The State of Enterprise Security in 2021 and Beyond

Despite all the industry predictions and forecasts, the year 2020 came as a major eye-opener for many chief operating security officers (CISOs). No, it is not just the challenges posed by the COVID-19 pandemic but a host of other security threats including cyber attacks that have questioned the level of enterprise security in most business enterprises.

Add to that, recent cybersecurity statistics do support this growing concern. An Accenture report found that 68% of business leaders believe that cybersecurity-related risks for their organizations are increasing every year. According to IDC, the global spending on enterprise security is projected to reach $174.7 billion by the year 2024.

The 2020 pandemic that is now entering its second — or even third — phase has accelerated the rate of digital transformation across organizations. Even as information security teams are trying to cope with the challenges posed by remote-working or distributed teams, there has been a significant increase in the adoption of cloud computing solutions. These factors have elevated the importance of cybersecurity to the next level.

So, what are the major trends that should determine the actions of your CISO in 2021 — and beyond? And how should they respond to that? Let us discuss all that.

7 Security-Related Predictions for Enterprises

When it comes to enterprise security across the globe, here are the seven leading industry predictions for 2021 and more:

1. Increasing levels of automation.

With the emergence of innovative technologies and platforms like microservices, cloud computing, and artificial intelligence (AI), there is a clear trend towards the adoption of more automation in cybersecurity. This trend is supported by Michael Cardy, the chief technology strategist at RedHat, who thinks that “cybersecurity solutions must be integrated and automated to identify vulnerabilities and remediation in any workflow.”

Even though it is in a nascent stage, another trend is that of cybercriminals using AI for their malicious intentions. Mounir Elmously of EY Consulting mentions that “AI is now being built into the hacker’s exploit kits” to implement effective phishing or ransomware attacks.

Going forward, the best way of countering this trend is to increase the use of AI and other automation tools in enterprise security architecture or systems. This includes the use of automation technologies like digital identity and access management, cloud infrastructure security, and automated application testing.

2. Phishing and ransomware attacks on the home office.

Cybersecurity firm, Fortinet has reported a 131% increase in cyber attacks towards remote workers. This includes an average of 600 new phishing attacks each day. Additionally, ransomware attacks will continue to pose a security threat to remote workers who will continue to work from home even after the decline of the ongoing pandemic.

Sharon Wagner, CEO of Sixgill, comments that while organizations have been quick to switch to the remote office model in 2020, the “security impacts of widespread remote work will only be realized in 2021.” Among the biggest threats to enterprise security, Wagner adds that “the shift to remote work will increase the risks of attacks on personal devices and home networks.”

3. COVID-related threats.

Globally, we have witnessed an increase in fake news in 2020 — that are related to COVID-related statistics, vaccination programs, and other data. A KPMG report highlights the rise of pandemic-related phishing emails related to medical equipment, financial assistance scams for affected persons, and other lures.

Jerry Gamblin of Kenna Security thinks “many of these cyber criminals even have ties with the government.” Hackers are also likely to exploit the overall uncertainty — even in the “post-normal” era after the COVID-19 vaccination. Gamblin also adds that going forward, “malicious actors are likely to target companies who collect COVID-related sensitive information.” As recently reported, the IBM Security team exposed a global phishing campaign targeting companies associated with the COVID vaccination cold chain.

4. Increase in enterprise cybersecurity spending in 2021.

Another emerging trend in enterprise security is the growing investments by companies into enterprise security solutions. A PwC study reveals that while 55% of the enterprises are increasing their cybersecurity budgets in 2021, another 51% have planned to recruit cybersecurity professionals.

In its July 2020 report, McKinsey reports that cybersecurity spending in 2021 will increase in these three technology areas — identity and access management, messaging security, and networking security.

5. Cybersecurity technologies to watch out for

In its October 2020 report, Gartner talks about a new security framework for cybersecurity solutions for the next few years. This framework talks about the leading cybersecurity technologies that are likely to dominate the enterprise security market.

One such technology is the domain of password-less authentication — which makes user passwords a thing of the past. Apart from increasing the security risk, passwords are costly to support. A Forester Research estimates that large organizations spend close to $1 million every year — simply on resetting passwords.

Another emerging domain in cybersecurity is cloud security — driven by the increasing market preferences for cloud platforms and solutions. Designed to secure server workloads over public cloud infrastructures, cloud workload protection platforms (or CWPP) are expected to grow their market size from $2.25 billion in 2018 to over $6.7 billion by the year 2023. During the same period, Cloud Security Posture Management (or CSPM) technology is also expected to witness major growth.

6. Increased spending on managed security services

According to an IDC projection, managed security services (or MSS) will be the largest segment within enterprise security tools — with a market size growing at a CAGR of 10.5% till 2024. Going forward, MSS will be the largest category for consumer spending into security services.

What are some of the important trends in the use of managed security tools? Thanks to the evolving nature of cyber attacks, the MSS segment is including the use of advanced technologies such as cloud-powered MSS and access control.

Apart from the reduced costs, cloud-based MSS provides additional benefits like 24/7 management, faster responses to any security threat, and full ownership of IT networks. Organizations will partner with enterprise security solutions providers who can provide automation and orchestration in detecting and stopping security threats.

7. The challenge of vulnerability remediation.

As summarized accurately by Chris Goettl of Ivanti, “security threat actors will always move faster in creating security exploits than most companies that they target.” For example, the average time to create a successful exploit is 22 days — while the average shelf life of the exploit is 7 years.

This means that most organizations will have to act faster at vulnerability remediation — that acts to track and manage all the known security-related vulnerabilities. This will continue to be a challenge, as companies try to develop better visibility into monitoring the latest exploits.

Now that we know the leading trends emerging in the field of enterprise security, let us see how CISOs can go about resolving them.

5 Steps for Elevating Your Enterprise Security

Here are five of the most effective steps for improving your overall enterprise security program:

1. Stick to the basics- With new online threats and challenges emerging in the post-COVID era, an effective countermeasure is to stick to your essentials. Start with the best security practices and guidelines — to deal with the challenges of remote working. Develop a new workflow for business practices that can include scanning and elimination of online threats.
2. Consolidate your security costs- Be it security solutions or staff, you need to be more sensitive about your security expenditure. Avoid unnecessary IT spending and try to consolidate around existing security platforms. Automation can also be effective in improving productivity — while keeping costs at manageable levels.
3. Devise long-term plans for remote working environments- The post-COVID era could see companies adopting the remote working model — for good. This means you need to devise strategies that can deliver safe results for security on remote working. This includes cost-effective ways of gaining visibility over IT networks and assets — and securing the storage of your business data.
4. Provide an effective health metric for security- As a CISO, you need better support and understanding from your executives — regarding your concerns and plans for better enterprise security. Create simple metrics that can highlight your security concerns — without too many technical details.
5. Adopt the zero trust methodology- Ideal for remote working setups, Zero Trust methodology deals effectively with disparate working environments including homes, shared working spaces, or even coffee shops. As a CISO, you need to think beyond username-password authentication and consider additional elements that work for remote working.

Conclusion

Each of the trends in enterprise security listed in this article is not new developments — but has only been expedited by the COVID-19 pandemic. For CISO’s and other business leaders, keeping your applications and business data is of paramount importance — and more so in this age of remote work. The COVID-19 pandemic has had a profound impact on the IT tools and platforms that we use — and will continue to impact how we approach enterprise security in the future.