybercriminals collaborate and deliberate nefarious ways to launch sophisticated cyber-attacks on various systems. It is a treasure trove for unscrupulous types who can find several tools and resources to execute their unlawful web activities.
Throughout the year 2020, several cyber breach incidents were reported globally where many companies’ data were stolen and put up for sale on the Dark Web. Early this year, a global cyber risk intelligence firm Cyble, noted that the cybercriminals exposed personal details of around three crore Indian job seekers in one of the hacking forums.
These rising cases compelled many global organizations to set-up their intelligence units under their cybersecurity practices wing to monitor Dark Web. The trend is likely to pick-up further in 2021. CISOs are expected to keep a firm eye on the Dark Web to monitor various malicious and unethical activities to alert their security teams well in advance.
Emphasis on automation to control AI-based threats
While artificial intelligence (AI) is a great technology that can be leveraged to develop many modern-day IT security tools and resources, it is equally valid that cybercriminals can exploit the engineering for launching too sophisticated malware. During the year, many businesses saw the possibility of cybercriminals bypassing AI-driven security solutions by masking their activities and posing as real users.
In 2021, with 5G technology expected to be launched and IoT-based solutions to get mainstream, CISOs would be profoundly concentrating on protecting their AI-enabled digital systems and new process automation techniques to control AI-based threats.
Attention on closing the cybersecurity skills gap
The shortage of skilled security practitioners has become a growing pain for organizations across all sectors and getting wider.
According to a recent survey conducted by Cybrary, a cybersecurity and IT workforce development platform, growing skill gaps among IT and security professionals is seen as a significant factor that is negatively impacting the security team’s effectiveness. About 65% of surveyed IT Managers mentioned that skill gaps hurt efficiency.
The study also indicates that organizations lack the vision or enthusiasm to conduct training and skill-development programs in the cyber-security space.
Similar sentiments were echoed by a DSCI-PwC study, according to which the cases of cyberattacks on Indian organizations increased by 117 percent in 2019 compared to 2018. However, due to inadequate funding and paucity of skillful professionals, cyber-security professionals’ job roles remained unfilled.
In 2021, many CISOs are expected to focus on this area and develop requisite solutions to address the cybersecurity skills-gap challenge.