Remote work will catalyze a shift from the corporate perimeter concept to micro-office security certification. Outsourcing of IT and cybersecurity functions will be crucial to solve expertise shortages and save budgets.
To coordinate managed service providers along with using multiple cloud services, cloud security and management skills will become a “must-have”. These and other cybersecurity challenges and trends will be among those that businesses will have to manage this year, according to a new Kaspersky report.
A shift to remote work, financial constraints due to economic recession, and the growth of cyberthreats due to the global pandemic will affect the day-to-day role of cybersecurity professionals in 2021. Understanding the challenges but also perceiving opportunities in IT (information technology) and IT security management is key for companies to maintain their protection.
The recent Kaspersky report “Plugging the gaps: 2021 corporate IT security predictions” suggests tips for each role related to cybersecurity, including CEOs or business owners, CISOs (chief information security officers), SOC (security operations center) team leads, and IT managers.
Here are some of Kaspersky’s recommendations:
Protecting the perimeter is no longer enough. Home office assessment and certification will be needed. There should be tools to scan the level of security in a workplace — from the presence of software vulnerabilities to connecting to an unreliable or unprotected Wi-Fi hotspot. It will also require wider adoption of VPN, privileged access management, multifactor authentication systems, the implementation of stricter monitoring, and the updating of existing contingency and emergency plans.
Transition to a service model will enable required levels of IT and IT security with lower investments. According to Kaspersky’s survey, 7-in-10 (69%) businesses said they already plan to use a managed service provider (MSP) or managed security service provider (MSSP) in the next 12 months. Kaspersky said this is for good reason as the service model helps to minimize capital investments and transition business costs from CapEx to OpEx.
Training for internal IT security specialists should incorporate management skills. Cybersecurity professions split into very narrow specializations, meaning that hiring staff for each specific role may be too expensive. This is where outsourcing can help plug the gap. However, businesses that outsource key cybersecurity components still need to focus on developing management skills for their in-house teams to handle those outsourced functions.
There will be an increased reliance on cloud services, making dedicated management and protection measures necessary. The survey showed that in 2020, employees in 89% of enterprises and 92% of SMBs used non-corporate software and cloud services such as social networks, messengers, or other applications. According to Kaspersky, this is unlikely to change when staff return to the office.
To ensure that any corporate data is kept under control, better visibility over cloud access will be necessary. IT security managers will need to align themselves with this cloud paradigm and develop skills for cloud management and protection.
Along with the introduction of new cybersecurity practices, the quality of tools that enable these changes will be equally important. Quality of protection and seamless manageability are key when choosing cybersecurity solutions.
“We have seen two important changes in what customers expect from corporate cybersecurity offerings. Firstly, the quality of protection is no longer up for discussion — now it’s a ‘must-have’,” Alexander Moiseev, chief business officer at Kaspersky. “Another major trend is that deep integration between various components of corporate security, ideally from a single vendor, now plays a bigger role. For instance, there was a long-held belief in the industry that various specialized solutions from various vendors can help create the best combination for protection. Now, organizations are looking for a more unified approach with maximum integration between different security technologies.”