There’s nothing like another significant security breach to once again remind us all that, whether we like it or not, security has to remain top of mind and a priority for businesses, organizations, and individuals alike. News of the U.S. Treasury and Commerce Depts. hack, also referred to as the active exploitation of SolarWinds software, should force organizations to once again rethink their security strategies, and re-evaluate their risk landscape. I’ve heard a CISO and good friend of mine mention more often than not, “don’t let a good security incident go to waste”.
While those on the front lines of the security battle are made aware of many more security breaches and incidents than me, or the casual reader of this article, the silver lining behind the front-page stories is that they have the ability to raise increased awareness across a wider, larger and broader range of individuals. Perhaps those individuals who are trying to decide where to spend their 2021 budgets or place increase focus.
While it is likely that most organizations have already finalized their 2021 budgets, there may still be opportunities to decide where that money should be spent. With that said, the number of articles surrounding 2021 cybersecurity trends will continue to grow from now through the first quarter of 2021. Reflecting on some of the content that’s already been published, these are a few cyber trends that warrant additional focus for the coming year.
What is Trending in Cybersecurity?
People – Is Cybersecurity in High Demand?
While the heading “People” may seem a little boring and not nearly as exciting as other “Cyber” type topics, people should represent an organization’s most important asset. We are constantly bombarded with headlines pertaining to non-human solutions like automation, machine learning, artificial intelligence, and the exponential growth of security and technology solutions. However, the majority of these solutions still require boots on the ground or a warm body to deploy, manage, and administer them. Wherever, or whatever you decide to spend your 2021 security money on, who is going to operate it?
There are several reports that suggest in 2021 we should see over 3 million security jobs go unfilled. College grads or those just barely starting their careers clearly won’t fill the gap. Considering that number, it may be a good time to consider the current structure of your security team and revisit succession planning. Given the competitive market that exists for security professionals, how easy will it be for you to replace your security team if and when they decide to jump ship?
One area to consider is your investment strategy. Over the years, I’ve heard several executives express concerns about investing in their current IT or security teams. The common response is why should I train, certify, or strengthen my people, only to watch them leave to work for someone else. That’s a fair question and a common dilemma. To help solve or answer that question, it may be beneficial to understand the cost of replacing your security professionals and compare that against any proposed security training or educational opportunity. The dollars spent on additional training may seem much smaller when compared to projected replacement costs.
It’s important to remember as well that investments in people also represent an investment in your security tooling. During AWS re:Invent this year, Steve Schmidt (AWS CISO), said that AWS releases one new security feature or service update every day. And that’s only for security! How can you make the most of your suite of security tooling if your teams remain untrained or haven’t maintained pace with the ever-changing security landscape? In short, investing in and maintaining a strong security team is a risk and concern that should continue to trend upwards throughout 2021.
Extended Detection and Response (XDR)
Gartner defines XDR as “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components”. That’s a mouthful. To me, XDR at its best represents a combination of SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response).
The concept behind the idea makes perfect sense and should definitely see increased attention in 2021. As mentioned above, the number of security tools that exist today is overwhelming. Deploying those tools at each layer of the technology environment is time-consuming. Getting all of those different vendor-provided tools to work together to identify true cybersecurity threats and reduce false positives seems like a fairy tale. That’s where XDR is designed to help.
XDR solutions are designed to collect and correlate data from multiple security solutions and then identify, quantify, and prioritize the true threats to an organization’s IT landscape. The proposition of a solution collecting events and output from multiple security tools, performing automated analysis, and then displaying only critical events onto a single pane of glass seems all too good to be true. But in all reality, organizations may find themselves in a position where they have no choice but to look at XDR as a viable solution. With the rapid increase in deployed security solutions within an organization’s technology environment and the shortage of people to manage and maintain them, a centralized solution to help drive automation and unity across several solutions and multiple datasets are becoming a necessity.
Some XDRs also come with the promise of being able to provide opportunities for automated response which is a concept that is also increasing in importance. As with all security solutions, organizations should exercise caution and perform their own due diligence prior to making investments in complex solutions that rely on data and heavy automation to be effective. Gartner issued a report in 2019 titled “Make Sure Your Organization Is Mature Enough for SOAR”.
While the focus of the article is on SOAR, the point of focus is valuable when evaluating any complex overarching security solution that requires lots of data and automation to work effectively. Unfortunately for me, I found the article after I had already made a poor SOAR investment decision. Too bad I can’t blame 2020 for that one. Make sure you have the right people, processes, and technology in place before making a long term investment in the latest and greatest technology solution.
Secure Access Service Edge (SASE)
According to Gartner, “SASE is a new package of technologies including SD-WAN, SWG, CASB, ZTNA and FWaaS as core abilities, with the ability to identify sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels”. As noted with the XDR Gartner description above, Gartner loves long and complex descriptions.
The key term used by Gartner is “package”. SASE isn’t necessarily a new piece of tech or radical new idea pertaining to networking and access control but rather a collection of services that some organizations may already be using. To better understand the concept of SASE, it would be wise to look deeper into the technologies that make up the package, specifically:
- SD-WAN – Software-defined wide-area network
- SWG – Secure Web Gateway
- CASB – Cloud Access Security Broker
- ZTNA – Zero Trust Network Access
- FWaaS – Firewall as a Service
Diving into each of the noted technologies included in the SASE package highlights several common benefits that justify why SASE should continue to trend upwards in 2021. Namely:
- Cloud friendly
- Better support for the remote workforce
- Faster response times
- Software not hardware driven
- Reduced time to implementation
- Improved security
There is certainly a common theme between these benefits and those that are advertised by more mature cloud SaaS and PaaS providers. The common theme seems to be that your apps have already moved to the cloud, so shouldn’t your network. The argument makes sense.
Linford has seen several clients close their office doors during the COVID-19 pandemic as current conditions have required them to adopt a completely remote work strategy. Why maintain expensive office space in San Francisco and New York when mandates like shelter in place have been given. The legacy mindset of a brick and mortar office space with internally housed infrastructure and networking equipment continues to become a thing of the past. SASE is one more set of solutions that enable that transition.
Conclusion – What is the Future of Cybersecurity?
2020 has been an unforgettable year. While no one really knows what 2021 holds, we should look to the future with confidence and optimism. One thing is for certain: security, cloud adoption, and a growing remote workforce will continue to trend upwards in the new year. Make sure you are evaluating and considering new technologies that may help you maintain a secure and competitive advantage. For questions surrounding this article, or any of the services provided by Linford, please contact us.
Mark Larson started working in the technology industry in 1998 where he worked in a number of different roles prior to transitioning to the public accounting world in 2004 with Ernst & Young (EY). During his 6 years at EY, Mark provided both assurance and advisory services that spanned multiple industries for both public and private companies. After leaving EY, Mark filled leadership roles within Internal Audit, Technology, and Security functions for several companies. Mark specializes in SOC examinations and enjoys helping clients establish, formalize, and report on effective control environments while strengthening their security risk profile.