Posted In: Cybersecurity & Data Privacy
By Craig S. Horbus & Jarman J. Smith on January 20, 2021
The cybersecurity strategies of businesses everywhere were challenged immensely during 2020. As we enter the new year, businesses must continue to prioritize their cybersecurity efforts to prepare for likely trends and anticipated risks – the most important of which we’ve highlighted below.
Remote Work Policies
As a result of the COVID-19 pandemic, workforces were scattered, regular work hours were fragmented, and working from home became normal practice for a record-breaking number of employees. However, with more employees working from home, the possibility for mistakes, and the threat of data breaches increased substantially. Insider threats, whether intentional or accidental, account for more than 25% of data breaches.i This year, businesses should emphasize user behavior and general information awareness. For instance, the likelihood of misdirecting an email or sending sensitive data to the wrong individual is a problem that has only been bolstered by the rush to have employees work from home. To combat this issue, employers should ensure that their remote work policies are sound, practical, and effective. Organizations should pay particular attention to human behavior and employee training as the physical security perimeter of the office becomes influenced and reconstructed by remote boundaries.
Protections for Remote Endpoints
In this new ‘work-from-home’ era, where employees are using a range of mobile devices, such as tablets and phones, relying on shared WiFi networks, and using remote collaboration tools and cloud suites for work, remote workers will be the biggest security risk for many businesses. Moreover, many organizations have stipulated that their workforce will remain remote for at least the next twelve months. Thus, to limit the security risks resulting from an increased volume of security vulnerabilities due to remote work, businesses should prioritize endpoint security and user authentication. VPNs and encryption programs should be used on all remote equipment to reduce the risk of security threat access points and to better safeguard important data. Although the improvement of virtual desktop infrastructure may be an expensive solution to the problem, these technologies will scale with your company for as long as you continue remote work. Businesses that manage to incorporate holistic encryption in a virtual office will reduce the risk of cyber threats while also creating stability for higher productivity levels.
Increase in Data Breaches
Cybercriminals and malicious actors have been taking advantage of the U.S.’s offhand national response to the COVID-19 pandemic with 47% of IT executives reporting increases in cyberattacks since the beginning of the pandemic.ii Waves of misinformation, misconceptions, and misunderstandings have allowed numerous businesses to become subject to a record-breaking number of cyberattacks. In Q1 of 2020 alone, the United States had the most publicly-disclosed security incidents in comparison to other countries. The confusion that the pandemic has created in the employment space has opened the door for new vulnerabilities, thus effective endpoint security has become more critical than ever. Much of the work to be done concerning proper cybersecurity begins with limiting insider threats. Data breaches tied to insider threats are expected to rise from 25% to 33% this year.iii Additionally, many researchers warn that organizations should expect major increases in the number of automated spear-phishing attacks in 2021.
Importance of Cloud Security
The popularity of cloud-based systems such as cloud software-as-a-service, cloud-hosted processes, and cloud data storage will continue to soar in 2021 as companies shift work responsibilities from running hardware and software infrastructure to cloud providers. Approximately 35% of companies plan to accelerate workload migration to the cloud this year.iv This increased reliance on the cloud will require budget allocation for cloud security to grow from single-digit to double as companies look to provide continued protection for the cloud buildouts they established in 2020. Accordingly, Cloud Security Posture Management (CSPM) will emerge as being extremely important this year. CSPM includes assessing data risks, cloud monitoring for policy violations, finding misconfigured network connectivity, detecting liberal account permissions, automatic misconfiguration detection and remediation, and regulatory compliance with HIPAA, GDPR, and CCPA.
Emergence of Automation and Artificial Intelligence
A driving trend in 2021 will be the presence of hyper-automation through applications of artificial intelligence (AI). Hyper-automation is a process by which organizations automate as many business and information technology processes as possible using artificial intelligence tools such as machine learning, robotic process automation, and other forms of decision processing and task automation systems. As previously mentioned, cyberattacks are on the rise and security vulnerabilities have increased as a result of remote work. Therefore, humans alone cannot handle the number of security alerts regarding potential threats. Automation and machine learning will help human security analysts identify the most urgent alerts and take instant remedial action against these threats. Although a completely practical application of AI will not be here tomorrow, you can expect security tools to grow in their sophistication and capability to discover threats and automate effective countermeasures.
Prepare for Increased U.S. Data Regulation
This year, businesses should continue efforts in preparation for existing and developing privacy regulations in the United States and throughout the world. In the United States specifically, several states such as California, Maine, and Nevada have taken the lead in passing privacy laws. Although California was already known as the champion for consumer privacy rights in the U.S., the state went so far as to further expand upon privacy regulations as noted in the California Consumer Privacy Act (CCPA) through the enactment of the California Privacy Rights Act (CPRA) in 2020. The strong legislative action in California and the trend toward general data privacy regulation in additional states will likely influence the federal government to draft a federal privacy law that creates national uniformity concerning data privacy. This year, Congress has potentially the best chance for passing comprehensive federal privacy legislation. However, even without a federal law in place, by the end of 2021, approximately 34% of U.S. citizens will experience greater rights to control their data through state privacy laws.v Moreover, privacy law compliance will continue to be a focus in countries around the world in 2021. For example, China is expected to pass comprehensive legislation said to be inspired by the European Union’s General Data Privacy Regulation (GDPR). Policymakers everywhere are aimed at ensuring that consumer data is best equipped to withstand emerging threats in 2021 and beyond. With local, state, and international pressure pushing for more autonomy with privacy and security laws, we will likely see the U.S. federal government move to impose federal privacy laws sooner rather than later.
How Brouse Can Help
When developing your list of business concerns for the new year, it is important to remember to prioritize cybersecurity. Please consider the likely trends and anticipated risks for 2021 that we have outlined for you above when making decisions for your organization. Brouse McDowell’s Cybersecurity and Data Privacy team can provide the guidance and tools you need to navigate data security and privacy law compliance through 2021 and beyond. We provide proactive solutions for companies to defend against cyberattacks and general guidance through the complexities of all data privacy laws and regulations. Our team offers a variety of data privacy and cybersecurity services, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.
i Samantha Schwartz, The New Cybersecurity Priorities of 2020, CIO Dive (Accessed Jan. 8, 2021), available at https://www.ciodive.com/trendline/cybersecurity/106/?utm_source=SMCD&utm_medium=Blast-1215&utm_campaign=Code42, citing Valerie Bolden-Barret and Samantha Schwartz, Forrester: To stay secure, employers must balance insider threat protection and employee rights, CIO Dive (Jan. 6, 2020), available at https://www.ciodive.com/news/forrester-to-stay-secure-employers-must-balance-insider-threat-protection/569851/.
ii 2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud, ThreatPost (Jan. 3, 2021), available at https://threatpost.com/2021-cybersecurity-trends/162629/, citing Yassir Abousselham, et al., Splunk Data Security Predictions 2021, Splunk Inc. with reference to report from Enterprise Strategy Group, available via PDF download at https://www.splunk.com/pdfs/ebooks/splunk-security-predictions-2021.pdf; https://www.esg-global.com/hubfs/images/Infographics/ESG-Infographic-COVID-19-Impact-Survey.pdf.
iii Chris Brook, Insider Threats Poised to Increase in 2021, Data Insider by Digital Guardian’s Blog (Oct. 28, 2020), available at https://digitalguardian.com/blog/insider-threats-poised-increase-2021; See also 2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud, ThreatPost (Jan. 3, 2021), available at https://threatpost.com/2021-cybersecurity-trends/162629/.
iv 2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud, ThreatPost (Jan. 3, 2021), available at https://threatpost.com/2021-cybersecurity-trends/162629/, citing Patrick Barry, Five More Predictions for How Pandemic Will Change Cyber Security In Next Year, Rebyc Security (July 29, 2020), available at https://rebycsecurity.com/five-more-predictions-for-how-pandemic-will-change-cyber-security-in-next-year/; See also 2021 Cybersecurity Trends: Bigger Budgets, endpoint Emphasis and Cloud, The CyberSecurity News & AllTech News (Accessed Jan. 8, 2021), available at https://thecybersecurity.news/vulnerabilities/2021-cybersecurity-trends-bigger-budgets-endpoint-emphasis-and-cloud-4877/; https://alltech.news/cyber-security-news/2021-cybersecurity-trends-bigger-budgets-endpoint-emphasis-and-cloud-20215.
v Keith Frechette, The Current State of U.S. Privacy Laws and Expectations for 2021, Gold Sky Cyber Security Solutions (Nov. 16, 2020), available at https://goldskysecurity.com/the-current-state-of-u-s-privacy-laws-and-expectations-for-2021/.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2022 Brouse McDowell. All rights reserved.