As the year draws to a close, it’s tempting to reflect 2020, a year of which brought about unprecedented change across the globe. But in the technology industry—and most of all, the cybersecurity industry—we look to the future, not the past. This week, Egress CEO Tony Pepper sat down to talk about the key cybersecurity trends that he expects to dominate the conversation in 2021. After a year that transformed the way we live and work, it’s time to look ahead to what 2021 might bring.
Moderator: Thank you for being here to discuss your thoughts on what we can expect over the coming year in the world of cybersecurity. I want to start out talking about one of 2020's big developments - digital transformation and remote working. Do you see this continuing to influence the cybersecurity space in 2021, as employees start to head back to the office?
Tony Pepper: The “new normal” of remote working in 2020 rapidly became just “normal” as the pandemic continued throughout the year. We might not have loved it all the time, but we’ve certainly had to accept a work life that relies on Zoom meetings, Teams chats and sending more emails! With a vaccine on the near horizon, it’s likely we’ll soon be resurrecting the phrase “new normal” as we talk about implementing flexible working across homes and offices worldwide.
This change is likely to cause disruption and we’ll no doubt see a surge in phishing attacks related to the COVID vaccine imminently and continuing in 2021. Another prime topic will be communications about returning to the office, for example desk-booking or needing to re-authorise access keys. As well as inbound security incidents, we’re also going to continue to see the rise in outbound email data breaches that’s been a hallmark of remote working. Recent research shows that over half or organizations have seen a 50% increase in outbound email traffic since March 2020 – and with that, a rise in human-activated security incidents, such as adding the wrong email address (often a result of Outlook autocomplete), attaching the wrong documents, or forgetting to use the Bcc field. Flexible working will see our reliance on email continue in 2021 and, with it, the chance for data to be put a risk.
Moderator: Continuing on the theme of accelerated digital transformation, how do you see this affecting the way that organisations approach their security strategy in 2021?
Tony Pepper: The COVID-19 pandemic changed the way every organization operates, most obviously through increased reliance on email and other digital mechanisms for communication to support remote working and distanced service delivery. Previously, many organizations have had conversations about digital transformation in silo to security; they’ve frequently been seen as completely separate. The accelerated digital transformation in 2020, however, will inevitably cause data breaches in 2021, as systems that were hastily implemented to survive a short-term pandemic now have to sustain our ongoing ‘new normal’ of flexible working and service provision.
In 2021, we’ll see a more overt and conscious coupling between digital transformation and security, as organisations shore up new systems or replace them altogether to meet the data privacy assurances demanded by clients and global regulations. This is a union that is set to last, with more and more sensitive data being digitised now and in the future.
Moderator: What specific security challenges were brought about by the shift to remote working in 2020? Do you think that organisations will continue to focus on these challenges going into 2021?
Tony Pepper: “As technology changed the ways we work, organisations first looked to secure their network layer and then their application layer. 2021 will be the year we secure the human layer.
“Remote working has amplified insider risk in 2020. Most organisations rapidly went from centralised office locations that were people’s primary place of work, to their employees being scattered across counties and even countries, and operating from dining tables, spare bedrooms and, for the lucky few, home offices. Overnight, this magnified the risk that each individual poses to sensitive personal and privileged information. At the end of the day, most people are simply trying to do their jobs well and effectively – but we all make mistakes, like sending an email to wrong person or forgetting to redact non-pertinent data from a file. When the pandemic passes, we won’t return to the old ways of working from single office locations – and securing individuals will remain a top priority for organisations in 2021 and beyond as they support flexible hybrid working between offices and homes for the foreseeable future.”
Moderator: As a result of remote working, many organisations have become more reliant on certain tools, such as email, chat tools and video calling platforms. How do you see this affecting the cybersecurity landscape in 2021?
Tony Pepper: Microsoft has been one of the winners in 2020. There’s no doubt about it. The pandemic significantly accelerated adoption of Microsoft 365, with organisations making heavy use of applications like Teams to facilitate remote working. This rapid migration has inevitably opened doors within the hosted environment, with more organisations moving to Outlook for Microsoft 365 as a result. As part of this move, we’ll see an increasing number of organisations augmenting Microsoft 365 email security with intelligent third-party solutions, specifically using machine learning to mitigate human-activated, and often outbound, email security threats – such as data loss through email and responses to sophisticated spear phishing attacks.
Moderator: You’ve mentioned insider risk, and the part you think it will play in 2021. How do you think that organisations will respond to this risk – will they start to take action?
Tony Pepper: “If 2020 has taught us anything, it’s the importance of securing the individuals within our organisation’s human layer. Our centralised workplaces closed overnight, amplifying the role of individuals within our security strategies and the risks they each bring. Advanced machine learning technologies that examine the context within which individuals make decisions and alert them to risky behaviour have been utilised by early adopters to tackle insider threats – but in 2021, we’re going to see this technology move to the mainstream. With growing data privacy awareness has come greater scrutiny from clients and consumers, who demand their sensitive information be kept safe. Legacy technologies that are built on static rules simply can’t stand up this pressure, and we’re instead going to see even greater adoption of intelligent security technologies that use contextual machine learning to keep data safe.”
Moderator: Thanks, Tony. And thank you all for taking the time to sit down and discuss what the cybersecurity industry can expect from 2021. We look forward to seeing what the new year has in store for Egress and the wider industry!