We spent much of 2020 moving heaven and earth to enable “remote everything” - from work, government and healthcare to education, fitness and entertainment. Shelter-in-place orders and travel restrictions imposed in early 2020 forced enterprises to quickly revamp their IT operations to provide remote access to employees, partners and customers.
Technology gave us hope in a difficult year, allowing many organizations to go digital to keep their operations running. Yet 2021 ended with the discovery of a massive attack on SolarWinds and its customers, including government agencies and businesses. We’re still learning more about the scope and impact of the attack, by a group we’re calling SolarStorm, which had security teams everywhere scrambling. Yet it’s already widely understood to be one of the most serious hacks in history.
All enterprises - those that were impacted by the SolarWinds attack as well as those who were not - should see this unprecedented attack as a wake up call that we must all bolster our defenses so that we’re better prepared to fend off future hacks, and keep the promise of technology going.
Here’s how we expect this to play out in 2021:
1. It’s Time to Catch Up on Security
As organizations rushed in 2020 to support the unprecedented surge in remote access, their initial focus was ensuring that everybody had the tools and bandwidth to do their jobs. Rather than taking the time to recodify processes, they took an intermediary “lift and shift” approach. The SolarStorm attack is a stark reminder that we need to bring the focus back to security in 2021. That means making sure that we’ve implemented best practices in securing endpoints, networks and the cloud. It also means embracing machine learning, big data analytics and other next-generation technologies that will give our security teams an edge over our adversaries.
2. Increased Focus on Mapping Out Entire IT Infrastructures
The SolarStorm attack highlighted that enterprises need to make sure they have comprehensive, up-to-date maps of their entire IT operations - covering their own networks as well as external attack surfaces and supply chains. This will allow organizations to rapidly lock down their networks next time there is a major attack, allowing them to quickly hunt for signs of compromise and begin remediation.
3. Enterprise Cybersecurity Will Extend to Homes and Families
We expect organizations to increasingly provide cybersecurity tools to help protect the home networks and families of their remote workers, students, customers and partners. That will help stop hackers who are increasingly looking to compromise the personal devices and networks of employees to give them a beachhead from which to make the hop to better-protected enterprise systems. They’ll seek to exploit the typically weaker consumer cybersecurity tools to establish beachheads they can use to compromise their final targets.
4. We’ll Pay More Attention to Securing the Internet of Things
The surge in remote access will lead to more scrutiny of the growing number of IoT devices found on home networks - from routers and video cameras to “smart” lights, TVs and refrigerators. IoT devices rarely come up in scans by conventional security tools and run on software that is rarely or never updated. That makes them attractive targets for hackers seeking access to home or enterprise networks. We expect to see wider adoption of next-generation security tools that provide visibility into connected devices, monitor their activity and isolate them, so they cannot be used to gain access to the rest of a network.
5. Automation Will Make the Big Picture Brighter
Defenders will be called on to do more than ever in 2021, as they protect legacy on-premises data centers and fast-growing cloud operations from emerging cyber-threats capable of evading most security tools. We’re optimistic they will be able to stay ahead - by using next-generation security tools that leverage AI and automation. Machine learning can be leveraged to automatically detect unknown threats based on behaviors they exhibit before they compromise your network. Security orchestration, automation and response (SOAR) systems use automation to handle repetitive tasks that have traditionally bogged down security operators. That leaves your staff with time to focus on the most pressing threats and prevents burnout.
These five factors give us plenty of reason to be hopeful. Here’s to a safer and more secure 2021!