We can safely say the first rule of 2021 will be never talk about 2020. It has been a year of struggles, and uncertainty in ways which few would have ever predicted. Most businesses have had to adapt to a completely different working environment with very different security needs.
While few will want to look back on 2020, it will have a major influence on the next year and beyond. I predict the cybersecurity industry will be seeing the impact of this year for a long time to come.
Securing the remote landscape
The sudden switch to working remotely has been, by far, one of the biggest cybersecurity risks in 2020 and we can expect this to continue into 2021. Many companies had to quickly transition from supporting a handful of occasional remote workers to managing almost their entire workforce remotely, and this really put a lot of emphasis on those companies that have lagged behind in areas like cloud migration.
Moving any remaining on-prem legacy systems to the cloud will be a major priority over the next year. This will also mean an accompanying investment into security solutions and processes that will reduce cloud infrastructure risk.
Strong access controls will be one of the biggest security priorities in 2021. Without the right controls in place, a fully remote workforce can create more opportunities for cyber-criminals to abuse. It’s easier for threat actors to hide suspicious activity when workers are logging in from a much wider variety of devices and locations and at unusual times.
As a result, it will be more important than ever for business to be armed with strong identity and access management controls that use a risk-based approach. Rather than a simple credentials check, accessing sensitive assets becomes more like an immigration check at an airport, factoring in a number of different elements.
Evolving automation and IoT
Automation and IoT have been major trends for the last few years, and I anticipate this accelerating in 2021. The use of automated, connected machines has previously been a big priority for use cases where it is expensive or dangerous to send human personnel, such as the use of drones for tasks like checking gas pipelines for faults.
Looking ahead I anticipate the use of IoT and automation to expand into other use cases as it becomes more beneficial to keep staff working remotely and safely.
Outside of the influence of the pandemic, developing technology has also made IoT much more viable. 5G, for example, not only provides much faster data transfer speeds, but also reduces power consumption. This means connected devices can be built to be smaller, more efficient, and more affordable. The increased use of connected devices also means a bigger focus on security. Device software must be well-secured, and connections governed with access management processes.
The impact on the security industry
The accelerated shift towards remote working will also have a big impact on recruitment and career opportunities within our own industry. People have long uprooted their lives to travel hundreds of miles away for job opportunities: 2020 has proven that this is rarely a necessity in many fields, particularly in cybersecurity.
Even once the COVID-19 pandemic is finally in the rear-view mirror, it’s unlikely this trend will reverse. Over the next few years, I anticipate tech hot spots like New York City and San Francisco beginning to dissipate as location becomes less important.
Individuals will also have more freedom to pursue careers without being limited by location, which is certainly a boon for the security industry. Vendors and organizations will be able to hire the best in the business while being much less limited by their geographical location.
Some companies in the security sector were already running fully remote operations before the pandemic. Firms need very strong company ethics, solid communication strategies, and reliable metrics for measuring progress to make this work. Many security jobs will also require reliable, high-speed internet connections.
Working remotely for extended periods of time requires discipline and focus, so these traits will become more important when hiring – although this is already an important skillset for most cybersecurity roles.
The political influence
Also, 2021 will be the year of Brexit as the transition period ends. One aspect that is often overlooked is data sovereignty. The UK will have its own equivalent version of the GDPR, but there will be no agreements in place with the EU or elsewhere. If Brexit progresses with no deal and without the UK’s ‘data adequacy’ status being agreed, every company in the UK that relies on processing data from overseas will potentially need their own binding legal agreements for transferring and handling data.
For smaller companies that don’t have binding legal agreements, this is expected to be a costly and time-consuming process. As a result, we will likely see more data being stored locally.
Looking overseas, the US election was one of the most influential events that will shape the landscape of 2021. Cybersecurity was given very little oxygen during the presidential debates, but many in the industry are hopeful of an increased focus on security spending. Biden has previously supported some of the administration’s cyber policies, such as military authority to launch counter attacks against the US’s adversaries.
Agreeing to a replacement for the Privacy Shield agreement between the US and EU will be one of the most pressing cyber issues. However, it remains to be seen how much of a priority developing or reshaping the cyber landscape will be.