In turbulent times, trust remains critical

Organized cybercrime groups are finding ransomware all too lucrative to ignore as the pandemic undermines global economic stability. There are three ongoing threats that businesses everywhere will need to anticipate and prepare for in 2021:

The rise in ransom demands, which have soared from six-figure sums into millions of dollars.

The dramatic rise in the cost of remediation amid the proliferation of remote working arrangements, with criminals increasingly targeting the infrastructures that support today’s distributed workforce.

Double extortion, in which criminal groups have begun blackmailing firms with the threat of auctioning or publicizing stolen data.

Firms typically find themselves torn between the reputational risk of ‘financing’ organized crime by complying with demands and fulfilling their fiduciary duty to protect shareholder interests. More often than not, unfortunately, businesses are ‘paying up’ in order to maintain operations and avoid potentially catastrophic results.

Insurers may find themselves carrying a growing burden of claims, review premiums and worry over potential exposure to future large-scale ransomware attacks. In response, it’s likely that governments will take action through regulatory sanctions against organized-crime groups, with insurers brokering a middle ground between firms whose survival is on the line and the legal consequences of sanctions violations.

A positive outcome would be a highly productive heightening of collaboration between governments, law enforcement and technology firms, as they ‘circle the wagons’ to devise active defense programs and more big takedowns aimed at crippling the criminal underworld’s formidable infrastructure.

Tensions arising over the diversity of ideological views concerning governance of cyberspace have been evident among nations for years. 2020 saw more government interventions aimed at localizing cloud services amid national security and privacy fears, plus controls over social media channels or steps to limit dependence on foreign, and allegedly untrustworthy, technology. COVID-19 has only exacerbated these tensions, with nervous nations increasingly accusing each other of cyber espionage and interference in their internal affairs. In 2021, nations are likely to exert increasing control over ‘their’ cyberspace ecosystems, despite little international consensus and the potential for many cyber-crime flashpoints.

To meet increasingly complex and extra-territorial privacy regulations and national-security requirements, global firms will be driven to localize how they process and handle data. In return, they will be increasingly vocal about the divergence of national approaches.

COVID-19 has demanded pragmatism on behalf of CISOs and CIOs in the battle to secure today’s rapidly evolving IT environments. Suddenly, the CISO has to worry about effectively managing thousands of home-working sites, myriad personal devices and an aggressive shift to the cloud. 2021 may well be the year in which the CISO role changes forever, from securing corporate IT boundaries to a broader view of enterprise security.

The timescale for many cloud-migration projects has collapsed from years to mere months in the race to meet fast-changing business needs. Hyperscale cloud providers are increasingly dominant and intently focused on security, making 2021 the year in which firms are forced to truly understand what security in the cloud really means. In areas such as retail, the shift in business models has been particularly abrupt, raising concerns about criminals targeting new vulnerabilities amid the wave of new or quickly scaled online retail platforms.

To succeed, security teams will need to:

• Reskill employees to reflect the split of responsibilities between enterprises and cloud-service providers
• Adapt to agile development methods and new digital channels
• Enact these innovations while cloud security skills attract a premium as the global job market competes for much-needed talent in 2021.

Security measures can be deemed a costly overhead despite substantial cyber threats inundating businesses everywhere today. Firms struggling through the pandemic are desperately looking to reduce costs and, unfortunately for many, that will even include cyber security.

2021 is likely to be a year for rationalization in many sectors, with firms questioning whether they genuinely need the security software and devices acquired over many years — and whether their investment in the cloud during COVID-19 can unlock a very different approach to security. Automation will also be on people’s minds, with self-service becoming the order of the day as businesses look to streamline processes, slash operating costs and embed security into operations.

COVID-19 has brought with it some hard lessons about resilience. Executives were forced to get involved in securing a new digital business model and have convinced themselves, given the experiences of 2020, that their firms are now resilient. Not so fast. Regulators will remind them that they are now dependent on technology in ways that they never conceived — and that not all shocks come with the slow inevitability of a spreading pandemic.

Amid the convergence of technology-related security concerns, the impact of today’s troubling environment on people cannot go unrecognized. Work patterns have quickly changed for many employees, while others have been placed on furlough or found themselves suddenly unemployed. Firms will understandably be cautious about rehiring and may choose to permanently reshape their workforce models.

At the same time, people have found new ways of working and perhaps have had the time and space to consider their future employment options. Employers are worried about employee loyalty in these volatile times, while employees are worried about the loyalty of their employers. As a result of today’s uniquely turbulent workforce conditions, concerns over insider threats and fraud are growing.

The best companies will reassuringly engage their teams and support them in securing their homes, families and workplaces in the radical new workforce environment – while others may drift into increasingly draconian corporate surveillance of a potentially disgruntled cadre.

The past year has shown our collective ability to adapt and has unleashed an inspiring community spirit which will hopefully continue into the future. The pandemic has been a time of unprecedented change, one that also sowed the seeds of a bold new reality that awaits. In this unfamiliar and fast-moving new world, trust will be more important than ever.