Though the end of the pandemic is not yet certain, now that vaccines are being rolled out across the globe, businesses are stepping-up their planning for what post-COVID recovery may look like. The need for remote work has accelerated the adoption of digital technologies in almost every sector and while this has largely been beneficial in keeping people connected and keeping some businesses running that may not have otherwise been able to do so, there are also challenges ahead. It’s already clear that maintaining trust in institutions, in businesses and in technology will be crucial to global recovery.
Rapid and prolific adoption of new technologies and connected ways of working has brought with it a lack of credible public education around them. The spread of misinformation over social media, user concerns about the privacy implications of tracing apps, emergence of online conspiracies around next-gen technologies such as 5G, and public discussions around the national security of our technology supply chains are just a few examples of where lack of clear information and understanding about recent market developments has left people feeling vulnerable to technologies whose implications they don’t confidently grasp.
At the same time, organized crime has exploited the pandemic with a renewed focus on scams, blackmail, phishing attacks, hacking and holding sensitive information to higher ransoms than ever before. Public awareness of the threat from cybercriminals is on the rise and this adds to a general unease and feelings of insecurity. In turn the scrutiny with which institutions are being assessed for signs of weakness or inconsistency has increased. No-one likes to feel at risk of exploitation, and people are looking for reassurance that their information is being protected responsibly and used in accordance with the law. They are looking for credible leadership and institutions they can trust, and it’s likely that this sentiment will continue to be a dominant theme throughout 2021.
Organized cybercrime groups are finding ransomware all too lucrative to ignore as the pandemic undermines global economic stability. There are three ongoing threats that businesses everywhere will need to anticipate and prepare for in 2021:
The rise in ransom demands, which have soared from six-figure sums into millions of dollars.
The dramatic rise in the cost of remediation amid the proliferation of remote working arrangements, with criminals increasingly targeting the infrastructures that support today’s distributed workforce.
Double extortion, in which criminal groups have begun blackmailing firms with the threat of auctioning or publicizing stolen data.
Firms typically find themselves torn between the reputational risk of ‘financing’ organized crime by complying with demands and fulfilling their fiduciary duty to protect shareholder interests. More often than not, unfortunately, businesses are ‘paying up’ in order to maintain operations and avoid potentially catastrophic results.
Insurers may find themselves carrying a growing burden of claims, review premiums and worry over potential exposure to future large-scale ransomware attacks. In response, it’s likely that governments will take action through regulatory sanctions against organized-crime groups, with insurers brokering a middle ground between firms whose survival is on the line and the legal consequences of sanctions violations.
A positive outcome would be a highly productive heightening of collaboration between governments, law enforcement and technology firms, as they ‘circle the wagons’ to devise active defense programs and more big takedowns aimed at crippling the criminal underworld’s formidable infrastructure.
Tensions arising over the diversity of ideological views concerning governance of cyberspace have been evident among nations for years. 2020 saw more government interventions aimed at localizing cloud services amid national security and privacy fears, plus controls over social media channels or steps to limit dependence on foreign, and allegedly untrustworthy, technology. COVID-19 has only exacerbated these tensions, with nervous nations increasingly accusing each other of cyber espionage and interference in their internal affairs. In 2021, nations are likely to exert increasing control over ‘their’ cyberspace ecosystems, despite little international consensus and the potential for many cyber-crime flashpoints.
To meet increasingly complex and extra-territorial privacy regulations and national-security requirements, global firms will be driven to localize how they process and handle data. In return, they will be increasingly vocal about the divergence of national approaches.
COVID-19 has demanded pragmatism on behalf of CISOs and CIOs in the battle to secure today’s rapidly evolving IT environments. Suddenly, the CISO has to worry about effectively managing thousands of home-working sites, myriad personal devices and an aggressive shift to the cloud. 2021 may well be the year in which the CISO role changes forever, from securing corporate IT boundaries to a broader view of enterprise security.
The timescale for many cloud-migration projects has collapsed from years to mere months in the race to meet fast-changing business needs. Hyperscale cloud providers are increasingly dominant and intently focused on security, making 2021 the year in which firms are forced to truly understand what security in the cloud really means. In areas such as retail, the shift in business models has been particularly abrupt, raising concerns about criminals targeting new vulnerabilities amid the wave of new or quickly scaled online retail platforms.
To succeed, security teams will need to:
Security measures can be deemed a costly overhead despite substantial cyber threats inundating businesses everywhere today. Firms struggling through the pandemic are desperately looking to reduce costs and, unfortunately for many, that will even include cyber security.
2021 is likely to be a year for rationalization in many sectors, with firms questioning whether they genuinely need the security software and devices acquired over many years — and whether their investment in the cloud during COVID-19 can unlock a very different approach to security. Automation will also be on people’s minds, with self-service becoming the order of the day as businesses look to streamline processes, slash operating costs and embed security into operations.
COVID-19 has brought with it some hard lessons about resilience. Executives were forced to get involved in securing a new digital business model and have convinced themselves, given the experiences of 2020, that their firms are now resilient. Not so fast. Regulators will remind them that they are now dependent on technology in ways that they never conceived — and that not all shocks come with the slow inevitability of a spreading pandemic.
Amid the convergence of technology-related security concerns, the impact of today’s troubling environment on people cannot go unrecognized. Work patterns have quickly changed for many employees, while others have been placed on furlough or found themselves suddenly unemployed. Firms will understandably be cautious about rehiring and may choose to permanently reshape their workforce models.
At the same time, people have found new ways of working and perhaps have had the time and space to consider their future employment options. Employers are worried about employee loyalty in these volatile times, while employees are worried about the loyalty of their employers. As a result of today’s uniquely turbulent workforce conditions, concerns over insider threats and fraud are growing.
The best companies will reassuringly engage their teams and support them in securing their homes, families and workplaces in the radical new workforce environment – while others may drift into increasingly draconian corporate surveillance of a potentially disgruntled cadre.
The past year has shown our collective ability to adapt and has unleashed an inspiring community spirit which will hopefully continue into the future. The pandemic has been a time of unprecedented change, one that also sowed the seeds of a bold new reality that awaits. In this unfamiliar and fast-moving new world, trust will be more important than ever.