As we look forward to 2021, protecting your organization from threats and cyberattacks has never been more important. After a year filled with uncertainty and difficulty for many, securing your most mission-critical applications may not seem like a top priority, but is absolutely vital to the success and security of your business. In 2021, we expect to see a number of challenges in cybersecurity—here are our top predictions from the Onapsis executives.
Cisos Will Battle Infosec Budget Fatigue With Threat Intelligence Data
While security teams have previously been immune to spending cuts, CISOs will be under enormous pressure in 2021 to provide threat intelligence data to justify security expenditure. As budgets remain tight across organizations, CISOs will have to make a strong case using evidence to highlight security inadequacies to get the budgets they’ve historically had discretionary spending over, and CFOs will maintain control.
“Grey IT” Will Threaten Cisos Job Security Unless They Map Their SaaS Landscape
SaaS apps are often managed by HR teams, but who is checking to ensure their security? This challenge has been brought on “Grey IT”—apps the company is standardly aware of, but aren’t governing securely. In 2021, CISOs will focus on protecting their job security by taking control of protecting these applications.
Have you checked out Jason’s video series yet? Watch Frugé-ology here now!
Heightened Digital Transformation Initiatives Will Reshape the Enterprise Application Threat Landscape
Earlier this year, many organizations rushed into major cloud transformations in order to prepare for a fully remote taskforce. While this massive cloud migration allowed employees to connect easily to mission-critical applications, it also increased exposure dramatically. Phishing attacks and active exploitations are on the rise, and this trend will continue to increase well into the next year and beyond. This year, organizations need to invest heavily in application-specific security, and if they fail to in time, they may be impacted by attacks and data breaches.
Course-Correct Pandemic-Driven Rushed Decisions
While organizations fast-tracked digital transformation and cloud migrations to provide remote capabilities, these plans were frequently started without a proper threat landscape analysis. These rushed decisions must be revisited and reviewed in 2021 in order to secure the digital footprint of your organization by taking a step back and asking, “did we do this correctly?” and “is everything managed properly?”
CISOs Must Do More With Less in 2021
In 2021, CISOs will face tight budgets and immense pressure from leadership. While the pandemic has brought cybersecurity issues to light and made them the focus for many organizations, CISOs will still have to protect their assets with fewer resources than before with higher expectations. CISOs will be forced to fill the gap with technology and vendors, and stretch fewer tools even further. Multifunctional platforms that solve multiple security needs and have cross-team functionality will be key to success.
ERP Systems Are a Driving Factor in Supply Chain Risk
After a year of unpredictability, CISOs will need to prioritize third-party risk and realize that ERP systems and mission-critical applications are vital to supply chain disruption. If something happens to these systems, it can impact the entire infrastructure, and CISOs will be forced to prioritize the security of these mission-critical applications in 2021.
No More Excuses: The Time for Application Security Plans Is Now
With the shift to remote work this past year, cyberattacks, breaches and vulnerabilities rose dramatically and targeted more applications than ever before. The 2020 Verizon Data Breach Investigations Report (DBIR) reported that 43% of data breaches are tied to web application vulnerabilities—doubling from year over year. As a result, application security will become the primary focus of security priorities in 2021. CISOs will need to have explicit control over each application, along with how they all interact.
Risk Assessments Will Expand to Cover Super Users, Misconfigurations and Custom Code
Today’s audit professionals have been performing IT general control audits the same way for 30 years, however, these processes overlook risks created through our increasingly remote workforce. These processes are outdated and obsolete. Companies that fail to expand their assessments to dig deeper into factors like super users, misconfigurations and custom code will be left with dangerous vulnerability gaps.
Boards Will Require Cybersecurity Scrutiny During Financial Audits in 2021
In recent years, cybersecurity’s relationship with financial statements revolved around phishing and other fraudulent activities where hackers attempted to steal funds that disrupted a company’s bottom line. With breaches on the rise, however, experts are starting to notice auditors aren’t doing enough to consider the risk created by these attacks. In 2021, board members, senior leaders and audit teams will start to integrate cybersecurity into how they view compliance for SOX and privacy-related mandates like GDPR and CCPA. This will lead to authoritative boards issuing guidance initiatives that take a closer look at cybersecurity as it relates to financial statements and internal control audits.