Dubai, United Arab Emirates, 30 November 2020 – Cisco has released its predictions for what 2021 will hold for the privacy and cybersecurity landscapes.
As companies look to transition to a new normal in 2021, the pandemic has put Chief Information Security Officers (CISOs) front and center of their organizations’ path forward. Business continuity, collaboration and digitalisation plans that may or may not have included remote work have been put to the test. What was a reaction to a situation has now become part of longer-term planning. And with adversaries seeking to capitalize on cyber threats exacerbated by the pandemic, online security finds itself at the heart of business.
“CISOs continue to face a number of challenges,” says Fady Younes, cybersecurity director, Middle East & Africa, Cisco. “Navigating the remote work environment has been challenging and companies are embracing more collaboration and digital solutions to adapt. All this will bring visibility into what goes on in the IT environment.”
The time for passwordless
The password – the cornerstone and the Achilles’ heel of security. Passwords are troublesome to remember, rotate, and maintain, with an average person having 191 passwords. Passwords are also easily compromised, as 81% of breaches involve stolen credentials, according to the Verizon Data Breach Investigation Report. Furthermore, organisations spend millions of dollars and help desk hours a year on password resets.
Platforms, industry groups, and service providers have begun to coalesce around a foundation for a passwordless future. Technology has evolved which has made biometrics almost ubiquitous in both consumer and enterprise, and companies have begun to explore what a world without passwords will look like for users and data security.
Collaboration, not control
In many organizations, the traditional approach to security has been to issue instructions and policies. The past months, however, have accelerated a major culture shift. There is a different model emerging, where security professionals work with their business colleagues in a collaborative way. As companies move to establish smart workplaces, security teams need to ensure that whatever security controls they implement must be easy to use.
On the one hand, control costs money for organizations, on the other hand users are taking more and more control themselves. Consequently, CISOs are increasingly asking questions such as: What do we absolutely need to control? What can we rely on users to take care of? What can we enforce and what do we need to enforce?
Secure Remote Work Accelerated
Working remotely has been possible for decades. However, its prevalence has skyrocketed in even the most technologically conservative of organizations.
During the pandemic, Duo Security at Cisco, a user-centric multi-factor authentication and secure access provider, saw user authentications per month jump from 600M to 800M, largely due to the shift in remote work, and it has remained at elevated levels ever since.
As shown by Cisco’s Workforce of the Future survey, remote work is here to stay, as a form of hybrid working models.
Artificial Intelligence, Machine Learning & zero trust security
In traditional security approaches, trust is based solely on the network location the access request originates from, while in a zero trust approach, trust is more dynamic and adaptive. It’s a network security model, established for every access request, no matter where it comes from and secures access across apps and networks, and only allows the right users and devices to get access.
More authentication factors, adding encryption, and marking known and trusted devices, make it harder for attackers to collect what they need (user credentials, network access, and the ability to move laterally).
Purpose-built User and Entity Behaviour Analytics is one example how AI & ML can be used to help enable zero trust security. It places the analytics around specific activities rather than the generalized approach taken today.