For the majority of organizations, 2020 turned cyber security into one of priority areas. Tough time, induced by the pandemic, showed that there are no corporations immune to cyber attacks. Even the largest and supposedly safe companies suffered from security vulnerability of their “pre-COVID” systems and tried to implement, as soon as possible, solutions for team communication and joint work, which allowed them to stay efficient during the first months of the changed situation.
In 2021, security weaknesses may result in equally serious consequences but the majority of companies already know what to get ready for and can effectively handle risks. That is the conclusion drawn by Dmitry Gladchenko, Deputy Information Security Officer of Lenta LLC, one of the key speakers of ITSF-2021 digital forum. Here is the information from ITSF Club 2021 plenary session about cyber security trends taken into consideration by the main experts responsible for Information Security in one of the largest hypermarket chains.
Cyber security trends
- Remote working, cyber literacy. The majority of companies gradually get used to remote or hybrid work. Some of them say that they are ready to move some departments to remote work for good. In the first instance, it is the evidence of the fact that the problem of low cyber literacy of employees is being solved. No doubt, this is a 2021 trend.
- Cyber security costs will grow. It is highly likely that the market will change as quickly as many Russian and foreign researchers supposed at the end of last year: costs associated with cyber crime may amount to 6 trillion US dollars all over the world and about 7 trillion rubles in Russia. More than 50% of domestic companies have already declared that they will increase the budget for Information Security, and 42% plan to enlarge their cyber security departments.
- Risk appetite. Companies began to build their cyber security policy based not on commonly known assumptions but on their own business risks and cyber risks. First, this is connected with the leap in cyber competence of many businesses (the now competent companies were bound to “learn” in 2020), and, second, with permanently growing Information Security costs which can be minimized only if one knows what solutions are proper in each individual case. Risk appetite approach enables a company to correctly manage the budget and estimate efficiency of investments in cyber security.
- Personnel crisis in cyber security. Findings of USA cyber security market research as of 2020 confirmed catastrophic lack of personnel: at the average, there are 50% more job vacancies than job seekers. The Russian sector will face this lack soon, too, though in 2020 in Russia two candidates applied for each vacancy. However, not all Russian companies have as yet reached the stage of digital transformation characterized by acute need of information security departments’ enlargement. Chances are high that this trend will become actual in the next year or two.
- New round of cyber transformation. In 2021 industry leaders began to move towards own software solutions. It is common knowledge that leaders of retail and banking sectors develop their own software, anticipating future regulatory risks. The importance of such solutions primarily lies in their commitment to business challenges and risks of the specific company where the solution is being developed. In particular, this will help mitigate part of cyber risks at the source code level thus providing much more control over information telecommunication system and cyber security. But unfortunately this way is not available for everyone, and many companies can get secure architecture only using external venders’ solutions.
- Security as a Service. Management and support of an Information Security System can be outsourced to an out-of-house team of cyber security specialists (Security as a Service). At present, it is not the most common service, but the future lack of personnel should be taken into consideration, and then this service will be the optimal solution.
- Cyber threats of 2021. In the Russian cyber security sector phishing attacks and attacks on remote employees’ personal devices predominate. Ransomeware, malicious software for mobile devices and insider leaking are also detected. Otherwise speaking, the tendency of cyber threats still remains.
Hype trends in cyber security which will soon be over and forgotten
At the end of May, Gartner named 10 main 2021 trends in cyber security, cyber insurance among them. According to Lenta experts, this trend will not be in demand. Cyber insurance premiums consistently trend upward. Companies not having a more or less stable Information Security Management System (ISMS) will have to pay huge premiums, which in most cases significantly exceed the budget for Information Security services. Besides, the premiums look “scary” in consideration of the fact that damages on the results of an insured event investigation will be indemnified only partially (!), and it will take additional resources to restore processes and infrastructure. As for companies where proper attention is paid to cyber security, in our opinion, it is more profitable to invest in ISMS development than to pay annual insurance premiums.
Long-term trends in information security that should be taken into account when shaping the strategy
As many new threats, technologies and business models appeared in 2021, the following trends definitely look promising:
- Enhanced threat detection and reaction;
- Secure Access Service Edge;
- DoS protection processes for supply chains.
