A shift to remote work, financial constraints due to economic recession and the growth of cyber threats due to the global pandemic will affect the day-to-day role of cybersecurity professionals in 2021. Understanding the challenges but also perceiving opportunities in IT and IT security management is key for companies to maintain their protection.
The recent Kaspersky report, “Plugging the gaps: 2021 corporate IT security predictions” suggests advice for each role related to cybersecurity, including CEOs or business owners, CISOs, SOC team leads and IT managers. Here are four of the main trends:
- Protecting the perimeter is no longer enough – home office assessment and certification will be needed. There should be tools to scan the level of security in a workplace – from the presence of software vulnerabilities to connecting to an unreliable or unprotected Wi-Fi hotspot. It will also require wider adoption of VPN, privileged access management, multifactor authentication systems, the implementation of stricter monitoring, and the updating of existing contingency and emergency plans.
- Transition to a service model will enable required levels of IT and IT security with lower investments. According to Kaspersky’s survey, seven-in-10 (72%) of businesses in the META region said they already plan to use a managed service provider (MSP) or managed security service provider (MSSP) in the next 12-months. This is for good reason as the service model helps to minimise capital investments and transition business costs from CapEx to OpEx.
- Training for internal IT security specialists should incorporate management skills. Cybersecurity professions split into very narrow specialisations, meaning that hiring staff for each specific role may be too expensive. This is where outsourcing can help plug the gap. However, businesses that outsource key cybersecurity components still need to focus on developing management skills for their in-house teams to handle those outsourced functions.
- There will be an increased reliance on cloud services, making dedicated management and protection measures necessary. The survey showed that in 2020, employees in 91% of enterprises and 95% of SMBs in the META region used non-corporate software and cloud services such as social networks, messengers or other applications. This is unlikely to change when staff return to the office. To ensure that any corporate data is kept under control, better visibility over cloud access will be necessary. IT security managers will need to align themselves with this cloud paradigm and develop skills for cloud management and protection.