With attacks on the rise and a larger-than-life surface to defend, security teams will need a new mindset in order to keep their systems, data and people safe, says Citrix’s Chief Information Security Officer Fermin Serna.
Defending corporate systems and information has never been easy. But the global pandemic has complicated things in ways no one could have predicted and is accelerating trends that promise to upend the way organisations think about and approach security in the year ahead. What will things look like in 2021? In a world where figuring out what will happen today is all but impossible, it’s hard to say what the future holds. But a few things are clear:
Remote work is here to stay
At the outset of 2020, remote work was something most companies were experimenting with. But mid-way through the year, things got serious as COVID-19 began to spread and mandates forced the masses to work from home. While many companies viewed remote work as a short-term solution to the pandemic problem, they are now realising that it is here to stay. Research shows that over three-quarters of more than 3,700 IT leaders in seven countries believe most workers will be reluctant to return to the office post pandemic. And they will need to revamp their security policies to support them as they work from anywhere.
There will be no perimeter
Three years ago, everything was on prem and the security perimeter was defined by firewalls. Today, applications and services are rapidly moving to the cloud, people are working from anywhere and the perimeter has all but disappeared. Corporate information security teams will no longer rely on traditional, VPN-based strategies to provide access. Instead, they will shift to a Zero Trust model that uses contextual awareness to adaptively grant access based on user behaviours and access patterns.
Experience will influence strategy
In a recent survey conducted by Citrix and Pulse, 97 percent of 100 IT decision makers in North America, Europe, the Middle East, Africa and the Asia Pacific region said employee experience is a key influence on their security strategy. And 75 percent said they are looking to improve the user experience through their design and execution. Security teams will take an intelligent , people-focused approach to security that protects employees without getting in the way of their experience by securing all tools, apps, content, and devices they need and prefer to use in a simple experience that can be customised to fit personal preferences and evolving work styles.
Cyber actors will become more sophisticated and scale
New ways of working mean new ways of attacking corporate networks. Ransomware and other malicious attacks are on the rise, with cybersecurity researchers reporting a seven-fold increase in malware campaigns at the mid-point of this year. Flush with cash from their demands, bad actors, have been empowered to scale their operations. And they will. Attacks will continue and become more sophisticated and dangerous.
Security will get smarter
As attackers get smarter and scale, security will get smarter and more creative as well. Machine learning and artificial intelligence will deliver real-time insights into user behaviour and access patterns, and security teams will use them to automate the process of identifying security incidents, atypical activity and policy violations and defend across gaps.
Vendors will get a closer look
The data chain is longer and more complex than ever And with the perimeter gone, companies need to think beyond protecting their own systems and data and closely monitor all third-parties with whom they interact, as all it takes is one weak link to create a breach. With corporate brands, customer trust and business continuity at stake, security teams will place more scrutiny on their vendors and select only those who meet the highest standards for data privacy and protection.
CISOs will become more agile
Companies are rapidly moving to simplify and shift things to the cloud. And CISOs are adapting to secure the new environment. But ten years ago, there was no cloud. And five years from now, there will be something else. CISOs will become more agile in adapting to changes as technology evolves in 2021 and align closely with business leaders to provide a secure environment that fuels innovation and growth.
Looking ahead at a time when things have never been more uncertain may seem like a futile exercise. But there are lessons to be learned today that can help shape a better tomorrow. Just like work, cyberattacks can happen anywhere, anytime. And in order to successfully protect the systems and information people need to get things done, wherever they happen to be, security organisations need to become more intelligent and flexible. In doing so, they can create the secure environments needed to keep employees engaged and productive and fuel innovation and business growth.