Organization, profile picture
Uploaded byOrganization
53 views

Cyber Security Trends - Where the Industry Is Heading in an Uncertainty

The document discusses cyber security trends for 2021. Key points include: - Cyber threats increased during the pandemic as remote work became standard. Hackers targeted vulnerabilities from limited remote security and careless employees. - Companies need to implement data access plans to restrict what information employees can access and send. - Threats like phishing, RDP attacks, weak passwords, and DDoS attacks expanded in scope and became more dangerous. - Addressing the global cyber skills gap and developing cyber security professionals with both technical and leadership skills is a priority.

Embed presentation

Download to read offline
Cyber Security Trends Where the Industry Is Heading in an Uncertain 2021
Introduction Cyber Security in the Covid Era Covid and Data Access Build a Data Access Plan Scope of Threat Vectors Is Changing Addressing the Cyber Skills Gap Keeping the Cloud Secure AI and Machine Learning Come into Focus The Importance of Privacy Conclusion: Focus on Competencies and Planning TABLE OF CONTENTS 01 02 03 04 05 07 08 09 10 11
1 | www.simplilearn.com INTRODUCTION The year 2020 has been a trial for most organizations, especially in the cyber security field. In spite of a slowdown, companies realize the continued importance of data and systems protection, and executives are keenly aware of the role it will play in the future. In PWC’s Global Digital Trust Insights 2021 Survey of over 3,000 business and technology executives, it is clear that security leaders are working closer than ever with business teams to strengthen resilience in organizations, helping them to not only detect threats, but recover from attacks and ensure business continuity. The survey reports that: 55% are increasing cyber security budgets 51% are growing headcount 50% say cyber security and privacy will be baked into every business decision 72% say they can strengthen cyber security posturewhile at the same time containing costs
2 | www.simplilearn.com CYBER SECURITY IN THE COVID ERA We have all been dealt a tough hand during the Covid-19 pandemic. Cybercrime was already on the rise, but hackers and cybercriminals have taken advantage of the fear and uncertainty the pandemic brought with it, and they are targeting businesses and consumers with a vengeance. For instance, there was a 238 percent rise in cyberattacks on financial institutions and a 600 percent increase in attacks on cloud servers from January to April of 2020. According to Interpol, two-thirds of EU member countries saw a significant increase in malicious domains registered with the keywords “Covid” or “Corona” in an attempt to exploit people searching legitimately for important information about the disease online. Ransomware has also risen against companies that serve the public in responding to the pandemic.
3 | www.simplilearn.com COVID AND DATA ACCESS Covid-19 has had a dramatic impact on how employees go about their day to day, and that has increasingly been from working at home. The unfortunate side effect is that employees are prone to be careless working remotely, or companies simply have not built the right security protocol, systems, and policies to keep data safe. According to a recent data security report, the top five security vulnerabilities identified by IT security managers included: Limited remote work security (45%) Limited network security (37%) Careless employees (29%) Unauthorized apps (28%) Limited mobile device security (27%) Data access is a key concern here. Allowing employees to have full access to systems and data increases the likelihood that data will be compromised in some way. According to the report, just over half (50.7 percent) of companies that reported a data breach in the last year allowed full access to all company data. Compare that to the 12.6 percent of companies that strictly limited the amount of data access for employees. That means that companies that allow full access are four times more likely to suffer a data breach.
4 | www.simplilearn.com BUILD A DATA ACCESS PLAN Given the statistics, it pays for companies to implement an action plan that helps manage and restrict access to sensitive data and systems. Access management software is a great way to control who accesses what type of information, and email security products can similarly monitor and limit what information an employee can send out, based on company policies and the employee’s credentials. Other simple policies can be implemented as well, such as improving security of Windows folders or directories or limiting access to shared Google Drives and Google Docs. Every step a company takes to restrict data access – as well as expanding home and mobile work-from-home device security – will help improve their overall security posture and reduce the risk of attacks and data breaches. To meet these goals, cyber security leaders will need to build their competencies. One of the most important upskilling opportunities will continue to be the Certified Information Systems Security Professional (CISSP), long considered to be the gold standard in the field of information security. Senior cyber security professionals pursuing the CISSP degree are trained in eight distinct domains to protect their IT infrastructure, including security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security. 4 | www.simplilearn.com
5 | www.simplilearn.com SCOPE OF THREAT VECTORS IS CHANGING Many of the cyber threats that we’ve been dealing with for years haven’t changed in nature, but they have changed in scope. And in the Covid era where data and systems access from remote locations is the standard, companies and employees must always be on their toes. The Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) Security Operations Center (SOC) has reported an increase in specific types of attacks that center around healthy “cyber hygiene,” which necessitates added vigilance from employees. Among the common threats that have gotten even more dangerous in recent months. Phishing – one of the biggest phishing threat vectors is email. Employees often drop their guard when looking at seemingly urgent emails that may in fact be social engineering-based phishing attacks. They must exercise caution, looking for telltale signs of phishing such as misspellings and suspicious requests and links. And their vigilance should expand when keying in user credentials for websites, social media, texts, or downloading attachments. Remote Desktop Protocol (RDP) Attacks – Remote access is also contributing to an increase in RDP threats that attempt to access desktops through a specific network port, which can then be used to access a full network. Ransomware is common in these types of attacks. Companies must harden their VPN access to mitigate the risk.
6 | www.simplilearn.com Password Risks – Multi-factor authentication is becoming more frequently used today, given the amount of remote user access to online documents, data, apps, and networks. Static passwords should similarly be carefully used and protected. Distributed Denial of Service (DDoS) Attacks – DDoS attacks create system downtime that can destroy trust in your IT systems. And larger remote workforces can even act unintentionally as a DDoS when they all access a system at the same time. Companies should take the step to disable unused services for a time and discourage high- bandwidth activities like watching video. 6 | www.simplilearn.com
7 | www.simplilearn.com ADDRESSING THE CYBER SKILLS GAP According to the ISC2 Cybersecurity Workforce Study, there is a global shortage of qualified cyber security professionals worldwide. The gap between supply and demand was reported to be four million roles, 500,000 of which are needed in the US. It is clear that solving this skills gap is becoming a strategic priority for organizations around the world. One way to help alleviate the skills conundrum, according to Gartner’s Top 10 Security Projects of 2020-2021, is for companies to conduct workforce competencies assessments in order to get the right people installed in the right roles with the proper skill sets. While there are rarely perfect candidates for any given security role, the key is to identify five or six “must-have” competencies needed for cyber security projects. A focus is also increasingly put on developing cyber security professionals that combine hard technical skills with leadership expertise. There are many ways to assess skills competencies, including using cyber simulations and controlled virtual environments called cyber ranging. A cyber range is a virtual cyber environment where the nastiest tactics used by hackers and cybercriminals are presented for cyber students to respond to. These student white hat hackers are trained and tested in how to repel these attacks in a realistic environment. They continue to practice in the cyber range until their skills are honed. The practice is becoming commonplace for cyber security students in university programs, and is used to also prepare government or military cyber teams to perfect their skills and protect critical infrastructure. And you don’t have to go to a cyber range to learn how hackers ply their trade. Cyber security personnel are encouraged to train to be Certified Ethical Hackers (CEH). Ethical hackers become experts at testing infrastructure vulnerabilities by using the same techniques that malicious hackers do, but in a legal, legitimate manner. The results of a CEH professional’s testing can then be used to proactively enhance the strength of an organization’s defensive cyber security posture. Ethical hackers learn to investigate vulnerabilities in target systems, assess security status of network systems, and master the latest hacking tools, malware codes, and other tactics that hackers use every day.
8 | www.simplilearn.com KEEPING THE CLOUD SECURE ECloud-based networks and infrastructure were already a booming field, but the pandemic has accelerated cloud and software as a service (SaaS) adoption significantly as a means of enabling remote work and work from home activities. A recent Toolbox CISO Trends report cites a growth in the overall cloud computing market of 37 percent in 2020, and 35 percent of companies plan to increase workload migration to the cloud, driven by the pandemic. Cloud security is top of mind for most CISOs this year. It’s true that many cloud applications have some type of native security functionality to protect and give visibility to data at rest, cloud hosting, and storage, according to the CISO report. But as IT security teams try to assemble security strategies for multiple disjointed cloud applications, they will increasingly become vulnerable to malware, data leakage, and other threats. Organizations will need to double down on their cloud security efforts and create systems that are not only centralized (rather than one-off policies for each cloud instance) but also are tailored to enable people to work from home without risking company assets.
9 | www.simplilearn.com AI AND MACHINE LEARNING COME INTO FOCUS AI and machine learning technologies are moving front and center in the battle against cyber threats. Particularly in organizations that do not have an adequate staffing of cyber security professionals, machine learning algorithms can analyze various types of threat data at lightning speeds (handling tens of millions of requests at a time) to deliver actionable solutions faster. And it can do it on its own without human intervention or additional programming. Cyber AI has proven to be a powerful tool in the cyber security environment. Following are a few key areas where AI provides a considerable security advantage: AI can accelerate the time it takes to evaluate the “breach-worthiness” of a vulnerability by 73 percent, and AI can speed up breach detection, response, and remediation – far faster than a human security analyst. AI can quickly review user behavior, identify patterns, and locate anomalies in a security network, as well as sorting through massive amounts of security data and automating routine tasks. AI systems can detect new security incidents and reduce false alarms, using intelligence and speed to analyze potential problems faster and more accurately. That allows cyber teams to focus their efforts on the smaller set of tangible threats. AI empowers better biometric authentication such as face ID-unlocking capabilities to prevent security breaches (as we’ve all seen on our mobile phones).
10 | www.simplilearn.com THE IMPORTANCE OF PRIVACY As companies transition into 2021, the issue of privacy and data protection is growing in importance. According to Forrester, a few trends are emerging: There is a growing appetite to collect, process, and share sensitive personal data from consumers and employees Consumers are more apt to engage with companies with whom they can entrust their data, and they increasingly prefer to work with ethical businesses Data privacy complications (especially in the Covid era) are impacting how companies can meet regulatory compliance The changing environment that includes uncertainty of Covid and other global socio- economic events means that organizations will need to rethink business models to accommodate evolving customer expectations. Upskilling will also play a critical role in keeping cyber teams prepared for the privacy and security challenges of 2021. Two key certifications that are highly relevant today are CISM and CISA. The Certified Information Security Manager (CISM) is an important cert for those who manage, design, oversee, and assess enterprise information security. CISM certified individuals must demonstrate a deep understanding of the relationship between information security programs and broader business goals and objectives, so it is considered a strategic certification for people who can lead cyber security teams. And the Certified Information Systems Auditor (CISA) certification is vital for governance and auditing IT environments in particular. CISA-trained professionals can identify and assess vulnerabilities, perform security audits, and report on compliance and institutional controls.
11 | www.simplilearn.com CONCLUSION: FOCUS ON COMPETENCIES AND PLANNING As we look into an uncertain 2021, one thing remains clear — cyber threats will not only remain but will grow in scope. Organizations will need to remain vigilant with regard to remote work policies, data access, and upskilling, and they’ll need to rely on the tried and true technologies like AI and cloud security. The challenges are there, but so are the opportunities.
USA Simplilearn Americas, Inc. 201 Spear Street, Suite 1100, San Francisco, CA 94105 United States Phone No: +1-844-532-7688 www.simplilearn.com INDIA Simplilearn Solutions Pvt Ltd. # 53/1 C, Manoj Arcade, 24th Main, Harlkunte 2nd Sector, HSR Layout Bangalore - 560102 Call us at: 1800-212-7688

More Related Content

PPTX
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
byPreetiDevidas
 
PDF
White Paper Example - Brafton for NIP Group.pdf
byBrafton
 
PDF
Cyber security investments 2021
byManagement Events
 
PDF
1. security 20 20 - ebook-vol2
byAdela Cocic
 
DOCX
8Network Security April 2020FEATUREAre your IT staf.docx
bymeghanivkwserie
 
DOCX
8Network Security April 2020FEATUREAre your IT staf.docx
bypriestmanmable
 
PDF
idg_secops-solutions
byJonny Nässlander
 
PDF
The top cybersecurity challenges post-lockdow
byDharmendra Rama
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
byPreetiDevidas
 
White Paper Example - Brafton for NIP Group.pdf
byBrafton
 
Cyber security investments 2021
byManagement Events
 
1. security 20 20 - ebook-vol2
byAdela Cocic
 
8Network Security April 2020FEATUREAre your IT staf.docx
bymeghanivkwserie
 
8Network Security April 2020FEATUREAre your IT staf.docx
bypriestmanmable
 
idg_secops-solutions
byJonny Nässlander
 
The top cybersecurity challenges post-lockdow
byDharmendra Rama
 

Similar to Cyber Security Trends - Where the Industry Is Heading in an Uncertainty

PDF
5 network-security-threats
byReadWrite
 
PDF
1. introduction to cyber security
byAnimesh Roy
 
PDF
E magazine march issue 2021
byVARINDIA
 
PDF
40 under 40 in Cybersecurity year 2022.pdf
byDr. Ludmila Morozova-Buss
 
PDF
Top 10 Cyber Security Threats and How to Prevent Them
byChinmayee Behera
 
PDF
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
byTopCyberNewsMAGAZINE
 
PDF
Presentation 10 (1).pdf
byKARANSINGHD
 
PDF
40 under 40 in cybersecurity. top cyber news magazine
byBradford Sims
 
PDF
Cybersecurity During the COVID Era
byCitrin Cooperman
 
PDF
Covid 19, How A Pandemic Situation Shapes Cyber Threats
byArun Kannoth
 
PPTX
Presentation - Cybersecurity Essentials.pptx
byAllanCustodio5
 
PDF
Cybersecurity-Protecting-Our-Digital-World (1).pdf
byJitendraGupta187
 
PPTX
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
PDF
Raise The Cybersecurity Curtain. Predictions 2021
byDr. Ludmila Morozova-Buss
 
PPTX
Insider Threat in the Age of Covidd.pptx
byteodordavitkov
 
PDF
Five Network Security Threats And How To Protect Your Business Wp101112
byErik Ginalick
 
PDF
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
byRakeshPatel583282
 
PDF
Volume2 chapter1 security
byat MicroFocus Italy ❖✔
 
PDF
5 main trends in cyber security for 2020
byAgnieszka Guźniczak-Beim
 
PDF
Post covid 19 era new age of cyber security
byIgnitec Inc
 
5 network-security-threats
byReadWrite
 
1. introduction to cyber security
byAnimesh Roy
 
E magazine march issue 2021
byVARINDIA
 
40 under 40 in Cybersecurity year 2022.pdf
byDr. Ludmila Morozova-Buss
 
Top 10 Cyber Security Threats and How to Prevent Them
byChinmayee Behera
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
byTopCyberNewsMAGAZINE
 
Presentation 10 (1).pdf
byKARANSINGHD
 
40 under 40 in cybersecurity. top cyber news magazine
byBradford Sims
 
Cybersecurity During the COVID Era
byCitrin Cooperman
 
Covid 19, How A Pandemic Situation Shapes Cyber Threats
byArun Kannoth
 
Presentation - Cybersecurity Essentials.pptx
byAllanCustodio5
 
Cybersecurity-Protecting-Our-Digital-World (1).pdf
byJitendraGupta187
 
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
Raise The Cybersecurity Curtain. Predictions 2021
byDr. Ludmila Morozova-Buss
 
Insider Threat in the Age of Covidd.pptx
byteodordavitkov
 
Five Network Security Threats And How To Protect Your Business Wp101112
byErik Ginalick
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
byRakeshPatel583282
 
Volume2 chapter1 security
byat MicroFocus Italy ❖✔
 
5 main trends in cyber security for 2020
byAgnieszka Guźniczak-Beim
 
Post covid 19 era new age of cyber security
byIgnitec Inc
 

Recently uploaded

PPTX
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
PDF
Basics of Systematic Literature Search - Nasra Gathoni
bySystematic Reviews Network (SRN)
 
PPTX
Role of the Uninstall Hook in Odoo 18 Module Cleanup
byCeline George
 
PPTX
Campfens "The Data Qualify Challenge: Publishers, institutions, and funders r...
byNational Information Standards Organization (NISO)
 
PDF
Nutrients & Role in Horticulture.pdf, Dr. Sharad Bisen Horticulture
bybisensharad
 
PPTX
What is the Post load hook in Odoo 18
byCeline George
 
PPTX
Cost of Capital - Cost of Equity, Cost of debenture, Cost of Preference share...
bySundar B N
 
PPTX
CROP RESIDUE MANAGEMANT AND ITS EFFECT ON SOIL HEALTH
byShraddha Maurya
 
DOCX
TOXICITY AND ITS MANAGEMENT 6th sem unit 5, PHARMACOLOGY-III B. PHARMACY
byjagdeepsinghynr7
 
PPTX
Unit I — General Physiology: Basic Concepts
byRAKESH SAJJAN
 
PDF
Prescription Writing- Elements, Parts, and Exercises
byDr. Ishita Agarwal
 
PPTX
MACSYMA introduction,working,application
bymanahilraees49
 
PDF
Types of Vegetable Gardens, College of Agriculture Balaghat.pdf
bybisensharad
 
PDF
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PDF
Blue / Green: Troop Leading Procedure (TLP) Overview.pdf
byBlue / Green Training
 
PDF
Orchard Floor Managment.pdf Orchard Floor Management
bybisensharad
 
PPTX
SOCIAL SYSTEM.......................pptx
byAneetaSharma15
 
PPTX
Vitamins and mineral deficiency , signs and symptoms associated with exercise
byvirupa chandrika reddy
 
PPTX
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
PDF
Principles and Practices of GST 2.0 Study material
bySri Ramakrishna College of Arts and science
 
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
Basics of Systematic Literature Search - Nasra Gathoni
bySystematic Reviews Network (SRN)
 
Role of the Uninstall Hook in Odoo 18 Module Cleanup
byCeline George
 
Campfens "The Data Qualify Challenge: Publishers, institutions, and funders r...
byNational Information Standards Organization (NISO)
 
Nutrients & Role in Horticulture.pdf, Dr. Sharad Bisen Horticulture
bybisensharad
 
What is the Post load hook in Odoo 18
byCeline George
 
Cost of Capital - Cost of Equity, Cost of debenture, Cost of Preference share...
bySundar B N
 
CROP RESIDUE MANAGEMANT AND ITS EFFECT ON SOIL HEALTH
byShraddha Maurya
 
TOXICITY AND ITS MANAGEMENT 6th sem unit 5, PHARMACOLOGY-III B. PHARMACY
byjagdeepsinghynr7
 
Unit I — General Physiology: Basic Concepts
byRAKESH SAJJAN
 
Prescription Writing- Elements, Parts, and Exercises
byDr. Ishita Agarwal
 
MACSYMA introduction,working,application
bymanahilraees49
 
Types of Vegetable Gardens, College of Agriculture Balaghat.pdf
bybisensharad
 
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
Blue / Green: Troop Leading Procedure (TLP) Overview.pdf
byBlue / Green Training
 
Orchard Floor Managment.pdf Orchard Floor Management
bybisensharad
 
SOCIAL SYSTEM.......................pptx
byAneetaSharma15
 
Vitamins and mineral deficiency , signs and symptoms associated with exercise
byvirupa chandrika reddy
 
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
Principles and Practices of GST 2.0 Study material
bySri Ramakrishna College of Arts and science
 

Cyber Security Trends - Where the Industry Is Heading in an Uncertainty

  • 1.
    Cyber Security Trends Where theIndustry Is Heading in an Uncertain 2021
  • 2.
    Introduction Cyber Security inthe Covid Era Covid and Data Access Build a Data Access Plan Scope of Threat Vectors Is Changing Addressing the Cyber Skills Gap Keeping the Cloud Secure AI and Machine Learning Come into Focus The Importance of Privacy Conclusion: Focus on Competencies and Planning TABLE OF CONTENTS 01 02 03 04 05 07 08 09 10 11
  • 3.
    1 | www.simplilearn.com INTRODUCTION Theyear 2020 has been a trial for most organizations, especially in the cyber security field. In spite of a slowdown, companies realize the continued importance of data and systems protection, and executives are keenly aware of the role it will play in the future. In PWC’s Global Digital Trust Insights 2021 Survey of over 3,000 business and technology executives, it is clear that security leaders are working closer than ever with business teams to strengthen resilience in organizations, helping them to not only detect threats, but recover from attacks and ensure business continuity. The survey reports that: 55% are increasing cyber security budgets 51% are growing headcount 50% say cyber security and privacy will be baked into every business decision 72% say they can strengthen cyber security posturewhile at the same time containing costs
  • 4.
    2 | www.simplilearn.com CYBERSECURITY IN THE COVID ERA We have all been dealt a tough hand during the Covid-19 pandemic. Cybercrime was already on the rise, but hackers and cybercriminals have taken advantage of the fear and uncertainty the pandemic brought with it, and they are targeting businesses and consumers with a vengeance. For instance, there was a 238 percent rise in cyberattacks on financial institutions and a 600 percent increase in attacks on cloud servers from January to April of 2020. According to Interpol, two-thirds of EU member countries saw a significant increase in malicious domains registered with the keywords “Covid” or “Corona” in an attempt to exploit people searching legitimately for important information about the disease online. Ransomware has also risen against companies that serve the public in responding to the pandemic.
  • 5.
    3 | www.simplilearn.com COVIDAND DATA ACCESS Covid-19 has had a dramatic impact on how employees go about their day to day, and that has increasingly been from working at home. The unfortunate side effect is that employees are prone to be careless working remotely, or companies simply have not built the right security protocol, systems, and policies to keep data safe. According to a recent data security report, the top five security vulnerabilities identified by IT security managers included: Limited remote work security (45%) Limited network security (37%) Careless employees (29%) Unauthorized apps (28%) Limited mobile device security (27%) Data access is a key concern here. Allowing employees to have full access to systems and data increases the likelihood that data will be compromised in some way. According to the report, just over half (50.7 percent) of companies that reported a data breach in the last year allowed full access to all company data. Compare that to the 12.6 percent of companies that strictly limited the amount of data access for employees. That means that companies that allow full access are four times more likely to suffer a data breach.
  • 6.
    4 | www.simplilearn.com BUILDA DATA ACCESS PLAN Given the statistics, it pays for companies to implement an action plan that helps manage and restrict access to sensitive data and systems. Access management software is a great way to control who accesses what type of information, and email security products can similarly monitor and limit what information an employee can send out, based on company policies and the employee’s credentials. Other simple policies can be implemented as well, such as improving security of Windows folders or directories or limiting access to shared Google Drives and Google Docs. Every step a company takes to restrict data access – as well as expanding home and mobile work-from-home device security – will help improve their overall security posture and reduce the risk of attacks and data breaches. To meet these goals, cyber security leaders will need to build their competencies. One of the most important upskilling opportunities will continue to be the Certified Information Systems Security Professional (CISSP), long considered to be the gold standard in the field of information security. Senior cyber security professionals pursuing the CISSP degree are trained in eight distinct domains to protect their IT infrastructure, including security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security. 4 | www.simplilearn.com
  • 7.
    5 | www.simplilearn.com SCOPEOF THREAT VECTORS IS CHANGING Many of the cyber threats that we’ve been dealing with for years haven’t changed in nature, but they have changed in scope. And in the Covid era where data and systems access from remote locations is the standard, companies and employees must always be on their toes. The Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) Security Operations Center (SOC) has reported an increase in specific types of attacks that center around healthy “cyber hygiene,” which necessitates added vigilance from employees. Among the common threats that have gotten even more dangerous in recent months. Phishing – one of the biggest phishing threat vectors is email. Employees often drop their guard when looking at seemingly urgent emails that may in fact be social engineering-based phishing attacks. They must exercise caution, looking for telltale signs of phishing such as misspellings and suspicious requests and links. And their vigilance should expand when keying in user credentials for websites, social media, texts, or downloading attachments. Remote Desktop Protocol (RDP) Attacks – Remote access is also contributing to an increase in RDP threats that attempt to access desktops through a specific network port, which can then be used to access a full network. Ransomware is common in these types of attacks. Companies must harden their VPN access to mitigate the risk.
  • 8.
    6 | www.simplilearn.com PasswordRisks – Multi-factor authentication is becoming more frequently used today, given the amount of remote user access to online documents, data, apps, and networks. Static passwords should similarly be carefully used and protected. Distributed Denial of Service (DDoS) Attacks – DDoS attacks create system downtime that can destroy trust in your IT systems. And larger remote workforces can even act unintentionally as a DDoS when they all access a system at the same time. Companies should take the step to disable unused services for a time and discourage high- bandwidth activities like watching video. 6 | www.simplilearn.com
  • 9.
    7 | www.simplilearn.com ADDRESSINGTHE CYBER SKILLS GAP According to the ISC2 Cybersecurity Workforce Study, there is a global shortage of qualified cyber security professionals worldwide. The gap between supply and demand was reported to be four million roles, 500,000 of which are needed in the US. It is clear that solving this skills gap is becoming a strategic priority for organizations around the world. One way to help alleviate the skills conundrum, according to Gartner’s Top 10 Security Projects of 2020-2021, is for companies to conduct workforce competencies assessments in order to get the right people installed in the right roles with the proper skill sets. While there are rarely perfect candidates for any given security role, the key is to identify five or six “must-have” competencies needed for cyber security projects. A focus is also increasingly put on developing cyber security professionals that combine hard technical skills with leadership expertise. There are many ways to assess skills competencies, including using cyber simulations and controlled virtual environments called cyber ranging. A cyber range is a virtual cyber environment where the nastiest tactics used by hackers and cybercriminals are presented for cyber students to respond to. These student white hat hackers are trained and tested in how to repel these attacks in a realistic environment. They continue to practice in the cyber range until their skills are honed. The practice is becoming commonplace for cyber security students in university programs, and is used to also prepare government or military cyber teams to perfect their skills and protect critical infrastructure. And you don’t have to go to a cyber range to learn how hackers ply their trade. Cyber security personnel are encouraged to train to be Certified Ethical Hackers (CEH). Ethical hackers become experts at testing infrastructure vulnerabilities by using the same techniques that malicious hackers do, but in a legal, legitimate manner. The results of a CEH professional’s testing can then be used to proactively enhance the strength of an organization’s defensive cyber security posture. Ethical hackers learn to investigate vulnerabilities in target systems, assess security status of network systems, and master the latest hacking tools, malware codes, and other tactics that hackers use every day.
  • 10.
    8 | www.simplilearn.com KEEPINGTHE CLOUD SECURE ECloud-based networks and infrastructure were already a booming field, but the pandemic has accelerated cloud and software as a service (SaaS) adoption significantly as a means of enabling remote work and work from home activities. A recent Toolbox CISO Trends report cites a growth in the overall cloud computing market of 37 percent in 2020, and 35 percent of companies plan to increase workload migration to the cloud, driven by the pandemic. Cloud security is top of mind for most CISOs this year. It’s true that many cloud applications have some type of native security functionality to protect and give visibility to data at rest, cloud hosting, and storage, according to the CISO report. But as IT security teams try to assemble security strategies for multiple disjointed cloud applications, they will increasingly become vulnerable to malware, data leakage, and other threats. Organizations will need to double down on their cloud security efforts and create systems that are not only centralized (rather than one-off policies for each cloud instance) but also are tailored to enable people to work from home without risking company assets.
  • 11.
    9 | www.simplilearn.com AIAND MACHINE LEARNING COME INTO FOCUS AI and machine learning technologies are moving front and center in the battle against cyber threats. Particularly in organizations that do not have an adequate staffing of cyber security professionals, machine learning algorithms can analyze various types of threat data at lightning speeds (handling tens of millions of requests at a time) to deliver actionable solutions faster. And it can do it on its own without human intervention or additional programming. Cyber AI has proven to be a powerful tool in the cyber security environment. Following are a few key areas where AI provides a considerable security advantage: AI can accelerate the time it takes to evaluate the “breach-worthiness” of a vulnerability by 73 percent, and AI can speed up breach detection, response, and remediation – far faster than a human security analyst. AI can quickly review user behavior, identify patterns, and locate anomalies in a security network, as well as sorting through massive amounts of security data and automating routine tasks. AI systems can detect new security incidents and reduce false alarms, using intelligence and speed to analyze potential problems faster and more accurately. That allows cyber teams to focus their efforts on the smaller set of tangible threats. AI empowers better biometric authentication such as face ID-unlocking capabilities to prevent security breaches (as we’ve all seen on our mobile phones).
  • 12.
    10 | www.simplilearn.com THEIMPORTANCE OF PRIVACY As companies transition into 2021, the issue of privacy and data protection is growing in importance. According to Forrester, a few trends are emerging: There is a growing appetite to collect, process, and share sensitive personal data from consumers and employees Consumers are more apt to engage with companies with whom they can entrust their data, and they increasingly prefer to work with ethical businesses Data privacy complications (especially in the Covid era) are impacting how companies can meet regulatory compliance The changing environment that includes uncertainty of Covid and other global socio- economic events means that organizations will need to rethink business models to accommodate evolving customer expectations. Upskilling will also play a critical role in keeping cyber teams prepared for the privacy and security challenges of 2021. Two key certifications that are highly relevant today are CISM and CISA. The Certified Information Security Manager (CISM) is an important cert for those who manage, design, oversee, and assess enterprise information security. CISM certified individuals must demonstrate a deep understanding of the relationship between information security programs and broader business goals and objectives, so it is considered a strategic certification for people who can lead cyber security teams. And the Certified Information Systems Auditor (CISA) certification is vital for governance and auditing IT environments in particular. CISA-trained professionals can identify and assess vulnerabilities, perform security audits, and report on compliance and institutional controls.
  • 13.
    11 | www.simplilearn.com CONCLUSION:FOCUS ON COMPETENCIES AND PLANNING As we look into an uncertain 2021, one thing remains clear — cyber threats will not only remain but will grow in scope. Organizations will need to remain vigilant with regard to remote work policies, data access, and upskilling, and they’ll need to rely on the tried and true technologies like AI and cloud security. The challenges are there, but so are the opportunities.
  • 14.
    USA Simplilearn Americas, Inc. 201Spear Street, Suite 1100, San Francisco, CA 94105 United States Phone No: +1-844-532-7688 www.simplilearn.com INDIA Simplilearn Solutions Pvt Ltd. # 53/1 C, Manoj Arcade, 24th Main, Harlkunte 2nd Sector, HSR Layout Bangalore - 560102 Call us at: 1800-212-7688