Without doubt, COVID-19 crisis was responsible for the biggest technology challenge organizations faced last year. With employees required to work from home, distributed workplaces, and a rise in unsecured devices, cybersecurity quickly became a top priority for many organizations. As companies continue to juggle accelerated IT strategies and hybrid work structures, here are my top 5 predictions that security leaders and businesses must consider in 2021:
1) The rise in complex security attacks is set to continue
Expect another exponential increase in ransomware, phishing, privileged access credential abuse and endpoint security attacks. 64% of clients surveyed by EY teams expect to somewhat or significantly increase their investment in cybersecurity in the light of these threats.
2) Fear of disruption overtakes fear of breach
The rise of disruption caused by nation-state attacks and social hacktivism will continue – meaning business continuity will overtake concerns around privacy and data theft in 2021, with 59% of EY clients surveyed in the Global Information Security Survey experiencing an increase in disruptive attacks over the past year.
3) Cyber simplification and improved incident response become the priority
Organizations’ 2021 cyber strategies will focus on simplification and automation of key cyber activities, improving the mean time to detect and respond to a cyber incident and assuring the security of trusted third parties, as concerns about the cybersecurity risks in the digital ecosystem become as high a priority as protecting organizations’ own systems and data.
4) The need to respond to the regulatory push for minimum cyber standards will drive most spend
Regulators that have not already done so will begin to mandate minimum cyber standards, starting with critical national infrastructure and then extending beyond, with regulatory compliance continuing to be the single biggest main driver for organizations’ cyber spend.
5) Cybersecurity controls will need to be retrofitted to all the digital changes made in response to the pandemic
Organizations will need to continue to focus on retrofitting cybersecurity controls following the digital response to the pandemic, with 45% of clients surveyed by EY post-COVID-19 saying they have adopted new technology because of remote working, and 60% saying they have abbreviated or skipped the security review in doing so.
As the complexity and frequency of cyber-attacks increases, and remote work becomes a more permanent fixture, we need to insist on cybersecurity being a built-in feature of day to day business, and not a bolt-on afterthought.
Richard Watson-EY Asia-Pacific Cybersecurity Risk Consulting Leader,*The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.