2021 Cybersecurity Trends: BitSight Predicts the Top 3

Brian Thomas | January 11, 2021 | tag: Cybersecurity

2020 was a transformative year that blew all predictions out of the water. As we look ahead to 2021, we will continue to see the repercussions of this year’s events.

There is much work to be done. Below is our take on the top three 2021 cybersecurity trends that security and business leaders must confront in the year ahead.

1. The SolarWinds Fallout

Government and business leaders are still trying to determine the scope and implications of the hack which exposed at least 18,000 organizations and is believed to date back years. But the fallout will continue to dominate agendas in 2021 – with an acute focus on third-party cyber risk.

Third parties have long been a lucrative target for bad actors and the threat is rising. In 2018, Opus and Ponemon found that 59% of companies experienced a breach caused by one of their vendors or third parties. But as the SolarWinds attack made clear, if organizations are to combat these evolving threats (the breach of SolarWinds’ Orion platform used cyber tools never before seen) a new approach is needed.

The SolarWinds breach isn’t the only indicator that things aren’t working. We contribute to and review the Verizon Data Breach Investigations Reports (DBIR) each year, but one thing stands out to us – nothing much has changed. The overall state of the cybersecurity world is much the same. Security and risk leaders appear to be doing the same things, year in and year out, with the same predictable results. Despite years of heavy investment in security controls, organizations continue to be vulnerable. This illustrates a need for change in our industry. Security must be approached as a strategic risk problem, not a tactical technology one.

In 2021, security controls will continue to be important but boards and C-suites should demand to see the business outcomes and results of their security investments. They must also hold vendors accountable for security performance. This will require reexamining how they approach their third-party risk management programs and finding ways to appropriately resource and mature those programs to create a more secure digital ecosystem.

2.Adapting to a hybrid work from home/in-office model

The pandemic brought about a radical shift to our working norms and the technology and security infrastructure needed to support that shift. As companies return to the office, security managers will need to make important decisions about how they’ll adapt their infrastructure to support a new hybrid model of work from home (64% of companies plan to increase remote work policies) and in-office.

As the digital ecosystem expands across this dynamic hybrid model, so will the attack surface. In 2021, business and security leaders must get a handle on the cyber risk hidden across their digital assets – on-premises, in the cloud, across geographies, and the remote workforce. With these insights, organizations can effectively allocate tools and resources to areas where they are needed most.

3. New cybersecurity regulations

As government and business leaders grapple with the fallout of the SolarWinds data breach and a new administration takes over in Washington, D.C., business leaders should anticipate the possibilities of new cybersecurity regulations, policies, and standards. In addition, given that the federal government heavily utilizes SolarWinds’ solutions, it’s likely that many cybersecurity frameworks like NIST and certifications like CMMC will also be reworked to include more stringent controls and practices that apply to the government contracting community.

The General Services Administration (GSA) is already taking steps to scrutinize its critical supply chain as required in a draft of its Polaris IT services acquisition vehicle. The GSA is developing a vendor risk assessment program tool and will require contractors to agree to cyber security audits of their risk processes and events.The move further highlights the need for vendors to measure and demonstrate the performance of their security program.

2021 cybersecurity trends: the takeaways

 

No one could have predicted the unprecedented circumstances that unfolded in 2020, and we’ll continue to see reverberations into 2021. The spectre of the SolarWinds attack will loom large,  hybrid work models will become the norm, and regulations will evolve. All the while, it will be critical for businesses and government agencies to change their thinking and focus on understanding their digital risk exposure and drive accountability for improvement. Without making these changes the status quo will remain.

Ransomware: The rapidly evolving trend ebook

Suggested Posts

Third Party Services: The Cyber Risk They Pose and How to Protect Your Organization

To serve your customers and realize efficiencies, your organization may work with dozens if not hundreds of third parties including partners, vendors, cloud service providers, and subcontractors. 

But digital ties with these providers...

READ MORE »

What is Network Segmentation Cyber Security and is it Right for You?

These days, we often hear the word “quarantine” in everyday conversations--but quarantining takes on a different meaning when it comes to protecting your network. 

Often, when we discuss quarantining from a cyber security perspective...

READ MORE »

The BitSight and Moody's Partnership: A New Era For Cybersecurity

Cybersecurity is one of the biggest threats to global commerce in the 21st century.

By providing data-driven insights into cybersecurity, we can empower the marketplace to make better, risk-informed decisions and create a more secure...

READ MORE »

Get the Weekly Cybersecurity Newsletter.