2021 will be another challenging year for cybersecurity professionals. Security teams now face a plethora of new challenges brought on by the rapid deployment of tools, technologies and processes that enabled business continuity over the last 12 months. Many of these challenges stem from the widespread shift to remote working which, in a matter of days, completely changed the threat landscape for most organisations.
The rushed nature of the remote working rollout now poses some major data security issues, which are compounded by the impending shift to a hybrid working model in the long term. In a recent Gartner survey of business leaders across HR, Legal, Compliance, Finance and Real Estate, 82% of respondents said they are planning to permit remote working some of the time as employees return to the workplace, while almost half intend to let employees work remotely full time.
It is the combination of employees working flexibly – both onsite and remotely – that cements the challenge for security teams in 2021. The increasing severity of the threat landscape is clear. Deloitte’s Cyber Intelligence Centre observed a significant spike in phishing attacks, malspams and ransomware in 2020, with threat actors using COVID-19 as bait to mislead employees working outside the confines of the corporate environment. The closing weeks of the year presented an even greater threat, with what looks to be the most widespread advanced persistent threat (APT) attack in the history of cyberwarfare. According to Microsoft, the sophisticated nation state attack – which penetrated a vast range of both public and private sector organisations – was a “moment of reckoning” in the evolution of cybersecurity threats.
As this evolution continues its relentless march forwards, security leaders and practitioners across all industries will need to focus on closing four key security gaps to ensure their organisation is both productive and secure in 2021.
1. The proliferation of mobile devices
The ‘new normal’ has changed both the scope and definition of how organisations will need to think about ‘mobile security’ in 2021. With more employees now working on mobile devices – particularly in a bring your own device (BYOD) format – it will be vital to ensure these are properly secured, as the attack surface is now far wider. This threat is further amplified by the associated increase in cloud adoption.
Strong unified endpoint management (UEM) data loss prevention (DLP) policies and the application of a cloud access security broker (CASB) will be important tools for any security in 2021. These will provide visibility – on a user, device and activity level – as well as the ability to enforce granular security policies, for example on files or messages containing sensitive or restricted data. This will also extend both visibility and manageability to other third-party cloud applications.
2. A disparate workforce
The hybrid working environment means it will be more important than ever to focus on ensuring users are working to best practices. Co-working venues are likely to become more popular as permanent office spaces become less viable and more businesses – such as pubs, cafés and restaurants – are providing co-working options as an additional revenue stream. While many dedicated co-working spaces are security conscious, those new to the format may be less so. Employees working from these locations often do so without the knowledge of security teams. Doing so opens up another avenue for potential bad actors to compromise devices and services via man-in-the-middle (MITM) and similar style tactics. Going forwards, this will force organisations to consider a much broader range of security tools and potential attack types.
The impact of mobile worker behaviour also bleeds into supply chain risk. CISOs in particular will be tasked with providing a top-down view of organisational risk, including customers, third parties and potential supply chain breaches. Reconciling a mobile workforce and mobile device estate – one that potentially mixes personal and work tasks into single workflows – significantly broadens this risk and dilutes visibility across the organisation.
3. Collaboration sprawl
While the benefits that collaboration tools bring are clear, so too are the associated risks. During the pandemic, employees spent months rolling out collaboration tools like Microsoft Teams, Slack, Zoom and OneDrive in a hurry to support remote working. However, as a recent report from Aternity showed, this resulted in a significant increase in collaboration application sprawl, with employees adopting numerous collaboration tools for internal, external and ad hoc communications. This extends the organisation’s threat surface and has the potential to impact data governance in new ways. For security teams, simply gaining visibility into the sheer volume of these new applications is challenging enough – effectively monitoring, managing and securing these platforms can be far more difficult.
A renewed focus on training and employee engagement is more important than ever to mitigate this risk. The most pressing issue is data governance. As organisations allow sensitive information to move off premises and into new collaboration platforms, they must ensure that employees are using and securing data properly. Organisations must ensure that collaboration content including chat and files in the platforms are being shared in accordance with information handling policies.
Security teams need to be conducting full cyber risk audits – this is the only way to fully understand the impact of the new landscape. Beyond this, ensuring basic policies are adhered to remains crucial. Requiring multi-factor authentication, enforcing least privileged access across the estate, properly classifying sensitive data and ensuring files cannot be downloaded to unmanaged devices are still important areas some security organisations may find have slipped in recent months.
4. Outdated perspectives on penetration testing
With employees now working far beyond the four walls of the protected corporate environment, security teams will need to rethink traditional approaches to penetration testing. In the past, businesses have spent millions of pounds trying to keep their networks protected, often without an understanding of where the weaknesses are in their threat surface – until, of course, after a breach.
With employees working from many different locations and devices, manual point in time pen testing will no longer be enough. Corporate networks now change constantly. New configurations, new tools, new users and new locations all present new risks. While a manual pen test may identify security gaps on any given day or week, the likelihood is that in the days afterwards, new risks will emerge. Change is will be a new constant in 2021 and with it, comes the need for continuous testing. Security teams will need a consistent view of potential issues on a continuous basis to secure the ever-changing hybrid corporate network.
In 2021, security teams will need to harness the power of software – in the form of automated penetration testing – to identify gaps in their security environment at scale and at speed. From scanning, to reconnaissance, spoofing, malware injection, lateral movement and privilege exploitation to data exfiltration, these tools will fast become a crucial component of any corporate security organisation moving forwards.
Conclusion
The challenge facing security teams is becoming increasingly difficult. Securing an ever-changing environment and mitigating the threat of attacks is becoming an enormous task in the face of the increasing sophistication of threat actors.
What’s more, any breach is likely to have far-reaching consequences – from the immediate financial losses associated with downtime and regulatory fines, to the ongoing impact of compliance, reputation and competitiveness. IBM Security’s Cost of a Data Breach Report 2020 suggests the average cost of a data breach in the United Kingdom has now reached $3.90 million – a number few organisations can brush off. Security teams achieved extraordinary things in 2021, ensuring business continuity in some of the most challenging circumstances in recent history. Remaining both productive and secure in 2021 will be challenging still. But with a laser focus on several key areas, security teams will be best placed to meet this challenge head-on.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.