The cybersecurity market is dramatically changing, with a growing number of malicious actors finding ways to capitalize on remote and hybrid workforces and cybersecurity vendors offering solutions to combat these new issues.
Whether your network infrastructure has stayed close to the data center or sprawled across the globe, these are some of the top cybersecurity problems and solutions that are trending in enterprise environments:
5 Trends to Watch in Cybersecurity
- Cybersecurity talent shortages
- Zero trust goes mainstream
- Increasingly sophisticated ransomware attacks
- Platform consolidation and extended detection and response (XDR)
- Recovering from pandemic digital transformations
Also read: Survey Shows Cybersecurity is Main Driver of IT ‘Modernization’ in Government
1. Cybersecurity talent shortages
When most people think of cybersecurity, they focus on the tools designed to protect enterprise networks. They often don’t fully consider the staffing that goes into creating and maintaining those cybersecurity solutions.
A growing number of cybersecurity experts are focusing their efforts on talent, such as George Gerchow, chief security officer of Sumo Logic, a machine data and analytics company.
“Although some [companies] have been quick to turn to new tools, I would personally take talent over tools any day,” Gerchow said. “There will always be a large offering of tools to choose from, but a very talented and smart person can add so much more value.
“For example, good talent can think critically to figure things out and fine-tune processes to make sure everything is working correctly. Ultimately, you’re always going to need talent, as tools will never be able to run completely on their own.”
While this people-first approach to cybersecurity development is gaining more traction, a concerning trend points to a worsening shortage of cybersecurity talent in the future.
Jonathan Tanner, a senior security researcher at Barracuda Networks, an enterprise security firm, has seen this shortage of qualified talent in the cybersecurity realm.
“While the number of security solutions continues to grow, the shortage of infosec workers continues to impact cybersecurity overall, and these workers remain an invaluable aspect of cybersecurity, regardless of how advanced automated solutions become,” Tanner said.
“Solutions such as SIEM and SOAR are designed to empower infosec professionals rather than replace them and are continuing to become more popular. Thus, the impact of the talent shortage is not something that can be simply fixed by more automated solutions any time soon, if ever.”
More on IT workforce shortages: Cloud Computing Job Market 2021
2. Zero trust goes mainstream
Zero trust, the concept of trusting no one and verifying all behaviors on an enterprise network or application, has been a staple in tech enterprises because of its focus on both physical and technical security protections.
With the pandemic and increasing number of security incidents from a distributed workforce, a growing number of non-tech companies are adopting zero-trust best practices as well.
Amit Bareket, co-founder and CEO of Perimeter 81, a cybersecurity and secure access service edge (SASE) company, believes that current events are raising both awareness of zero-trust security and interest in the segment.
“The concept of zero trust has moved from theory to practice and even into the mainstream,” Bareket said. “As we’ve seen with the recent mega-hacks, zero trust is no longer a nice-to-have but a must-have.
“I believe that President Biden’s recent executive order has brought the concept of zero-trust security from the IT world into the mainstream and has pushed many cybersecurity software vendors to put the zero-trust model in the front and center of their offerings.”
Many other cybersecurity approaches focus solely on the tools and not on the employee access points that often lead to hacks. Zero trust, on the other hand, focuses on user authentication, training, and agreements that make remote workspaces more secure.
Jason Lee, CISO of the video conferencing platform Zoom, believes that zero trust will continue to be important for hybrid workforces in the future.
“As companies continue to look toward the hybrid work approach, a zero-trust security model will become a higher priority for security leaders,” Lee said.
“This method requires employees be authenticated and validated before given access to appropriate applications, while also providing continuous checks as to whether employees need real-time access to sensitive data. Additionally, companies will double down on endpoint controls to ensure the remote workforce stays secure on any device.”
Learn more: Steps to Building a Zero Trust Network
3. Increasingly sophisticated ransomware attacks
As workforces become more distributed, the Internet of Things (IoT) takes greater shape, and mobile device usage continues to climb, the attack surface for malevolent actors has grown well beyond the confines of the data center.
A new hacker market, ransomware-as-a-service, has also formed, making it possible for actors without technical expertise to buy tools and services that assist them in performing ransomware attacks.
With a larger attack surface and stronger expertise, ransomware attacks have grown more advanced and widespread.
Mathieu Saulnier, a senior manager of incident response at Syntax, an IT services and enterprise resource planning (ERP) provider, believes that many companies do not realize the magnitude of these ransomware actors and what their teams can do to an organization.
“Companies must understand that ransomware is a business of its own, so there are multiple tiers in a single operation,” Saulnier said.
“There are the people building the infrastructure, doing the tooling, leading the initial exploitation, managing the lateral movement and escalation of privilege, deploying the ransom, and there are even customer services to help organizations buy bitcoin and make the payment.”
Although many companies and their employees remain unprepared for a potential attack, the majority of enterprises recognize the enormity of recent attacks and are investing in the software, support, and training necessary to protect their data and processes.
“Attacks like Kaseya, the Colonial Pipeline, and SolarWinds have put a microscope on the importance of protecting against these types of attacks and the potential risk of disruption on a global level,” Lee said.
“Preparedness is key to ransomware attacks and adding certain protections, such as minimizing the attack surface, enforcing consistent employee training, and implementing a recovery plan, is vital. Companies that incorporate a strategy for tackling ransomware can be better prepared to handle it when the challenge arises — this includes educating users on ransomware and phishing attacks, especially as they are working from home.”
A trending cyberattack: What Is Adversarial Machine Learning?
4. Platform consolidation extended detection and response (XDR)
Many companies work with piecemeal cybersecurity solutions to cover a variety of security needs, but others are shifting toward vendors and platforms that offer holistic cybersecurity solutions.
Especially at companies with limited technical knowledge on staff, the single-platform approach is simplifying navigation and the user experience for security monitoring.
Nicholas Brown, CEO of Hitachi ID, an identity management software company, explained that single-platform solutions improve threat response times and accuracy.
“[A] trend we’re seeing is the consolidation of the security stack into a single platform,” Brown said. “Cybersecurity is evolving to address different needs as attacks become more dynamic and diverse, and a single-platform security solution allows organizations to address and reduce threats faster.
“Additionally, consolidating capabilities into a single platform appeals to companies, because it helps reduce the complexity of the IT landscape. Understanding the propensity for user error when dealing with complex solutions, there is an increased need to simplify security through clean end-user experiences that create a more secure environment.”
One consolidation approach that some companies are taking in cybersecurity is extended detection and response (XDR), which coordinates data across multiple security layers — such as email, endpoint, server, and cloud — bringing them all to a single point of detection and analysis.
Brian Foster, VP of product at ReliaQuest, an XDR company, said XDR has begun to democratize the cybersecurity detection process.
“XDR holds the promise to integrate a variety of different security tools to provide visibility across an organization and detect, investigate, and respond to threats with one unified view,” Foster said.
“As the rest of the year continues and into next year, we predict more companies will begin adopting XDR solutions. Those companies who have already put XDR solutions in place will be able to confirm better insight into threats and improved security posture across the organization.”
5. Recovering from pandemic digital transformations
The COVID-19 pandemic and subsequent remote work migrations pushed many companies to quickly act on their digital transformation initiatives within months.
Although many transformations were needed and increased business efficiencies, the speed and lack of strategic planning with which these changes happened opened up new security vulnerabilities.
Chris Williams, field CTO at SecurID, a risk and identity management platform, said many companies are now trying to restructure and stabilize their digital transformation efforts from the early days of the pandemic.
“Cybersecurity is trying to contend with the fallout of the rushed digital transformations that many organizations instituted over the last year, ” Williams said. “Those transformations led to cybercriminals returning to focus on malicious identity-based attacks.
“Organizations are trying to counter that trend with a greater emphasis on proactive risk management and an increased focus on controls and processes as they relate to audit failure responses. Each of these trends has led to a greater focus on the use, risks, and access given to non-human actors, including machines, programmatic actors, and bots.”
Read next: Navigating the IoT Threat Landscape: Smart Attack and Insider Threat Detection