2021: Security market predictions

Ben Richardson, head of channel EMEA, Forcepoint

“2021 will be a year of consolidation for the cyber security channel, and there will be more merger and acquisition activity. For those who have suffered sleepless nights over concerns with cashflow, the next 12 months represent an appealing time to ‘find an out’ and sell up while they can. The market will evolve and offer easier choices for customers. This is ultimately what the industry needs, too, as the layering of product upon product actually makes the cyber security challenge far too complex. Customers will benefit hugely from reducing the number of vendors present in their IT infrastructure, and turning to converged platforms.

“We will also see channel partners take on deeper responsibility for their customers’ data. We are already starting to see some partners signing up to joint risk-sharing agreements with end-users. Why? Because customers need skilled, trained enterprise service providers to become part of an extended team, and take more responsibility for cyber security and data protection programmes.

“Data discovery and a deeper understanding of business risk will also be a challenge in 2021. Companies have been under immense pressure this year to combat their ‘data demons’, due to the intense demands of accelerated digital transformation wrought by the pandemic. While GDPR [General Data Protection Regulation] compliance ensured enterprises found and protected personally identifiable information, the pandemic has exposed different types of data – data valuable to the day-to-day running of a business. If enterprises can know where this data sits, who is touching it and how it travels through the business ecosystem – well, that’s gold dust.

“To get ahead of these data challenges, strength in numbers is critical – and this is where partners have a key role to play in supporting their customers through further bursts of similarly fast-paced change as hybrid working models become permanently ingrained in our society. By agreeing to share responsibility on data management and protection, partners become more accountable for their customers’ digital transformation journeys, inspiring greater mutual interest in hitting those all-important service-level agreements.”

Ryan Weeks, CISO, Datto

“Healthcare organisations need to remain on red alert in 2021. Given the Covid-19 pandemic, it’s no surprise that the healthcare industry has been a primary target for cyber criminals in 2020. Between highly desired intellectual property and the opportunity for major payouts, the incentive to exploit even the smallest of healthcare institutions, let alone larger networks, will remain a top priority for malicious actors in 2021. Specifically, ransomware will be the primary attack method because the consequences are higher for healthcare organisations that can’t risk downtime due to the critical services they provide for patients.

“We’ll see an increase in insider threats as employees continue to work from home. An insider threat is defined as current employees, contractors and visitors who have access to, and knowledge of, an organisation’s digital and physical systems as it pertains to security and information. There are two types of insider threats – malicious insiders who are, on their own accord, deliberately exploiting the systems within an organisation for monetary compensation, and then there are colluding insiders who are potentially being forced to, or paid to, share information or execute illegal acts. I believe that in 2021, we will see an increase in insider threats, specifically the colluding insider, because it is easier for employees to get away with suspicious activity.”

Neil Correa, cyber strategist, Micro Focus

“Resiliency will become the next mantra of security and risk management teams – being resilient when experiencing crisis situations and continuing to function even with reduced capacity, all while containing the situation, will be the new normal. ‘Assume breach’ has been the mantra of CISOs for a number of years. However, with the advancements in automation, machine learning and analytics, the ability to quickly detect, respond and recover from breaches will enable businesses to continue operating while under breach conditions.”

Marco Hogewoning, manager of public policy and internet governance, RIPE NCC 

“Next year, we expect regulatory proposals that change how IoT [internet of things] products are developed and marketed. A stronger emphasis on privacy, such as with the EU’s ePrivacy Regulation, will mean that more time and money has to be invested in securing products, not only at launch but throughout the expected lifetime of the product. If regulations are set to come into force, ‘sell it and then build it’ might no longer do.

“In the IoT space, we have seen cases of rapid prototyping where the first commercial users double as a testbed for further development. As regulatory discussions start to focus on minimum safety and security standards before a product can enter the market – such as certification – such an approach might no longer be feasible and those tests will need to be done before launching.”

Kelvin Murray, senior threat research analyst, Webroot

“In 2021, cyber attackers will increasingly target home routers, insecure IoT devices and VPN systems to infect corporate machines connected to that network. The goal of this tactic is to take advantage of low-security home setups, so admins and users need to factor these risks into account when securing the growing number of work-from-home environments.

“MSPs and channel partners need to adapt their businesses to respond to the evolving threats that remote work presents. Some MSPs, particularly those that were more sophisticated before the pandemic, will be better equipped to protect against these types of threat. However, others will have to adapt and change their services very rapidly to keep up with these ongoing challenges.

“The amount of disruption and cost to businesses and important services such as healthcare by ransomware groups has grown too big to escape addressing by world leaders. Expect some major discussion and statements about this threat by politicians in 2021.”

Stuart Taylor, channel director, Western Europe, Palo Alto Networks

“Consolidation of security tech will be a key opportunity for partners in 2021. The more technology vendors that a company has to deal with, the more complex it is to manage. There is a key opportunity for channel partners to help them take away much of that complexity – through consolidation.

“Channel partners can make the case for consolidation by highlighting the benefits of one integrated operating platform – this technology makes it easier to train staff on, operate and innovate. By helping businesses consolidate their security products, they have the chance to not only win a greater share of new business, but be seen as an important, valuable and trusted adviser, boosting their reputation, loyalty and sales. 

Demand for automation and machine learning will continue to grow, spurred on by the continued cyber security skills gap, an increasing number of cyber security threats to keep up with, and businesses looking to reduce costs. Also, as businesses undergo digital transformation, whether they migrate to the cloud, leverage next-generation SD-WAN capabilities or see a significant proliferation of IoT devices, there is far more to secure.

“There are many legacy cyber security products out there that are no longer fit for purpose. It is unclear how much longer extended remote working will prevail, but what is clear is that organisations operating in the channel have a key role to play in supporting businesses through the Covid era and beyond. Channel partners are in a primary position to advise on what technologies, solutions and services they need and what they need to protect against. They can also identify opportunities for business efficiency.

“Indeed, there are highly advanced, automated, next-generation cyber security solutions that enable businesses to not only protect against the latest and zero-day attacks, but also provide much improved user experience and operational cost reduction.”

Corey Nachreiner, CTO, WatchGuard Technologies

“Our Threat Lab team, along with other researchers around the world, have an increasing level of analytics and insight to make well-informed guesses about 2021. Cyber criminals always look for the weak links, so the growing ranks of home workers are an obvious target and when it comes to new technologies such as automation and AI. What can work for good can also be exploited for malicious activity. It’s just a case of trying to stay one step ahead.”

Adrian Rowley, senior director, sales engineering EMEA, Gigamon

“In 2021, working from home will still be the norm, so companies will still be looking to defend spread-out attack surfaces with numerous vulnerabilities. That being said, a recent trend that caught our attention is desktop as a service (DaaS) – whereby a physical device is virtually unnecessary, because everything a user needs is in the cloud. The buzz around DaaS is set to streamline security procedures – all assets are patched, users won’t be running old versions of tools, so shadow IT will no longer be a risk, while hardware and software updates won’t be troubling IT and security teams, reducing their workloads.

“Simultaneously, remote working will continue to present security challenges, particularly in the form of phishing attacks – 2020 showed us that this kind of threat never really goes away and cyber criminals will continue to leverage this tactic into 2021. Of course, being equipped with the right security solutions is crucial, but companies can’t rely solely on technology in the current climate. The user still has the potential to be the weak link, so employee training and education will be non-negotiable elements in winning security strategies in months to come.”