They also switched to remote working, prioritizing the continuity of the business and productivity over computer security. This opened up vulnerabilities that will continue affecting companies in 2021.
In the year we are transiting, focusing in cyber security will admit no further delays, as an increase in attacks to the Cloud Service is expected. In such a context, “Safety cannot be centered in the data centre and must be moved to the Cloud environment. Security architecture must also evolve and grant access only to traffic between authenticated users, devices and applications in a distributed organization”.
Companies need to secure remote workers which now are outside a controlled environment, as much as the critical information they handle, in times during which an increase in internal threats is foreseeable – due to lack of cyber security culture and education .
Threats in multiple fronts
The coming year will be signed by the continuous growth of ransomware, which is a type of ill intended software designed to block access to a computer system until a sum in money is paid. In 2020 this type of attack was multiplied by 7 in comparison to the previous year. The migration of work to the digital world raised the number of potential victims of these attacks, as well as others, social engineering related, such as phishing.In that sense, a study recently showed that the problem of ransomware does not only affect large organizations, as a 46% of small and medium businesses were victim of such attacks, and of those attacked, 73% paid a ransom. On the other hand, this problematic does not only affect developed countries:it is expected that ransomware will appear in Latin America as well, directed and developed in the region. And besides, an advance of coordinated attacks to businesses and public entities is expected, with the purpose of exfiltrating information to publish later on social networks.
Another of the 2021 trends in the field of data and computer security has to do with the Internet of Things (IoT): the advance of this paradigm, together with remote work, gives way to new risks: as a matter of fact, an important increase in IoT device directed malware. The majority of these attacks are directed towards consumer connected devices, and the underlying intent if to infiltrate corporation networks.
The new approach, which wins each time more consensus in the world of computer security, is more proactive, and less reactive. The objective is to prevent attacks instead of reacting after having suffered one. In that sense, the concept of Zero Trust architecture becomes preeminent, as it reduces the attack surface to the minimum, to avoid incidents and attacks. This model of “not trusting anything and verifying everything” adopts a micro level approach to identify access requests in all points of a network, with granular controls , which seek to respond to the problem of remote user dispersion in the world, and the adoption of new technologies such as IoT.
Another concept in vogue in the field of computer security is cyber security mesh. It is about an architectonic approach distributed for scalable, flexible and dependable control. Given that many assets now exist outside the traditional security perimeter, the cyber security mesh essentially allows for the security perimeter to be defined around the identity of a person or thing.
That is to say, that the model of assembling a perimetral wall around the physical organization and the network with traditional firewalls and antivirus software, is now obsolete. Now, the cyber mesh security concept acknowledges that networks have no physical boundaries, and that organizations need to build a safety perimeter around each individual user, which allows them to access in a safe manner all assets from any location and device.
In such a scenario, in 2021, the trend to adopt a unified security platform will increase, instead of specific traditional solutions. This type of platforms offer proactive protection and allow to “approach threats systemically in all networks, applications, users and devices, employing an integrated solution”.
Hence, the recommendation is that in 2021, organizations face audits and additional reviews of their information security processes and practices, and to display a more proactive approach.