New! The Security Ratings report is now the Executive Report. Request your report to see enhanced analysis such as your rating, likelihood of ransomware incidents, and likelihood of data breach incidents.
2020 was a transformative year that blew all predictions out of the water. As we look ahead to 2021, we will continue to see the repercussions of this year’s events.
There is much work to be done. Below is our take on the top three 2021 cybersecurity trends that security and business leaders must confront in the year ahead.
1. The SolarWinds Fallout
Government and business leaders are still trying to determine the scope and implications of the hack which exposed at least 18,000 organizations and is believed to date back years. But the fallout will continue to dominate agendas in 2021 – with an acute focus on third-party cyber risk.
Third parties have long been a lucrative target for bad actors and the threat is rising. In 2018, Opus and Ponemon found that 59% of companies experienced a breach caused by one of their vendors or third parties. But as the SolarWinds attack made clear, if organizations are to combat these evolving threats (the breach of SolarWinds’ Orion platform used cyber tools never before seen) a new approach is needed.
The SolarWinds breach isn’t the only indicator that things aren’t working. We contribute to and review the Verizon Data Breach Investigations Reports (DBIR) each year, but one thing stands out to us – nothing much has changed. The overall state of the cybersecurity world is much the same. Security and risk leaders appear to be doing the same things, year in and year out, with the same predictable results. Despite years of heavy investment in security controls, organizations continue to be vulnerable. This illustrates a need for change in our industry. Security must be approached as a strategic risk problem, not a tactical technology one.
In 2021, security controls will continue to be important but boards and C-suites should demand to see the business outcomes and results of their security investments. They must also hold vendors accountable for security performance. This will require reexamining how they approach their third-party risk management programs and finding ways to appropriately resource and mature those programs to create a more secure digital ecosystem.
2. Adapting to a hybrid work from home/in-office model
The pandemic brought about a radical shift to our working norms and the technology and security infrastructure needed to support that shift. As companies return to the office, security managers will need to make important decisions about how they’ll adapt their infrastructure to support a new hybrid model of work from home (64% of companies plan to increase remote work policies) and in-office.
How secure is your organization?
How secure is your organization?
As the digital ecosystem expands across this dynamic hybrid model, so will the attack surface. In 2021, business and security leaders must get a handle on the cyber risk hidden across their digital assets – on-premises, in the cloud, across geographies, and the remote workforce. With these insights, organizations can effectively allocate tools and resources to areas where they are needed most.
3. New cybersecurity regulations
As government and business leaders grapple with the fallout of the SolarWinds data breach and a new administration takes over in Washington, D.C., business leaders should anticipate the possibilities of new cybersecurity regulations, policies, and standards. In addition, given that the federal government heavily utilizes SolarWinds’ solutions, it’s likely that many cybersecurity frameworks like NIST and certifications like CMMC will also be reworked to include more stringent controls and practices that apply to the government contracting community.
The General Services Administration (GSA) is already taking steps to scrutinize its critical supply chain as required in a draft of its Polaris IT services acquisition vehicle. The GSA is developing a vendor risk assessment program tool and will require contractors to agree to cyber security audits of their risk processes and events.The move further highlights the need for vendors to measure and demonstrate the performance of their security program.
2021 cybersecurity trends: the takeaways
No one could have predicted the unprecedented circumstances that unfolded in 2020, and we’ll continue to see reverberations into 2021. The spectre of the SolarWinds attack will loom large, hybrid work models will become the norm, and regulations will evolve. All the while, it will be critical for businesses and government agencies to change their thinking and focus on understanding their cyber risk exposure and drive accountability for improvement. Without making these changes the status quo will remain.
Get the Weekly Cybersecurity Newsletter
Subscribe to get security news and industry ratings updates in your inbox.