Forcepoint reveals key cybersecurity trends to set shape 2021
From mass-scale remote working to insider threats and human-centric security, 2020 has been a year of considerable upheaval, and 2021 may just be the tipping point for a new era of understanding about risk and ‘people doing people things' within their organisations.
That's according cybersecurity firm Forcepoint, which conducted a review of the year that was and the coming year 2021 as the IT industry starts to manage the long-term implications of changes enacted due to the pandemic.
According to Forcepoint data, the year ahead will bring an increased focus on the IT implications of a largely remote workforce, increasing insider threats, and staple security issues such as data visibility and data protection management.
Forcepoint APAC senior director of strategic business, Nick Savvides, says that the upheaval from 2020 has caused the acceleration of digital transformation, changes in everyday behaviours, and more changes to the ‘traditional' security perimeter.
“Organisations need to understand the cybersecurity implications of these changes to keep themselves and their data safe over the coming months,” he says.
One of the most disruptive changes this year was a mass shift to remote working, in which many companies had to shift their security efforts from the traditional perimeter. This resulted in the adoption of often basic networking and cloud services to protect what Forcepoint calls ‘the branch office of one'.
Remote working also created organisation blindspots in which user activities were obscured by employees' own household networks, and sensitive data made its way into unmanaged home environments.
Forcepoint illustrates this risk: “In the current environment, employees may be scattered around the world and hired after only meeting via Zoom. They may never step foot inside a physical office – the ideal environment for ‘trusted insiders', who can be bought and sold on the Dark Web.
That has led to a rise in attack vulnerabilities not only from external sources but also potentially malicious insiders. Malicious insider threats should be taken seriously and accepted as a risk, prompting an important question for IT and security leaders: Do they have the tools and solutions in place to spot anomalous behaviour before an attack happens?
Insider threats, Forcepoint states, are just part of the reason why data visibility and data protection management will be key growth areas in 2021.
“To work securely, regardless of location, enterprises will need to introduce real-time user activity monitoring. Cloud-native solutions with a deep understanding of users' behaviour will deliver permanent solutions, rather than stopgaps,” the company states.
Forcepoint also touches on the idea of the risks associated with ‘people doing people things' - that is, normal risky behaviours that any employee might take, like making errors, stockpiling data, or finding workarounds to achieve their goals.
But the future of security should not instill a notion of an impossible road ahead.
“Understanding the emerging challenges and creating cybersecurity technologies which can address them, while also remaining ‘invisible' to the end user and simple for the practitioner to implement, will be key to ensuring the ongoing security of people and data alike,” says Savvides.
That could mean that organisations need to understand human behaviour in terms of how they adapt to and respond to their environments. Organisations should also use tools that work with people, rather than against them.
“Forcepoint has been getting out ahead of this trend over the past several months, launching products like Dynamic User Protection, which gives global enterprises the ability to automatically enforce security policy across all control points tailored to a specific end-user based on the risk they represent,” concludes Savvides.