The huge increase in worldwide advanced cyberattacks inspired these 2021 data security predictions. Ransomware continues to surge along with advanced cyber espionage conducted by Russia, China, and others who are interested in stealing intellectual property and degrading our capabilities. In 2020 the threat evolved from a problem for IT and risk personnel to manage, to something that is now a problem for everyone. Every resident of the US has been affected by at least one cyberattack; as a nation we have become acutely aware that the problem and aftermath goes much deeper than having your SSN or credit card information exposed.
- Implement Zero Trust. Zero Trust will be a major part of IT architecture discussions in 2021. While the term has been around for about 10-years, people are beginning to understand the concept and the benefits of a Zero Trust approach over a traditional trusted core approach. The most valuable asset within your IT infrastructure is YOUR DATA. In 2021 people will look back at the major attacks of 2020, including the SolarWinds incident, and see that a Zero Trust architecture that protects not just your network, but also protects your data, would have been the single best thing they should have done to secure their data. In fact, had those organizations implemented a data-centric zero trust architecture they could have detected and contained the attack back in March versus December. Victims would have been able to identify and report on what data and systems had been compromised.
- Deliver data visibility. The C-suite will start demanding better visibility into what is happening within their IT infrastructure as a form of risk management. In the past they may have just asked their risk and security departments to put protections in place and hoped for the best. In the new year they will see the value of knowing what is happening in real-time and especially what happened before, during, and after a breach. Executives always like answers, but they also need to have the data to make informed decisions.
- Become cyber resilient. 2021 will be the year organizations transition from thinking about avoiding and recovering from Cyberattacks to a position of Cyber resiliency. As the saying goes, “if there’s a will, there’s a way,” and unfortunately with cyberattacks, with enough time and resources an adversary will eventually have some level of success wreaking havoc. So, it is important to create an IT architecture that is resilient to multiple simultaneous attacks and that will naturally contain the attack as much possible. In a resilient position, if a malicious attacker is successful, it isn’t game over; an organization can operate in a degraded state and everything is not lost.
- Divert from the herd approach. Unfortunately, 2021 will NOT be the year where people realize that by being very similar to other infrastructure or cloud implementations, they put themselves at high risk. As SolarWinds and similar attacks have shown a hacker organization can improve their return on investment by exploiting a technology that is widely used and implemented the same way everywhere. Hackers will work hard to find vulnerabilities in common, prevalent technologies like a cloud vendor or an identity and access control solution. Only the most security conscious people will prepare for this scenario by putting protections in place that make themselves a harder target than the rest of the herd.
- Join the collective defense to cyberattacks. In the late 2000s the US government began to protect the nation’s private sector and critical infrastructure from cyberattacks. The government had the knowledge, experience, and understanding of risks posed by cyber threats to national security and the economy against US companies and local governments. Every day citizens are becoming educated about what a nation state sponsored cyberattack can look like and many are experiencing the impact it can have on their schools, community, and workplace. Private companies and local governments know they are not resourced to fight these threats alone and will rely on a collective defense from the federal government.