Top 3 IT security trends in 2021 and what you need to do now
We use the launch of Europe’s leading IT security trade show – it-sa, in 2021, as an opportunity to talk about the most important IT security trends in 2021. We not only discuss the most important IT security trends, but also derive the 3 areas of responsibilities that you should still be dealing with at the end of 2021.
Top 3: Awareness training for employees continues to be one of the cornerstones of IT security
Top 2: Zero trust and the IT infrastructure must go hand in hand
Top 1: Identity & Access Management for IT Security but also as Enabler
Top 3: Awareness training for employees continues to be one of the cornerstones of IT security
Awareness training is already part of the essentials of IT security and is also included in many certifications such as ISO27001. Awareness training is important because not only the traditional phishing is on the rise, but also social engineering attacks, especially via social media.
With the home office and New Work, work and personal lives are blurring, and attackers are taking advantage of the situation and target specifically the employees in the remote workplace.
New attack patterns are also used in the process. Attackers disguise dangerous websites behind abbreviated URLs and QR codes, which have become part of our day-to-day lives. This means that dangerous and incorrect URLs are not directly apparent. AI-powered attacks are also on the rise; voice-phishing bots can be used to imitate the voice of, for example, the board of directors and in this way influence the employee. There are also signs of a dangerous development with attempts of bribery and extortion; the extortion attempts in particular having a high risk. With the vast amount of data that is publicly available about private individuals, combined with innumerable data leaks, attackers can attempt to target specifically the individuals with the release of sensitive or ‘embarrassing’ data.
It is important to inform employees continuously and sustainably, especially those who are remote from IT, and to create awareness of these threats and attack vectors. Therefore, awareness training for colleagues is part of every IT security concept.
Top 2: Zero trust and the IT infrastructure must go hand in hand
The working environment has changed; many no longer sit in the supposedly safe office, but in the home office or in New Work while travelling and spread all over the world. This is causing a rethink of the entire IT infrastructure; many services and applications that were previously only available in the company network now have to be opened up ‘to the outside world’. This means that not only the work concepts are quickly faced with new challenges, but the IT security concepts of many companies quickly become (partially) ineffective. So far, many have concentrated on protecting the company network using firewalls and other appliances. With the opening to the outside world, however, the focus is shifting to protecting the actual application, as well as new concepts such as zero trust, and no longer just the corporate network.
Zero trust plainly describes that no device should be trusted by default, even if you are on or connected to a corporate network. In a highly distributed and diverse IT landscape, the traditional concept of trustworthy devices becomes obsolete. Rather, it is important to always check the trustworthiness of every device and every access.
The zero-trust approach represents a complete or at least partial paradigm shift that affects almost all components of the IT infrastructure. It is important to address this issue because zero trust cannot be introduced with a new service or appliance, it is a transformation process that must be taken into account for existing and new applications. So, by the end of 2021 you should at least have a look at your new applications and check for zero trust. 😉
Top 1: Identity & Access Management for IT Security but also as Enabler
With remote work and modern workplaces, the topic of authentication has become increasingly important. Particularly in the context of zero trust architectures, the combination of device identity and user authentication is becoming increasingly important as the fundamentals. In this context, modern cloud identity & access management comes into play, controlling access to all applications. It is important that following the zero-trust approach, cloud identity & access management provides fraud detection to identify suspicious behaviour and multi-factor authentication for strong user verification and access verification. These functions are particularly relevant with regard to the theft of digital identities, e.g., stealing access data through social engineering or through data leaks.
More and more companies are also relying on cyber insurance to protect the risk of cyber-attacks and data loss, at least financially. Most cyber insurances specify various requirements in the insurance contract, often there are requirements relating to Identity & Access Management, such as multi-factor authentication and more.
But Cloud Identity & Access Management is not just an area that is relevant to IT security. It is often the enabler for digitization. In the context of the organization, modern identity & access management enables remote work and the modern workplace and makes working with a single sign-on more convenient and secure at the same time. For external relationships, i.e., customers and partners, Cloud Identity & Access Management is the basis for digital collaboration – identification, authentication and authorization are the key to digitization with eShops, digital portals & services and more.
Whether it is in your cyber insurance policy or not, you should deal with Identity & Access Management for a modern and secure working environment for your colleagues and for the good cooperation of your customers and partners.
We hope you enjoyed our blog and got an overview of the current IT security trends as well as the most important topics you should deal with. The it-sa 2021 is the perfect start – we from cidaas as the leading European Cloud Identity & Access Management are also represented at the it-sa (Hall 7 – Booth 515) and look forward to your visit!