Looking back at the year’s challenges and ahead at a new approach to the top cyber threats of 2021
Wondering what’s in store for cyber security this year? Follow our January blog series for up-to-date information on emerging threats, insights, and predictions from the experts here at Field Effect.
The top cyber threats in 2021 might not be wildly different from those in 2020 — but how you defend against them should be.
2020 was a year of big change. Early in the year, predictions were made about the growth of machine learning and artificial intelligence in cyber security. The field was changing and growing…
…and then the global pandemic hit.
Companies in every sector were forced to adjust to sudden changes. Office spaces cleared out due to health and safety concerns as staff brought the technology they needed to work into their home.
But the rush to get staff up and running remotely raised risks to corporate data and IT networks. As a result, approaches to cyber security have had to change.
Remote work expands the threat surface
If you asked an IT manager about the biggest security challenge in 2020, chances are their answer would be, “remote work.”
Securing remote workers is hard, and the rush to enable remote work turned what would have been a normal year on its head, expanding threat surfaces everywhere as work moved to home offices.
“The rush to enable remote work expanded threat surfaces everywhere as staff moved to home offices.”
Some teams were forced to ramp up infrastructure development in an effort to keep staff and company assets safe. This urgency only exacerbated new cyber security challenges, which attackers promptly took advantage of.
In the first quarter of 2020, data breaches increased by 274% compared to the same period in 2019, costing affected companies billions. Teams everywhere felt the pressure, with Chief Information Security Officers (CISOs) and their staff taking the brunt as they spearheaded this remote-ready transformation.
The job of a CISO is already stressful enough, dealing with a barrage of issues on any given day — now imagine transforming all procedures and policies in a short span of time to transform the way a company’s workers can operate and interact, not to mention dealing with the human factor of cyber security.
Complex tech stacks and toolsets lead to alert fatigue
The headaches around complex tech stacks came to a head in 2020.
Research shows businesses use anywhere from 25 to 49 separate security tools to protect their operations, buying from as many as 10 different vendors — which may add more complexity than benefit.
In fact, a recent report found that more tools don’t necessarily equal a better security response; companies with a large security stack responded that they had a harder time detecting and responding to an attack.
“Companies with large security stacks had a harder time detecting and responding to an attack.”
The sheer alert volume creates significant noise, and over time, it becomes easier and easier for IT teams to tune out, leading to alert fatigue.
Imagine dealing with hundreds of alerts from multiple security tools at any given time and sifting through reams of data to try and figure out what’s a genuine threat and what’s a false positive.
A brief history of cyber security tools
To give you a sense of how much cyber security approaches have changed over the years, let’s take a quick look at some of the solutions that IT has turned to and the approximate year they were introduced.
- 1990 — Antivirus (AV): Traditional antivirus software is designed to prevent attackers from compromising endpoints and servers, looking for attributes of known malicious files. In the mid 2010s, “next-generation antivirus” became a popular term used to market additional AV functionality. Used in isolation or as the core tool in a set, these programs can lack the comprehensive functionality needed to address all the threats facing a business.
- 2005 — Security Information and Event Management (SIEM) software: SIEM software aggregates data and logs from tools like firewalls, antivirus software, and other detection sources. SIEM software can be costly, not to mention complex to set up and manage, as it requires careful configuration and testing to establish rules for detection. False positives are common in these cases.
- 2013 — Endpoint Detection and Response (EDR): EDR deploys an agent on an endpoint to collect data types beyond logs, enabling continuous monitoring on the endpoint — but data still needs to be analyzed by a mature security team or dedicated managed security service provider (MSSP), and the sheer volume of it can easily lead to alert fatigue when automation or support is not available.
- 2016 — Security Orchestration, Automation, and Response (SOAR) solutions: SOAR solutions aggregate information from other programs that are often not designed to work together in the first place. SOAR aims to simplify security tool management and solve the problem of tech stack complexity but can lack the cohesion and ease of use of a holistic solution.
- 2016 to present — Managed Detection and Response (MDR): Managed Detection and Response takes the benefits of EDR’s continuous monitoring a step further, delivering its benefits as a managed service. This allows companies of any size to get security expertise on their side.
Simplifying the cyber security toolset
Adding new technology to manage security has quickly become an outdated approach. Each new tool is another budget line item, and growing toolsets demand even more time to manage. Integrating these tools is another time-consuming task; finding interoperable tools that scale to your security needs is tough.
The shift to remote work has only made this more apparent, with additional challenges from the use of shadow IT solutions — tools and software that an IT team doesn’t have total control or knowledge of — that staff may put in place to support their new work setup.
Rethinking cyber security for 2021: ongoing education and evolving solutions
What does all this mean for 2021?
Security and IT teams everywhere are feeling the burn from the year that was 2020. There are new threats, too many tools and alerts — far too much for IT to manage. Cyber threats are constantly evolving as attackers uncover new exploits which means that you need an effective solution that can always stay a step ahead.
Not all companies can afford a CISO, let alone an in-house team of cyber security professionals, which only compounds these issues; you need trained staff to manage security systems, after all.
In 2020, the nature of work changed dramatically. Cyber attackers levelled up their tactics to match this changing landscape, which means that a new approach to security is needed.
This new approach starts with a holistic solution that empowers your company with a continuous view into your network, endpoints, and the cloud, allowing you to identify, prioritize, triage, and respond to cyber threats. Coupled with ongoing training and education for staff, your company will build strong security habits to better defend against potential attacks.
To stay informed about new cyber risks and how threat monitoring and detection can protect your business from cyber threats, sign up for our newsletter below.