MID-YEAR FOLLOW UP: 2021 Security Anti-Predictions

Back in January, we took a slightly different approach to the annual trend prediction blog post and instead sounded off about what the cybersecurity community predicted would NOT happen in 2021. At the time, industry veteran and Vice President of Security Strategy at Lightstream, Rafal Los took to social media to ask, “What’s the thing that probably won’t happen in cybersecurity in 2021?” Now that we’re midway through the year, we wanted to check in and see how accurate their anti-predictions were.

Tied for #1: Password Elimination & Meaningful Asset Management

Raf’s social media followers resoundingly agreed in January that we wouldn’t see an end to passwords as a means to protect our assets, and it shouldn’t come as a surprise to anyone that this forecast was 100% accurate. We still don’t have a better way to protect our personal and enterprise data, as thumb print and facial recognition technology have not yet evolved to ironclad status.

And though the work-from-home trend is not as strong as it was at the start of the year, the unpredictability of the COVID-19 virus continues to cause skepticism about re-implementing a full-time, on-site work strategy. That means remote workers continue to be at risk for identity-related breaches, and maintaining control of computer-related assets, including software, unauthorized devices and loss of security is still a major priority for corporate IT.

Asset management remains a significant challenge, particularly for the mid-sized business market that lacks the deep pockets to afford the security measures that large corporations have in place. Therefore, IT professionals must utilize the remainder of the year to adopt new ways to improve the identification, tracking and management of employees, applications and devices that access resources.

#2: Widespread Zero Trust Adoption

Most of Rafal Los’s respondents shared the sentiment early in 2021 that while the adoption of Zero Trust principles was imperative for the advancement of cybersecurity, they weren’t confident about it being widely adopted in the immediate future. As it turns out, we’re happy to report that this prediction may have been short sighted.

It’s possible that they underestimated COVID-19’s ability to accelerate the adoption of a Zero Trust model. It seems that the pandemic and resulting rise in cybersecurity attacks have fueled investments in new cybersecurity strategies as well as the buzz surrounding Zero Trust security.

According to CISO Mag, a recent report highlighted that more than three-quarters (78%) of companies around the world say that Zero Trust has increased in priority and nearly 90% are currently working on a Zero Trust initiative (up from just 41% a year ago).

The security of every organization depends on a new way of thinking, and the Zero Trust model of “never trusting, always verifying” is profoundly beneficial in an environment where remote working continues to be a trend. Lightstream’s Managed Security Services platform incorporates automation, Zero Trust concepts, best practices and industry-specific compliance to help IT leaders manage costs effectively, reduce complexity and improve the efficiency and efficacy of data center, network and cloud security.

#3: Fully Patched Environments/Systems

At the outset of 2021, Rafal Los’s social media followers were spot-on in their prediction that fully patched environments and systems would be highly unlikely this year. A perfect example of this is Microsoft’s so-called Printnightmare vulnerability that continues to be an issue as of the date of this blog post. Microsoft released a patch for this Print Spooling vulnerability in June of 2021. However, as we explained in January, much like how water usually finds a way to break through that patch in your garden hose, attackers are experts in finding ways to circumvent applied patches when the underlying cause is not fully remediated.

This patch, like so many others released by software providers, can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems.

The process of identifying, categorizing, prioritizing, and resolving vulnerabilities in operating systems, enterprise applications (whether in the cloud or on-premises), browsers and end-user applications is an ongoing process that requires considerable time and resources. Therefore, we stand by our advice for enterprise IT to consider outsourcing this initiative to a trusted provider.

#4: Elimination of Phishing

We were far from shocked when many of Raf’s social media followers were emphatic that phishing scams would continue to haunt corporate IT in 2021. In fact, Digital Information World reported that a recent study found that phishing site volume in Q1 of 2021 outpaced Q1 of 2020 by 47 percent. They further reported that phishing is an ever-growing problem particularly for e-commerce and cryptocurrency platforms, but that social media and other sites and platforms that offer financial services also continue to experience phishing at a high rate.

According to the Federal Trade Commission (FTC), scammers were increasingly causing a threat to online retail shoppers, the rental car market, job searchers, and those seeking mortgage relief. They also warned against government imposter scams. The FTC recently issued the following alert:

COVID opened the door for scammers to double down on their worst practices, while preying on consumers during an unprecedented pandemic. 

Moreover, Harvard Business Review recently reported that 2021 has seen a dramatic increase in business-related phishing scams, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis. Lightstream recommends that IT professionals take a multi-faceted security approach to lessen the number of phishing attacks and reduce the impact when attacks do occur.

#5: Unification of C-Suite & Security Professionals

Some of Raf’s respondents forecasted that there would continue to be a dangerous rift between security professionals and the executives/boards they support. A June 2021 Security Magazine article stated that because the majority of security leaders are three steps away from the CEO, only 37% of security professionals believe their organization values and effectively leverages the expertise of the cybersecurity leader. Furthermore, cybersecurity leaders shared they have assumed more accountability and risk, but struggle to achieve the desired security posture, because they are not seen as influential or valued members of their peer group. If you ask us, the next six months represent a major opportunity for companies to develop strategies to ensure accountability “goes both ways.”

#6: Effective Use of Machine Learning

Despite the skepticism expressed by Rafal Los and his social media respondents earlier this year, it seems that enterprise budgets for Artificial Intelligence (AI) and Machine Learning (ML) have been on the rise in 2021. Inside Big Data reported in July that The AI industry is growing and we’re seeing a shift in priorities to more organizations viewing deployment of practical AI as a core strategy and moving away from mere experimentation. Several media outlets are reporting an uptick in the use of machine learning in healthcare and finance, with AI and ML being used to improve consumer experience and engagement, automate business practices, predict cardiovascular disease and mortality, and translate brain signals from paralyzed patients.

Contact Lightstream to find out how we can help you unify strategies to build secure, generational capabilities that can help your organization accomplish its goals in 2021 and beyond.