2020 was a year for the record books for many reasons. And the cybersecurity landscape was no exception. The pandemic-shaken year produced the highest rates of data lost in breaches and a volume of attacks on companies, governments, and individuals that we’ve never seen before. As we look ahead in 2021, it’s important that any of us promoting cybersecurity products and services take these learnings and apply them as a way to achieve the ultimate goal—a more secure world. With that in mind, we’ve summarized what we believe are the top industry insights and trends in today’s environment.
We couldn’t start our list anywhere other than the earth-rattling headline—SolarWinds. 2020 wasn’t responsible for an overnight phenomenon of third-party breaches. These attacks have existed for ages, but what made the SolarWinds software supply chain attacks so terrifying for the cybersecurity community was the far-reaching impacts and sophistication of the attack. Senator Jack Reed, D-RI, deemed this attack, “the greatest cyber intrusion in the history…perhaps of the world.” As such, every one of our cybersecurity clients took to their platforms to calm fears, give their perspective, and outline how they were protecting their customers and clients. The best practice here was not kicking FireEye when they were down (or ever, really). Yes, it is easy to point fingers and quickly follow up with a sales pitch of why your product or service is better. But at the end of the day, we are all human and vulnerable to malicious actors. From a marketing perspective, we saw an increase in demand for content related to best practices for vendor risk management and describing the types of systems that third parties needed to implement to do business as a supplier – both sides of the coin.
Overnight, the COVID-19 pandemic ushered in the era of remote work. To support business continuity, IT teams hustled to ensure that employees could work from anywhere and on any device outside of the corporate network. But in doing so, security fell by the wayside. An EY survey found that 45% of respondents said they adopted new technology for remote working while 60% abbreviated or skipped security review for doing so. As we move into 2021, organizations are shifting their focus back to securing technologies they use for remote working, including BYOD and non-VPN (virtual private network) connected devices, VPNs, and RDP (remote desktop protocol), while also continuing on with digital transformation initiatives. Some leading companies like our client, ExtraHop, have looked into the future to see what these converging trends will mean for IT and security teams, and are making recommendations such as formal DevSecOps to build in security so that it is not left as an afterthought in the future.
Over the past year, the total number of compromised records increased 141% compared to 2019, according to Risk Based Security’s 2020 year-end data breach report. About a third of these breaches incorporated some form of social engineering techniques, primarily phishing. So why are social engineering attacks popular? Because people are much easier to compromise than infrastructure. And as the cloud migration continues, people are becoming the new perimeter. To secure, it will take a combination of technology and security training, like that provided by our client, Cadre Information Technology. It’s interesting that the system integrators, MSSPs, and other channels are helping to bridge disparate tech to combat these types of threats.
2020 set the stage for data privacy regulations in the United States. California expanded on the privacy regulations in the California Consumer Privacy Act (CCPA) by enacting the California Consumer Privacy Rights Act (CPRA). Nevada and Maine signed data privacy laws, and at least 15 other state-level privacy laws were introduced. This year in 2021, Congress could also potentially pass comprehensive federal privacy legislation. To meet these growing privacy requirements, organizations should use a privacy framework like the NIST Privacy Framework or ISO/IEC 27701:2019. Add in the mandates around IoT and the pressure is on. Privacy frameworks create a foundation for a strong privacy program, offering structure and guidance for managing privacy risk. However, compliance is a looming task for most and often requires a specialized partner that knows the intricacies of the requirements. While highly-regulated verticals like financial services and healthcare may be accustomed to the rigorous process, even the well-versed can be duped into thinking that compliance equals security. Simply checking off boxes on a compliance mandate list will never offer the holistic protection organizations need in 2021.
As the cybersecurity industry continues to evolve by the minute, it is imperative to have a partner that helps you stay informed and prepare you for what’s next. This is where a cybersecurity marketing agency, rather than a general technology agency can prove to be indispensable. To get a taste of what it means to work with a team of marketers that really know the cybersecurity industry, download our guide, How to Get in Front of CISOs When In-Person is No Longer an Option.