2020 was a watershed year and a true test of our collective digital resilience. With the impact of COVID-19 likely to be felt for years to come, businesses are having to relook at their strategies to navigate the new normal in the longer term. With our increased dependence on technology, how successfully are businesses securing their digital future for 2021? Here are our predictions for the cybersecurity trends that will influence our digital futures in 2021...
Miss travel? Get prepared to share more personal data
Travel bubbles and green lanes will amplify the data privacy debate
- Despite the data privacy conversation circulating for several years – with wariness around the use of data by some big tech companies and GDPR compliance continuing to be a challenge for companies – it is contact tracing that has really made individuals sit up and take notice of data privacy.
- Rigorous contact tracing and timely access to accurate and complete data has proven to be a key factor in helping to “flatten the curve” in many East Asian countries that were quick to turn to such digital tools. With infection rates soaring again, however, research from Future Market Insights suggests that new contact tracing apps will launch at an annual rate of 15%, driven by recurring waves of infections in many countries.
- Aside from public sector initiatives led by health authorities, private sector initiatives are also being rolled out to support such efforts, with the most notable being the Apple–Google Exposure Notification system, which some countries have even started to utilise.
When will I see you again?
- The question on everyone’s mind is how soon will we be able to return to some semblance of normality, and the desire to travel is one of the most common sentiments felt across the region and around the globe.
- More countries are establishing travel bubbles and reciprocal green lanes in a bid to revive the travel and hospitality sector. In order for such arrangements to be efficient and safe for all travellers, however, personal data will need to be shared across borders with the right security controls and accompanied by transparent communication about how such data will be handled and stored.
- With this critical need to move data between government agencies and enterprises such as airlines, airports and hotels, the debate around how data is stored, accessed and used is not set to disappear in 2021, particularly as individuals are now far more conscious of their personal data being shared.
- This time, however, the sharing of medical data derived from rapid COVID-19 testing, combined with constant tracking and checking-in of all law-abiding citizens and not just individuals on government deny lists, will make travelers think twice about the information they share when leisure travel resumes.
The wait for 5G is over … for those who are ready
The private sector takes over from public as the latter leads the fight against COVID-19
- While 5G networks may have been introduced in a few markets already, the recent introduction of the iPhone 12 will see the mass adoption of 5G-enabled devices for the first time.
- This will undoubtedly encourage the acceleration of 5G network rollouts in more countries as telcos seek to deploy new services for consumers and governments tap digital opportunities for economic recovery in 2021. However, it will still be a while before we experience the reduced latency and exponential growth in speed that has been promised.
- Meanwhile, enterprise adoption of private 5G networks is accelerating in a big way. Deloitte predicts that a third of the 2020–2025 private 5G market, measured in dollars of spend, will come from ports, airports and similar logistics hubs, which are expected to be among the first movers.
- A recent survey by networking systems, services and software company Ciena found that 31% of respondents from organisations in Singapore, Indonesia, Philippines and Japan agreed the biggest impact of 5G lies in the enabling of digital transformation and the ability to power more digital applications.
Pitfalls to avoid in the rollout of 5G
- In JAPAC, governments are largely the drivers of 5G rollout. The Australian government, for example, has pledged to invest almost AU$30 million to trial 5G use across sectors such as agriculture, mining and logistics, while Bangkok hospitals are already using 5G to improve patient care and operational efficiency.
- However, with governments having their hands full tackling COVID-19 and economic recovery, the private sector is fixed to take over the race to 5G.
- This is something that more enterprises will have to pay attention to in 2021. The sheer number of nodes that need to be installed makes the deployment of such networks that much more challenging, dramatically increasing the potential surface area for cyberattacks.
- Private sector infrastructure owners cannot afford to deploy the same approaches to designing and rolling out 5G networks, less they fall victim to the same types of attacks as they did in 3G and 4G.
Working from home gets smarter and safer
Security will get pushed to the edge and simplified
- Companies everywhere scrambled to implement a variety of measures to facilitate remote working amidst the abrupt lockdowns and social distancing measures. In a matter of weeks, digital transformation moved from “tired buzzword” to an “adapt to survive” necessity.
- From unstable VPN connections to physical fobs and digital keys, a significant number of these solutions rely on legacy technologies and were never designed for numerous, simultaneous connections. Many of these were also only ever meant to serve as short-term fixes or were too complex for employees with limited understanding of the cybersecurity implications.
- If 2020 has taught enterprises anything, it’s that remote working on a company-wide scale is possible. With people at the centre of everything, 2021 now offers an opportunity for businesses to chart a new way forward and ask how they can deliver work to their people.
The value of cloud computing becomes … less cloudy
- With the increased adoption of cloud tools, we could see a reduction in the need for pricier devices with more computing power as virtualised desktops become an increasingly popular solution.
- Businesses could instead provide employees with simpler, connected devices that enable employees to access the programmes and resources they need online, delivering the work to them directly – and in turn, protecting the company’s crown jewels.
- This radical redesign of the way employees connect does away with the cybersecurity complications associated with BYOD – or, as it has become the norm, bring your own computer (BYOC) policies – while enforcing the segmentation of networks more efficiently and effectively.
- Security will then need to be delivered via the edge, which will see solutions such as secure access service edge (SASE) being the new cybersecurity norm, thanks to its flexibility, simplicity and the visibility it offers.
The year of getting the house back in order
Blue-sky thinking will go out the window as IT teams go back to basics
- This wider move to the cloud beyond light-touch functions, such as email, will see more work being virtualised and force many companies to review the security of their existing cloud environments.
- While network security controls remain an important component of cloud security, an additional layer of identity and access management (IAM) governance is now needed as organisations continue to scale their cloud presence.
- This year, Palo Alto Networks Unit 42 researchers observed that a single IAM misconfiguration could allow attackers to compromise an entire, massively scaled cloud environment and bypass just about every security control.
- Overall, our findings indicate that these identity misconfigurations are prevalent across numerous cloud accounts and represent a significant security risk to organisations, with the potential to impact entire environments, with thousands of workloads, in less than one week.
Unraveling the misconfigurations
- With the pandemic steering IT teams away from blue-sky thinking towards more nuts and bolts issues, 2021 will see more businesses shifting their IT focus inward to look at getting the fundamentals right and refocusing on things that are truly important, even finding ways to do the same thing for less.
- Doing so will likely see existing cybersecurity teams and roles being redesigned to align with an overall emphasis on getting the house in order and building a more resilient cloud environment.
- In 2019, Bain & Company and Facebook estimated that 310 million people in Southeast Asia would be shopping online by 2025. This milestone is set to be achieved by the end of 2020, due to COVID-19. The pace at which enterprises – and entire industries – are moving applications and data to the cloud, notwithstanding the complexity of the hybrid multi-cloud environment, a significant proportion of this work will have to be automated.
- Security now needs to work at the speed of the cloud, and any organisation that is slow to recognise this in 2021 will only see vulnerabilities multiply exponentially.