Whether you’re managing cybersecurity, information security, operational security, or physical security, the urgency of addressing the possibility of an attack or breach will continue to grow in 2021. Only the loss of important data increases. The reason is that there is no shortage of “malicious actors”, be it organized crime, general criminal activity or state-sponsored activity. And the level of sophistication, the aggressive nature of attacks, and the ever-growing capabilities of tools and technologies make it nearly impossible to keep pace with the threat. An attacker can always appear to be two or three steps ahead. Unfortunately, the attackers are ahead. The challenge we all face is how to provide comprehensive capabilities that include people, processes and technology to effectively protect, detect and respond to all forms of attacks.
Information security and risk owners must identify and block all attacks against them. Attacks occur every 39 seconds on the internet, most of them fail, but only one needs to work. In particular, phishing attacks have increased by 600% since February 2020, as malicious actors attempt to take advantage of new remote workers. And once again, the attacker just needs to trick one of the employees into gaining access to the infrastructure.
The direction the industry is heading
More and more services and workloads are moving to the cloud. This is logical because the scale and flexibility that cloud service providers (CSPs) provide makes very smart business decisions. As more workloads move to the cloud, security should become a key consideration. It is important to build a strategy focused on your business analysis and needs for your workload migration choices. It is essential to review documented security policies and controls and ensure that they apply to the migration process.
Of course, staying compliant is critical to your business, whether it’s external laws like GDPR or CCPA, NIST standards, or your own internal security standards. Most importantly, conducting proper security analysis and validation tests is a key part of the success formula.
Gartner is now talking about the concept of a cybersecurity mesh that governs our approach to architecture and control. There are no longer well-defined physical security boundaries. Employees accessing cloud services can access it anytime, anywhere, from any device. Traditional physical network access control is being replaced by access based on user identity. It can be a person or a device. It is of utmost importance to uniquely identify any individual or individual device before granting access to any service, application or data. Using strong multi-factor authentication is important to reduce the threat of credential theft attacks. This is the world we live in now.
Identity and access control
As mentioned above, the world is moving towards an identity-based access model. Employees want state-of-the-art devices to do their jobs. Organizations want users to be able to connect anytime, anywhere, on any device. A strong identity and access control system is required to securely support this. Gartner calls this sector Identity Access Governance (IAG). In 2021, there will be a significant increase in demand for IAGs. This is because businesses realize that once users are connected to the corporate network, it may be too late to ensure effective IAG management. You must be able to ensure that all users and all user systems are securely verified and that access to applications or data is controlled at the individual user access level. Additionally, multi-factor authentication can significantly reduce the impact of user credential theft.
Zero Trust Architecture
“Zero trust” has been a buzzword for the past few years, but it will become more prevalent in 2021. Zero trust means that you can no longer simply trust users and resources that are within your security perimeter. This is very closely tied to comprehensive identity and access management, as well as proper authentication management before a user, service or resource is granted system access. There are several vendors that advertise their ability to perform in a zero trust architecture, but the most important part before implementing a solution is to determine the requirements, policies, and controls. Then focus on people, processes, and technology to make sure your architecture meets your needs. All technologies must work well within their operational parameters, meet security requirements, and be properly functional with security resources to provide protection, detection, and response in the event of a breach.
Cyber Security Resources
The biggest challenge of 2021 is one of the most difficult to solve. There is a shortage of cybersecurity experts to meet the needs of the industry. Current figures show that approximately 3.5 million cybersecurity jobs will remain unfilled. The reason is that there are no resources available to fill these positions.
What can be done about this? Of course, internal training is a great option. Finding a third-party company to fill the gaps in implementation, testing, evaluation, and ongoing administrative oversight is also highly necessary. There are many third-party companies that have professional cybersecurity experts who can help you achieve your cybersecurity goals and objectives. The average cost of a security breach in the United States is $8.6 million. The average cost of a security assessment is between $15,000 and $50,000. Think about it! between Cyber Security Solutions Practice One of the organizations that can help you meet your integration, assessment, testing, compliance and managed service needs. Contact your account manager today for more information.