Mind the Gaps: Refocusing Security Efforts in 2021

2021 is shaping up to be another challenging year for IT security teams.  The coronavirus pandemic sent shockwaves through entire organisations.  As we approach the ‘one year on’ marker, security teams are still wrestling with a broad set of challenges brought on by a rapid deployment of tools, technologies and processes over the last year.

Many of these challenges stem from the widespread shift to remote working.  Initially rolled out to support business continuity at the outset of the pandemic, remote working – in some form or another – is fast becoming a permanent fixture of the modern workplace.

Indeed, a recent Gartner survey of business leaders in key industries suggests 82% will permit remote working some of the time as employees are allowed to return to the workplace.  Almost half intend to let employees work remotely full time.

During the initial roll out – which, for many organisations happened in a matter of days – the threat landscape changed completely.  The corporate network now extends far beyond the four walls of the office – into people’s homes, co-working facilities and other non-organisational premises – and a far greater variety of mobile devices are now connected to it.  IT security teams are now grappling with the major data security issues now apparent in both the scope of these changes and the rushed nature of their roll out.  These challenges are compounded by the impending shift to a hybrid working model in the long term. 

An evolving threat landscape

It is the combination of employees working flexibly – both onsite and remotely – and the evolving threat landscape that cements the ongoing challenge for security teams this year.

Deloitte’s Cyber Intelligence Centre observed a significant spike in phishing attacks, malspams and ransomware in 2020, with threat actors using COVID-19 as bait to mislead employees working outside the confines of the corporate environment.  Furthermore, as one of the most challenging years in modern history came to a close, security teams witnessed the result of the most widespread advanced persistent threat (APT) attack in the history of cyberwarfare – one that Microsoft called a “moment of reckoning” in the evolution of cybersecurity threats.  

As this evolution continues its relentless march forwards in 2021, IT security teams should focus on closing three key security gaps:

1. Reducing collaboration sprawl

Collaboration tools delivered innumerable benefits during the pandemic, but with this came some clear associated risks.  Employees have spent months rolling out a variety of collaboration tools, such as Microsoft Teams, Slack, Zoom and OneDrive.  However, as a recent report from Aternity demonstrated, the unintended result was a significant increase in collaboration application sprawl, with employees adopting numerous collaboration tools for internal, external and ad hoc communications. 

This extends the organisation’s threat surface and has the potential to impact data governance in new ways.  For security teams, simply gaining visibility into the sheer volume of these new applications is challenging enough – effectively monitoring, managing and securing these platforms can be far more difficult. 

Addressing these risks should focus on two key areas:

1. Enhancing training and employee engagement to mitigate the risk to data governance.  Confidential information is now moving off premises and into new collaboration platforms.  Employees must be acutely aware of this to ensure they are using and securing data in accordance with information handling policies. 
2. Full cyber risk audits are the only way to fully understand the impact of the new collaboration landscape.  This should ensure basic policies are being adhered to, multi-factor authentication is enforcing least privileged access and sensitive data is properly classified.

2. Extending security controls to a disparate workforce

The hybrid working environment means it will be more important than ever to focus on ensuring users are working to best practices.  Co-working venues are likely to become more popular as permanent office spaces become less viable and more businesses – such as pubs, cafés and restaurants – are providing co-working options as an additional revenue stream.  While many dedicated co-working spaces are security conscious, those new to the format may be less so.  Employees working from these locations often do so without the knowledge of security teams.  Doing so opens up another avenue for potential bad actors to compromise devices and services via man-in-the-middle (MITM) and similar style tactics.  Going forwards, this will force organisations to consider a much broader range of security tools and potential attack types.

With more employees now working on mobile devices – particularly in a bring your own device (BYOD) format – it will be vital to ensure these are properly secured, as the attack surface is now far wider.  This threat is further amplified by the associated increase in cloud adoption.  The focus here should cover:

• Strong unified endpoint management (UEM)
• Data loss prevention (DLP) policies
• The application of a cloud access security broker (CASB)

These will provide visibility – on a user, device and activity level – as well as the ability to enforce granular security policies, for example on files or messages containing sensitive or restricted data.  This will also extend both visibility and manageability to other third-party cloud applications.

3. Change perceptions around penetration testing

With employees now working far beyond the four walls of the protected corporate environment, security teams will need to rethink traditional approaches to penetration testing.  With employees working from many different locations and devices, manual point in time pen testing will no longer be enough.  New configurations, tools, users and locations all present new risks.  While a manual pen test may identify security gaps on any given day or week, the likelihood is that in the days afterwards, new risks will emerge. 

Change is the new constant in 2021 and with it, comes the need for continuous testing.  Security teams will need a consistent view of potential issues on a continuous basis to secure the ever-changing hybrid corporate network.  This means harnessing the power of software – in the form of automated penetration testing – to identify gaps in their security environment at scale and at speed. 

Keep one eye on the horizon

If 2020 taught us anything, it’s to expect the unexpected.  Closing these key gaps should be a main priority for security teams this year, but the long-term challenge is far broader.  The pandemic fundamentally reshaped how businesses operate and accelerated the adoption of digital or digitally enabled products by as much as seven years.  This will usher in a new era of scalability, agility and innovation, but one thing is for sure: there are a plethora of new threats, unknown vulnerabilities and open gaps lurking beneath.  Security professionals will need one eye on the horizon at all times and a laser focus on the emerging threats most likely to affect their now fundamentally changed organisations.