What Will Be the Main Trends in Cybersecurity for the Year 2021?

In 2021, network traffic analysis will remain an essential tool for identifying internal threats or vulnerabilities. In this context, it will be essential to succeed in containing and isolating attacks, due to the expansion and opening of the network perimeter (IoT, teleworking, etc.). Next year, new threats will arise from the growth of IoT equipment or the deployment of 5G. Artificial intelligence (AI) and machine learning, used by cybercriminals to perfect their attacks, will always represent a vector of risk.

Extreme Networks, a specialist in cloud networks, shares the main trends that will define the cybersecurity landscape in 2021 while emphasizing the network security that helps orchestrate and support the overall security strategy of enterprises. Based on various market studies and reports, Extreme Networks formulates the 10 behaviors to adopt in terms of security in 2021:

1. Identify vulnerabilities. Security risks are different for each industry. The type of cyberattacks a hospital faces is not the same as a school or a bank. The network's perimeter continues to expand; infrastructure and services migrate to the cloud; the number of IoT devices is increasing, and the use of artificial intelligence is growing more and more. It is therefore essential to assess the risks, which is essential to define the level of exposure of each organization and to determine the security objectives, by identifying both business areas and critical IT environments. Many companies may even consider hiring an outside expert to perform penetration testing.
2. Focus on insider threats. The 'Zero Trust' strategy. More than 30% of security breaches originate within organizations, which is why more and more of them are adopting a 'zero trust' approach. The latter is based on the assumption that threats (intentional and unintentional) come both from inside and outside the network so that no user or computer can be trusted. Firewalls alone are not enough and the cloud has redefined the boundaries of networks, so much so that 94% of malware arrives via email. Zero Trust security is a security model that requires verification of the identity of every person and device that attempts to access the resources of a private network, whether
3. Invest in network data analysis. 61% of network managers are aware that it is impossible to track all devices connected to the network and that they do not have the visibility necessary to know what, how, and with whom these devices can communicate. To solve this problem, the analysis of information on networks has evolved from a descriptive approach of the state of the network to a predictive and normative approach, that is, capable of providing the information necessary to act. proactively.
4. Control the users and devices that connect to the network. The binary "in or out" approach will be increasingly outdated and replaced by the implementation of granular policies based on user, device type, location, time of day, type. connections, etc., designed specifically for each company's characteristics and consistent across the network, wired and wireless.
5. Contain and isolate cyber attackers. One of the most overlooked aspects of security strategy is segmentation and isolation of networks. According to Gartner, only 1% of companies had a segmentation strategy in 2019, while a 30% increase is expected by 2023. Network segmentation reduces the success of attacks by 25%. It is found to be critical in IoT environments, as it allows access to be controlled and the monitoring of equipment and users entering and exiting each segment.
6. Take into account the growing importance of data protection. Companies have invested nearly 9 billion euros to adapt their data protection policies to the GDPR. Keeping governance under control is essential to ensure compliance and avoid fines such as the $ 57 billion paid by Google in 2019. Achieving this will require automating network configuration and compliance reporting procedures, and avoid manual audits and errors that may result from these operations.
7. Guard against the risks associated with the growth of IoT and 5G. The number of IoT devices worldwide reached 20 billion in 2020, which has significantly increased the exposure area of ​​the perimeter of all networks. According to Gartner, it only takes 3 minutes to hack an IoT device, but it takes up to 6 months to discover the flaw. The arrival of 5G will further exacerbate the problem, as it will encourage the use of this equipment in places outside the company. It will require the implementation of policies that restrict traffic to and from IoT devices unless it is destined for an authorized host and uses an authorized protocol/application, as well as network segmentation, which guarantees the 'isolation of these devices by type,
8. Beware of misused artificial intelligence and machine learning: IDC says by 2024, artificial intelligence will be an integral part of all business activities, and at least 90% of business applications will use it. But it should be noted that cybercriminals also use this artificial intelligence and machine learning technologies (e.g. for malware modeling, in order to avoid sandboxing or spearphishing, which are precisely AI-based) to conduct more sophisticated attacks that are more difficult to contain.
9. Implement a multi-layered security strategy. The massive migration of IT systems to the cloud also increases the security risks: applications for unauthorized access, loss of data in the cloud, encryption, backup in the cloud, etc. The security strategy you adopt for the cloud cannot be different from on-premise security. A multi-layered approach is therefore essential to ensure data protection compliance and ensure business continuity and disaster recovery.
10. Master the architecture of the interoperability/security solution. Although spending on IT security increases every year, security breaches still occur. To strengthen the overall security of the organization, the entire security ecosystem must be orchestrated and interact, with multiple layers of network security, anti-virus, and firewalls, which are integrated to provide intelligence and automated threat detection, analysis, and mitigation capabilities.

Network security concerns will continue to worsen, as connectivity, mobility and the use of the cloud continue to expand. The security challenges that have plagued large companies in recent years are clear evidence that the methods of cyber attackers are changing. Businesses need to thoroughly review their security. Because, in fine, being the victim of a cyber attack is worse than being a victim and knowing that certain preventive measures could have been taken to prevent it or to limit the damage.

Provide the best protection against cybersecurity by installing total security.