While we couldn’t predict what happened in 2020, we can be certain that this year’s events will have a significant impact on how businesses are run and how we work in 2021 and beyond. People will become the priority for every company’s 2021 strategies — with leaders putting their people’s well-being and security at the top of the agenda. The pressure on IT and security teams will grow. They’ll need to overcome challenges like employee security and productivity, find ways to protect the “human layer” within an organization and deliver a frictionless experience for people as they opt to work from anywhere, in order to help their businesses thrive in 2021.
There’s a lot to think about, but these are the three top trends that I believe IT and security teams must keep top of mind as we look toward the new year.
1. The corporate network we know of will no longer exist
Remote work — in some form — will undoubtedly stay. It would be naive of businesses to think that they’ll go back to the old ways of working as employees now expect to work both from home and in the office. In fact, according to a survey we conducted at Tessian, 89% of U.K. and U.S. employees report they do not want to work exclusively in an office. IT leaders, therefore, must address the fact that the concept of a network, as we’ve previously known it, will disappear. That means company security is now very much dependent on employees.
Instead of just securing networks and endpoints, it’s important that CISOs consider how their 2021 security strategy will protect their remote workers while empowering them to work productively and flexibly. All too often, security solutions can stand in the way of people getting their work done, and they’ll quickly find unsafe workarounds. Companies must make security as flexible as their people in 2021 or risk falling behind the competition.
2. Account takeover will make phishing attacks more difficult to detect
Account takeover (ATO) — whereby an attacker accesses the email account of a trusted sender and impersonates them to solicit money, data or personal information — will surge as attackers further advance their phishing techniques and make their scams more convincing in 2021.
While some companies have educated their employees on how to spot a phishing email over the past year, people receiving these fraudulent emails from ATO attacks won’t be able to tell that a trusted person in their network has been compromised. Why? Because the emails appear legitimate — they use the real domain name and, supposedly, come from a trusted contact — and they also pass email authentication mechanisms. It’s unlikely that someone would question it.
This makes ATO a huge problem for businesses to solve that will inhibit people’s trust in email in 2021, and make it near impossible for IT teams to stop employees from falling victim to these scams. Businesses, therefore, need to recognize threats from their extended networks and adopt a zero-trust model of email security. Advanced technology and security solutions that use behavioral analysis, communications patterns, natural language processing and machine learning to spot anomalous email sending patterns will also be invaluable for teams to detect incidents of account takeover — before it’s too late.
3. The supply chain becomes a bigger threat to companies' security posture
A company cannot control the security behaviors of its vendors, partners or suppliers. Therefore, it will never have complete visibility into breaches that happened across its network. Cybercriminals take advantage of this visibility gap. By accessing the accounts, login credentials or employees at a smaller company through malware or phishing attacks, cybercriminals can impersonate that third party and target a larger company’s data, systems or employees.
Sadly, the knock-on effects of Covid-19 will only increase this type of third-party risk. Employees will continue working remotely, which numerous reports have linked to a higher vulnerability to phishing attacks and more difficulty verifying requests. Further, economic instability in 2021 may lead to IT budgets being cut. CISOs cannot know how much their partners or suppliers are prioritizing security or how much risk is involved in working with them. Again, I stress the point that IT leaders must overcome threats from their extended network and protect their entire email ecosystem.
Prepare for an uncertain future
It’s safe to say that we’ll face more uncertainty in the coming year, but the leaders that prioritize securing the human layer will be better positioned to stop threats like ATO, and empower their employees to make smarter security decisions, regardless of where they are working from. Greater visibility into the human layer will be critical to businesses, especially as IT budgets and resources continue to decrease in the coming year.