3 Security Aspects to Pay Attention to in 2021
While you can’t prepare for all the things 2021 has in store for us in the security department, you can prepare your company for the things we already know are coming.
As if we needed it, the massive SolarWinds breach of last December surely served as a reminder that you can never let the guard down when it comes to cybersecurity. The highly complex hack allowed unknown actors to spy on the US government and private companies’ networks for months This shows that, when it comes to potency, malware is always a step ahead of the game.
That’s a scary thought for sure but panic before it won’t get you anywhere. The best (and only) course of action is to, well, take action. Naturally, you have to know what to look for. Unfortunately, there’s plenty to pay attention to but here I’ll review 3 of the major aspects we’re discussing with our clients at BairesDev and that we believe will be deciding factors during this year.
#1 Increasing Reliance on the Cloud Multiplies Exposure
The COVID-19 pandemic paved the way for the massive adoption of remote working and distributed teams. That, in turn, accelerated the migration of most corporate systems to the cloud that provided the necessary infrastructure and agility to keep everything running. However, by getting on the cloud, companies multiplied the vulnerability of their systems, with two aggravating circumstances.
The first one is poor cloud implementation. This can occur due to a lack of knowledge or expertise or because of a false sense of security (the “that won’t happen to me” syndrome). Be that as it may, deploying cloud systems within a corporate environment without the proper precautions is the same as leaving your door unlocked and wide open while you’re sleeping.
The second aggravating factor is the lack of protocols for remote workers. Given that a large part of the workforce is now working from their homes, they often use their devices, which may not be as robust as you’d want, security-wise. Without a comprehensive security protocol to guide employees in strengthening their local systems, you’re exposing your company to attacks coming from their devices.
That’s not all. 2020 saw an increase in attacks known as “island hopping.” In them, attackers target third party suppliers, vendors, and partners that are the weakest link in your chain. Thus, by breaching a vulnerable company, they access all of the partners in their network through trusted channels.
What can you do in 2021?
There are 3 things you should keep in mind. First, get expert help to check your cloud implementation, especially if you’re using public or hybrid clouds. A cybersecurity expert can help you analyze your weaknesses and help you patch them up. Also, be sure that you use trusted public cloud services, as they are likely to have the latest security solutions to keep you safe.
The second thing is developing a sound cybersecurity protocol that covers everything in the company’s spectrum. That includes things like security practices when developing and deploying new software, security essentials for remote employees, security training for the entire workforce, and policies surrounding the implementation of the latest security measures (like Zero Trust).
Finally, implement a veto process strongly focused on security when hiring external contractors and companies. It doesn’t matter if you’re hiring a single UX designer or an entire team from an offshore software development company — you should always be sure that their security standards meet your own.
#2 Legacy Systems Call for Updates ASAP
Migrating to the cloud doesn’t just increase the vulnerabilities because of the mere multiplication of devices working on your system. There’s also the huge problem of maintaining legacy systems and plugging them into the cloud. Old software has always been a burden for IT staff, but there are plenty of companies out there that still use them for a myriad of reasons, from cost-effectiveness to force of habit. However, it’s time to listen to the experts that say that you should update those systems.
Integrating legacy systems (such as CRM platforms or internal communication systems) with your larger cloud environment increases your exposure, even if the integration process is flawless. That’s especially true for systems that weren’t meant to work outside of an internal network because they don’t have the necessary protections to face potential attacks coming from the internet.
I know that the pandemic forced everyone to move quickly to the cloud, which may have led to the rapid integration of old systems with new cloud-based ones to get things running as soon as possible. And while that’s understandable, you can’t forget about it all because things are working right now. If you don’t patch those old systems up, you’re bound to be hit by an attack, turning hacks into a matter of “when” rather than “if.”
What can you do in 2021?
The suggestion is pretty straightforward — update your cloud-connected systems, especially those that are central to your business (like a CRM or an ERP). Of course, that’s easier said than done, as updating systems can take a lot of time and effort (especially if the applications are overcomplex or are written in outdated languages).
Updating the applications is the path you have to take but the true recommendation is how you’ll have to walk through it. Rather than trying to tackle a massive update all at once, you’ll have to focus on smaller updates and work in increments, the agile way. You can do that by using your in-house developers or, if you don’t have them, you can always hire offshore software developers to take care of it. Seasoned engineers will know how to handle complex projects like this one and will surely map out a plan for you to follow.
#3 5G and IoT will Demand Everyone Double their Efforts
2020 promised to be the year of 5G (according to many, many, oh-so-many predictions by experts). And it sure looked that way for a time until, well, you know, the pandemic turned all upon its head. But that doesn’t mean that 5G’s deployment isn’t still happening. In fact, 2021 will see a steady increase in the area of coverage. Additionally, there’ll be a rise in the number of Internet of Things (IoT) devices out there.
Both of those things mean that attackers will have even more targets to use for their breaches. And even though 5G promises to be more secure than its predecessor, I can’t say the same for IoT devices. Being the new technology that it is, IoT feels still experimental in many aspects and security is one of them. There are plenty of examples of IoT devices being hacked or bricked, so we can surely expect more of those during this year and beyond.
The combination of 5G deployment and the increasing presence of IoT will then expand the digital capabilities of households, companies, and cities alike, interconnecting all of them in a wide network. Yet, that means that there’s a massive challenge standing in front of us — how can we be sure that we can secure that vast system?
What can you do in 2021?
Sadly, there’s not that much you can do when it comes to this. The main exception is ensuring that any 5G-powered or IoT device you integrate into your corporate environment meets proper security standards. Apart from that, the other possible thing you can do is create extra layers of security between those devices and your own network.
Sure, that extra layer can create performance issues or disrupt a wider workflow but, until the whole society develops stronger security standards around 5G and the IoT, it’s the only thing that may keep you safe from harm.
Another Year in the Trenches
Up to this point, it shouldn’t surprise you that 2021 will be another year in the trenches fighting digital threats to your corporate integrity. The SolarWinds breach is the latest reminder that the cybersecurity war is far from being over. In fact, there’s a growing sense that we’ll have to fight this one for years and years to come.
I know that sounds disheartening, but there’s no way around it. Accepting that fact is the first step you need to take to develop the strongest security strategy you can for your company. And while you can’t prepare for all the things 2021 has in store for us in the security department, you can prepare your company for the things we already know are coming. In that sense, paying attention to these 3 aspects will bring you closer to a calmer year.