The digital landscape has witnessed security threats like never before and nudged people and corporates to be prepared with a comprehensive strategy.
By Emmanuel de Roquefeuil
From adjusting to the new normal to meeting the subsequent security challenges, the recent times have been full of learning, change and evolution. The digital landscape has witnessed security threats like never before and nudged people and corporates to be prepared with a comprehensive strategy.
The recently released ‘Thales Access Management Index’ – Asia Pacific and Japan Edition revealed that concerns around the threats of cyberattacks are prompting businesses in the region to take charge.It depicts that around two thirds (67%) of the respondents reported that secure access management is now a priority for the board to help them address their concerns over the lack of solutions. India has been catching up with this novel challenge and is accordingly accelerating its scope of indigenous consumer digital technology. Companies and consumers have been initiating the creation of a robust security ecosystem.
In the current scenario, digital technologies, and an all-round security ecosystem for them is set to take highest priority. Listed below are some of the top trends that are expected to shape the security scenario going forward-
Companies to encrypt data in order to respond to Crypto-Ransomware
As businesses progress with their digital transformation programmes, they will increasingly become attractive targets for ransomware gangs. As a result, we are likely to see a dramatic uptick in companies being targeted for crypto ransoms in 2021 or conducting resiliency exercises.
However, organizations are now realizing that even if they manage to confidently restore their operations from a ransomware attack, they still may end up paying the ransom so as to ensure that the data does not get into the public domain. This is because the data being held hostage during the ransomware attack was unencrypted and is now vulnerable to the attacker, thus releasing sensitive data in the public domain.
So, it is expected that 2021 shall see companies augmenting their strategy to fight ransomware. This will be done by adding encryption of data along with secure key management so as to be truly resilient to ransomware attacks.
Separation of duties by having the Encryption Keys managed outside the Cloud Platform/Service Provider
With the adoption of Cloud Platforms continuing to see an increase, 2021 shall witness companies making their choices on having to manage their encryption keys outside the native cloud platform. This will allow an auditable control over the usage of the keys. Bring Your Own Keys (BYOK), Hold Your Own Keys (HYOK), and Key lifecycle management will increasingly be areas of discussion while making decisions for Cloud transformation.
Cybercrime set to increase as companies look to continue work from home for employees
Remote-working is going to stay in 2021, as companies look to strike a better work-life balance for their employees. As a result, we expect to see an increase in use of personal devices for office work. At the same time, the adoption of casual connected devices like baby monitors and security cameras, connected to same home Wi-Fi network being used for work could allow hackers access to confidential work conversations. This could open the door to a new set of possible entry points for cyber-criminals.
Platform based approach to cybersecurity shall be considered as a way to balance the skills shortage while improving the security posture
While some employees accessing their organisation’s most sensitive data from their homes, hackers are devising new methods of attack, preying on businesses’ security ring weakened by the insecure implementation of remote-working setup. However, with a security talent gap, businesses may find it difficult to hire enough employees with the right skills to maintain required level of cybersecurity. As such, 2021 will see a drastic shift with businesses opting to go for a platform approach that allows them a single pane of glass visibility and control to their data protection needs through Data Discovery, Data Protection (through encryption, tokenization and masking), and Control on the sensitive key material. With this, the requirement of training their people on multiple products can be avoided. Additionally, the organisations will also benefit from the cohesive integration that is available from a platform vis-à-vis point-products.
Preparing for Post Quantum Crypto world
Scientists say that quantum computing will cause seismic shifts in cryptography as we know it and will put all known split key (or asymmetric) cryptographic algorithms at risk. The National Institute of Standards and Technology (NIST) is already researching methods to deal with the effects of quantum power, and for good reason: hackers may access quantum computers as they become commercial. Quantum computers can launch attacks that break asymmetric cryptography, rendering the entire PKI-based encryption method obsolete.
As technology becomes capable of defeating a higher proportion of current and legacy security efforts, cybersecurity in 2021 will be defined by the need to stand out. Therefore, governments and organizations, are racing to become cryptographically quantum resilient. Companies will continue to make progress with adjustments that are needed to improve their security posture in the wake of distributed infrastructure as well as distributed workforce.
Subsequently, more critical systems will start to look at adoption of Quantum safe Key Distribution besides preparing their systems for scenarios that may need to respond swiftly by changing the underlying crypto algorithms and/or crypto key lengths to be used in the wake of new realities. The dawn of crypto-agile solutions is expected to accelerate in 2021.
Government and companies together to deploy trusted digital identities
As the world becomes increasingly digital focused, 2021 will see more digital identity initiatives popup. This will have to come along secure digital identity verification solutions based on official ID document checks. Despite the way things have transformed for people this year, physical documents are still required for identification purposes, when opening a new bank account for instance. However, people want to be able to verify themselves digitally in a safe and convenient way. To make this happen, a private and public sector cooperation is expected to offer users convenience and security when trying to get authenticated through online platforms.
Cybersecurity recruitment to coincide with vaccine roll out
If 2020 is to be defined by the Coronavirus, then 2021 will, hopefully, be the year of the vaccine. Scientists and medical professionals have been working against the clock to produce a vaccine that will mitigate the virus but within that, unfortunately, are threat actors looking to upset the process and steal data. With medical and logistical information at such a premium, countries face a cybersecurity talent shortage that could leave its health industry exposed. In 2021, expect to see a greater effort from the healthcare industry to access cybersecurity expertise both from a recruitment perspective and a partnership viewpoint.
The current landscape that has risen with the advent of COVID-19 provides IT leaders with an opportunity to rapidly progress their digital transformation plans with the necessary protections in place. As technology will continue to take the centre stage, India shall positively witness a ratchet in the intensity of its digital innovation domain.
The author is VP & Country Director, Thales in India.
Article: The road ahead for Cyber Security