PHOTO
Cisco has released its predictions for what 2021 will hold for the privacy and cybersecurity landscapes.
As companies look to transition to a new normal in 2021, the pandemic has put Chief Information Security Officers (CISOs) front and center of their organisations’ path forward. Business continuity, collaboration business and digitalisation plans that may or may not have included remote work have been put to the test. What was a reaction to a situation has now become part of longer-term planning. And with adversaries seeking to capitalize on cyber threats exacerbated by the pandemic, online security finds itself at the heart of business.
“CISOs continue to face a number of challenges – some are new, others have been around for quite some time,” says Fady Younes, cybersecurity director, Middle East & Africa, Cisco. “Navigating the remote work environment has been challenging and companies are embracing more collaboration and digital solutions to adapt. All this will bring major challenges around visibility into what goes on in the IT environment”
The time for passwordless
The password – it's both the cornerstone and the Achilles’ heel of security. Passwords are a pain for users to remember, rotate, and maintain, with an average person having 191 passwords. Passwords are also easily compromised, as 81% of breaches involve stolen or weak credentials, according to the Verizon Data Breach Investigation Report. Furthermore, passwords have hidden costs. Organizations spend millions of dollars and help desk hours a year on password resets, so the cost isn’t simply from breach.
Platforms, industry groups, and service providers have begun to coalesce around a foundation for a passwordless future. Technology has evolved which has made biometrics almost ubiquitous in both consumer and enterprise, and companies have begun to explore what a world without passwords will look like in terms of users and data security.
Collaboration, not control
In many organisations, the traditional approach to security has been to issue instructions and policies. The past months, however, have accelerated a major culture shift. There is a different model emerging, where security professionals work with their business colleagues in a cooperative and collaborative way. As companies move to establish agile and smart workplace, security teams need to ensure that whatever security controls they implement must be easy to use.
On the one hand, control costs money for organizations, on the other hand users are taking more and more control themselves. Consequently, CISOs are increasingly asking questions such as: What do we absolutely need to control? What can we rely on users to take care of? What can we enforce and what do we need to enforce?
Secure Remote Work Accelerated
Working remotely has been possible for decades. However, its prevalence has skyrocketed in even the most technologically conservative of organizations.
During the pandemic, Duo Security at Cisco, a user-centric multi-factor authentication and secure access provider, saw user authentications per month jump from 600M to 800M, largely due to the shift in remote work, and it has remained at elevated levels ever since.
As shown by Cisco’s Workforce of the Future survey, remote work is here to stay, as a form of hybrid working models.
“A significant trend we saw come into play amongst CISO’s during the lockdown was getting the basics and core fundamentals right,” Fady says. “CISOs were implementing fundamental security controls such as multifactor authentication, DNS and VPN security. As we move forward and new team collaboration emerges, CISO’s are taking stock of their learnings to form a strategic view on how their organisations need to be secured in future. This amplifies the need for collaboration technology so that users can also play an instrumental role in security on the frontline.”
Artificial Intelligence, Machine Learning & zero trust security
In traditional security approaches, trust is based solely on the network location the access request originates from, while in a zero trust approach, trust is more dynamic and adaptive. It's a network security model, established for every access request, no matter where it comes from and secures access across apps and networks, and only allows the right users and devices to get access.
More authentication factors, adding encryption, and marking known and trusted devices, make it harder for attackers to collect what they need (user credentials, network access, and the ability to move laterally).
Purpose-built User and Entity Behaviour Analytics (UEBA) is one example how AI & ML can be used to help enable zero trust security. It places the analytics around specific activities rather than the generalized approach taken today.
© Press Release 2020
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
