The cybersecurity strategies of businesses everywhere were challenged immensely during 2020. As we enter the new year, businesses must continue to prioritize their cybersecurity efforts to prepare for likely trends and anticipated risks – the most important of which we’ve highlighted below.  

1. Remote Work Policies  

As a result of the COVID-19 pandemic, workforces were scattered, regular work hours were fragmented, and working from home became normal practice for a record-breaking number of employees. However, with more employees working from home, the possibility for mistakes, and the threat of data breaches increased substantially. Insider threats, whether intentional or accidental, account for more than 25% of data breaches.ⁱ This year, businesses should emphasize user behavior and general information awareness. For instance, the likelihood of misdirecting an email or sending sensitive data to the wrong individual is a problem that has only been bolstered by the rush to have employees work from home. To combat this issue, employers should ensure that their remote work policies are sound, practical, and effective. Organizations should pay particular attention to human behavior and employee training as the physical security perimeter of the office becomes influenced and reconstructed by remote boundaries.  
 

2. Protections for Remote Endpoints 

In this new ‘work-from-home’ era, where employees are using a range of mobile devices, such as tablets and phones, relying on shared WiFi networks, and using remote collaboration tools and cloud suites for work, remote workers will be the biggest security risk for many businesses. Moreover, many organizations have stipulated that their workforce will remain remote for at least the next twelve months. Thus, to limit the security risks resulting from an increased volume of security vulnerabilities due to remote work, businesses should prioritize endpoint security and user authentication. VPNs and encryption programs should be used on all remote equipment to reduce the risk of security threat access points and to better safeguard important data. Although the improvement of virtual desktop infrastructure may be an expensive solution to the problem, these technologies will scale with your company for as long as you continue remote work. Businesses that manage to incorporate holistic encryption in a virtual office will reduce the risk of cyber threats while also creating stability for higher productivity levels.  
 

3. Increase in Data Breaches 

Cybercriminals and malicious actors have been taking advantage of the U.S.’s offhand national response to the COVID-19 pandemic with 47% of IT executives reporting increases in cyberattacks since the beginning of the pandemic.ⁱⁱ Waves of misinformation, misconceptions, and misunderstandings have allowed numerous businesses to become subject to a record-breaking number of cyberattacks. In Q1 of 2020 alone, the United States had the most publicly-disclosed security incidents in comparison to other countries. The confusion that the pandemic has created in the employment space has opened the door for new vulnerabilities, thus effective endpoint security has become more critical than ever. Much of the work to be done concerning proper cybersecurity begins with limiting insider threats. Data breaches tied to insider threats are expected to rise from 25% to 33% this year.ⁱⁱⁱ Additionally, many researchers warn that organizations should expect major increases in the number of automated spear-phishing attacks in 2021.  
 

4. Importance of Cloud Security 

The popularity of cloud-based systems such as cloud software-as-a-service, cloud-hosted processes, and cloud data storage will continue to soar in 2021 as companies shift work responsibilities from running hardware and software infrastructure to cloud providers. Approximately 35% of companies plan to accelerate workload migration to the cloud this year.^iv This increased reliance on the cloud will require budget allocation for cloud security to grow from single-digit to double as companies look to provide continued protection for the cloud buildouts they established in 2020. Accordingly, Cloud Security Posture Management (CSPM) will emerge as being extremely important this year. CSPM includes assessing data risks, cloud monitoring for policy violations, finding misconfigured network connectivity, detecting liberal account permissions, automatic misconfiguration detection and remediation, and regulatory compliance with HIPAA, GDPR, and CCPA.  
 

5. Emergence of Automation and Artificial Intelligence 

A driving trend in 2021 will be the presence of hyper-automation through applications of artificial intelligence (AI). Hyper-automation is a process by which organizations automate as many business and information technology processes as possible using artificial intelligence tools such as machine learning, robotic process automation, and other forms of decision processing and task automation systems. As previously mentioned, cyberattacks are on the rise and security vulnerabilities have increased as a result of remote work. Therefore, humans alone cannot handle the number of security alerts regarding potential threats. Automation and machine learning will help human security analysts identify the most urgent alerts and take instant remedial action against these threats. Although a completely practical application of AI will not be here tomorrow, you can expect security tools to grow in their sophistication and capability to discover threats and automate effective countermeasures.  
 

6. Prepare for Increased U.S. Data Regulation 

This year, businesses should continue efforts in preparation for existing and developing privacy regulations in the United States and throughout the world. In the United States specifically, several states such as California, Maine, and Nevada have taken the lead in passing privacy laws. Although California was already known as the champion for consumer privacy rights in the U.S., the state went so far as to further expand upon privacy regulations as noted in the California Consumer Privacy Act (CCPA) through the enactment of the California Privacy Rights Act (CPRA) in 2020. The strong legislative action in California and the trend toward general data privacy regulation in additional states will likely influence the federal government to draft a federal privacy law that creates national uniformity concerning data privacy. This year, Congress has potentially the best chance for passing comprehensive federal privacy legislation. However, even without a federal law in place, by the end of 2021, approximately 34% of U.S. citizens will experience greater rights to control their data through state privacy laws.^v Moreover, privacy law compliance will continue to be a focus in countries around the world in 2021. For example, China is expected to pass comprehensive legislation said to be inspired by the European Union’s General Data Privacy Regulation (GDPR). Policymakers everywhere are aimed at ensuring that consumer data is best equipped to withstand emerging threats in 2021 and beyond. With local, state, and international pressure pushing for more autonomy with privacy and security laws, we will likely see the U.S. federal government move to impose federal privacy laws sooner rather than later.  

How Brouse Can Help