Technology industry experts share their thoughts on what the coming year may look like.
There’s no doubt that 2020 presented many challenges for organizations across the globe. The shift to remote work drove the tech industry to respond to an increase in cyber attacks, heavier reliance on the cloud and the emergence of new technologies.
As 2020 rapidly nears its end and organizations continue to navigate the changes caused by the pandemic, we must also look ahead to 2021. Below, we spoke with industry experts to get their thoughts on what the coming year may look like.
Andy Skrei, VP, worldwide sales engineering, Exabeam
“Analysts will identify major gaps in their threat hunting tools and techniques and move to quickly modernize their security posture. Protecting businesses from security threats on an ongoing basis is essential, but many organizations have continued to use outdated threat hunting procedures that put them at greater risk. The key to steering toward a proactive security posture is to look at tactics, techniques, or procedures, also known as TTPs.
Instead of waiting for an incident to happen and setting off alerts or relying purely on IOCs, TTP monitoring looks for certain behaviors that are telltale signs of an impending attack. TTPs are all about attacker behavior, and the only way to move to a TTP based approach is to leverage analytic capabilities.
In 2021, we’ll see a steep rise in security analysts adopting this approach. By introducing analytics to the equation and pairing them with TTPs, security professionals will be able to filter out those everyday activities. Instead of monitoring for specific risks, analytics watch for changes in patterns, which can help prevent alert fatigue that comes from too many false positives. When a business is aware of the activities happening across its network, it’s better prepared to protect itself against security breaches.”
Annemie Vanoosterhout, release and project manager, Datadobi
“Ransomware will become more active and visible in 2021, creating the need for companies to protect their business-critical data. Organizations will need a data protection strategy that outsmarts sophisticated adversaries conducting ransomware attacks. The traditional two-folded system with a primary recovery source on-premise and a secondary system either on-premise or in the cloud will not be enough. If disaster strikes and both systems fail after an attack, an organization will suddenly face an existential risk and have to shut down business – which can cost thousands of dollars or more.
In order to create a disaster-proof business continuity plan, companies must know what data is business-critical and protect it in a “bunker” — either on-premises or in the cloud. This “golden copy” of data is a simple, cost-effective way of complimenting a traditional disaster recovery plan. The bunker is completely isolated from the primary and secondary storage systems which creates an air gap that inhibits ransomware or other human errors that could disrupt primary and secondary copies from affecting the third copy. The air-gap also shifts control from a large number of employees to a limited set of company administrators. Even the few selected to have access will also have to complete a number of steps before opening the bunker.
Being unable to access business-critical data can cripple businesses. Adding a golden copy of this data to complement traditional business continuity plans can give organizations the peace of mind while also protecting from the devastating effects of ransomware during the New Year and beyond.”
Bill Kalogeros, advisor, public sector, Tempered
“Attacks on electric grids, water supplies and other critical infrastructure systems will become a more frequent reality. Cybercriminals will only continue to ramp up their attacks in 2021, so it’s up to those in charge of critical infrastructure to ensure their systems are armed with the latest network security technology. Critical infrastructure systems, typically controlled by the public and industrial sectors, maintain and enable our society. If cybercriminals gained access to the networks that control a city’s stoplights, monitor its water supply and even keep the lights on for its citizens, it would invoke utter chaos. And incidents like NotPetya and Sandworm in recent years prove it’s not just a theoretical threat — it’s 100% possible. That’s why in 2021, all critical infrastructures must adopt Zero-Trust approach to security. With Zero Trust, only those who are given explicit permission can gain access to a network, and even then, they are only able to perform actions that have been approved.”
Steve Cochran, CTO, ConnectWise
“In 2021, we will continue to see heavy investment in and expansion of remote work tools like Zoom and Microsoft Teams. While these technologies will continue to evolve, bad actors will constantly try to take advantage of the remote situation. The software industry needs to respond from an application security standpoint. It will be more important than ever to maintain your team’s security training and awareness and factor in security from the beginning, as most security breaches come from within the application.
There will be many opportunities for growth for companies willing to take the time to understand their customers. For example, businesses around the world are reinforcing their remote work strategies and need a trusted advisor to strengthen their advanced security solutions and ensure that employee’s devices are protected. There is also a huge opportunity for the channel to educate SMBs about regulation, compliance and best practices.”
Flint Brenton, CEO, Centrify
“Ransomware incidents will triple — and data exfiltration will overtake encryption as the attackers’ end game. Since the beginning of 2020, research has shown U.S. ransomware attacks are rapidly increasing. In Q3 2020 alone, the daily average number of attacks essentially doubled in frequency. While ransomware variants also continue to evolve into more sophisticated threats, perhaps the most troubling datapoint is that the U.S. has become the most targeted country, with attacks jumping as much as 98% in the same timeframe.
These statistics illustrate a persistent onslaught of threat actors that could indicate 2021 will be our most challenging year yet in combating ransomware in the enterprise. What’s important to understand is that the attacks don’t just attempt to execute a lockout or encryption of data anymore, but are increasingly aimed at extraction or stealing data from organizations. While some cybercriminals may sell the data on the Dark Web, others may threaten to leak the data for a higher payout on the ransom. We predict that this will become hackers’ ransomware end game — though the risk of detection rises along with the potential payday. Granting ‘least privilege’ is essential in preventing unauthorized access to business-critical systems and sensitive data by both external actors and malicious insiders. Striving towards zero-standing privileges and only granting just-enough, just-in-time access to target systems and infrastructure can limit lateral movement that could lead to data exfiltration and additional damage.”
JG Heithcock, GM of Retrospect, a StorCentric company
“This year, organizations have been busy responding to the rapid shift to remote work and the cyber risks that were heightened as a result of bad actors using the pandemic as a catalyst to continue carrying out their crimes against organizations through phishing, malware distribution, false domain names, and other attacks on teleworking infrastructure. With a distributed workforce, organizations of all sizes and across industries have relied on email to maintain business continuity, especially in a world that was already trending towards a greater adoption of flexible remote working opportunities. Unfortunately, email attacks have risen and will likely continue to increase, making them prime targets for enacting cyber crime, especially if providing information about COVID-19 testing, resources and research.
While we continue to navigate the uncertainties of the pandemic in 2021, it is important to reiterate simple steps to avoid or minimize attacks on businesses: Identify suspicious senders, exercise caution before clicking on links or opening attachments, and instill a backup strategy that utilizes the 3-2-1 backup rule. A strong 3-2-1 backup plan includes having at least three copies of your data across multiple locations: the original, a first backup stored onsite and a second backup located offsite. Although the new year will certainly bring new risks, we have the tools to build a foundation that actively protects us from them.”
Amanda Regnerus, EVP, products and services, US Signal
“Cloud projects will become more diverse and creative. The sudden attraction to cloud computing stems from the shortcomings of enterprise IT infrastructures. With state-mandated lockdowns and closures, IT professionals are unable to maintain systems that need physical support. This creates a standstill in productivity and profitability. Due to this period of immense change, in 2021, we expect to see a transition in the way businesses use cloud computing. For example, cloud projects may begin to revolve around business-critical systems as opposed to solely being utilized for data consolidation and process integration. To adjust to changing markets, businesses of all sizes will use cloud-based analytics software to cope with changes in demand and supply chain disruption. To facilitate these diverse use cases, it will be crucial for businesses to work with a cloud service provider that has the necessary network connectivity and redundant architecture for maximum response and uptime, even at times of peak demand.”
Robert Van der Meulen, global product strategy lead, Leaseweb Global
“Expanding enterprises can start quickly if they design their infrastructure in a flexible way with hybrid cloud. With IT spending under scrutiny in the midst of the current economic climate, enterprises and SMBs alike are going to be eager to move out of the public cloud. Public cloud is satisfactory if you need a lot of scalability in the short term, but costs greatly increase for this flexibility. Companies are going to be more risk averse, cost effective and grow in dependence upon connectivity as the remote work trend increases in all industries. The drive for connectivity and bandwidth will lead enterprises to move to areas that have prioritized connectivity, such as China and other Asian-Pacific countries and certain parts of Europe.
Hybrid cloud will be a key tool for expanding enterprises and allows companies to procure flexible capacity and experience easy growth start-up when developing in a new region. Once revenue begins to come in they can work with infrastructure providers to move to more effective solutions such as colocation, bare metal servers or content delivery networks depending on the need. Infrastructure providers who specialize in hybrid solutions can evaluate your business needs and workloads to match the right type of technology to your requirements. With the right hybrid infrastructure in place, organizations can rest assured that their expansion will start off on the right foot.”
Charles Burger, Global Director of Assureon Solutions, Nexsan, a StorCentric Company
“Historically, data migration, data replication, and data synchronization have been complicated endeavors that result in creating obstacles, instead of delivering the strategic business value, IT benefits, and budgetary advantages for which they were intended. Consequently in 2021, data mobility will climb the priority list of virtually all data center professionals – especially, as they accelerate their integration of multiple cloud providers, alongside existing infrastructure. It will therefore be critical that they employ strategies and solutions that enable seamless movement of data across heterogeneous on-premises, remote, and cloud environments.”
Bob Davis, CMO, Plutora
“The further development of predictive analytics will shape the future for companies that adopt VSM. Over recent years, value stream management (VSM) platforms have improved the way organizations develop software, but what is going to really move to the forefront in 2021 is that VSM predictive analytics will shape organizations’ knowledge and foresight of what their customers need. The need for visibility into the software delivery process will enhance the ability to make informed decisions based on that insight and become a differentiator for companies that rely on software. As we go forward, companies will have to embrace VSM platforms if they want to become a software player. But it will be the improved visibility and utilization of predictive analytics that VSM provides that will enable companies to understand what technology and products matter most to their customers so they can move in that direction.
The importance of visibility also points to the vitality of gathering data. While many companies talk about visibility, they don’t discuss what it takes from a data perspective. Collecting data requires a common data model across the value stream. If you want visibility, the ability to fix things fast, and measurement of the value you’re delivering, it’s always about proving you know how to do it and convincing the powers that be to invest in that vision. VSM platforms will provide clear advantages for those who choose to use them through the power of data driven decisions.”