Skip to main content
Core Security Logo Core Security Logo
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Cyber Threat

      Products

      • Core Impact Penetration testing software
      • Cobalt Strike Red team software
      • Outflank Security Tooling (OST) Evasive attack simulation
      • Event Manager Security information and event management
      • Powertech Antivirus Server-level virus protection
      • Product Bundles

      Solutions

      • Penetration Testing
      • Penetration Testing Services
      • Offensive Security
      • Threat Detection
      • Security Information and Event Management
    • Penetration Testing Services Security consulting services
  • Identity

      Products

      • Access Assurance Suite User provisioning and governance
      • Core Password & Secure Reset Self-service password management
      • Core Privileged Access Manager (BoKS) Privileged access management (PAM)

      Solutions

      • Privileged Access Management
      • Identity Governance & Administration
      • Password Management
    • See How to Simplify Access in Your Organization | Request a Demo
  • Industries
    • Healthcare
    • Financial Services
    • Federal Government
    • Retail
    • Utilities & Energy
    • Higher Education
    • Compliance
  • Resources
    • Upcoming Webinars & Events
    • Blogs
    • Case Studies
    • Videos
    • Datasheets
    • Guides
    • Ecourses
    • Compliance
    • All Resources
  • CoreLabs
    • Advisories
    • Exploits
    • Publications
    • Articles
    • Open Source Tools
  • About
    • Partners
    • Careers
    • Press Releases
    • Contact Us
  1. Home
  2. Blog
  3. The New Normal in Cybersecurity: Examining the Top Three 2021 Trends

The New Normal in Cybersecurity: Examining the Top Three 2021 Trends

Part 1 of 2

The past year has shown organizations that uncertainty and a transformed reality are the new normal in business. While remote work was intended as a temporary response to the global pandemic, it is now considered a regular part of the business environment—fundamentally altering the way companies operate. This means organizations have had to respond in real-time to shift their cybersecurity strategies and keep up with an expanding IT infrastructure, the explosion of IoT devices, and a new wave of threats from more sophisticated attackers. In Part 1 of this two-part series, we will examine the top three cybersecurity trends of 2021 and examine their implications on organizational security. 

#1: Shifting Organizational Behavior

While 2020 seemed like an anomaly at the time, the events of 2021 have shown us that drastic changes are still at work globally—from the continuing dominance of COVID-19 to the social justice movement sweeping through communities to the great resignation of the workforce to a large portion of workers still remote. During the last year, organizations have experienced ongoing shifts, including:

  • Increased due diligence of partnerships and M&A activity
  • More adoption of a Secure-by-Design approach from product development
  • Increased adoption of cybersecurity mesh strategies
  • Heightened demand for interoperability
  • Continuance of the remote workforce model
  • Movement toward greater sustainability based on pressure from customers and shareholders

These large forces make it clear that organizations, and particularly the cybersecurity community, must adopt a more proactive approach into making their business more secure and more flexible. Organizations have been required to adapt to this new normal to accommodate the constant drumbeat of accelerated changes. From a security standpoint, vulnerability management has become more important than ever. Organizations pivoted overnight from operating on premise into a fully remote scenario. In addition, businesses faced a potential slew of new attack vectors. And from a connectivity perspective, security professionals now were facing corporate systems working from unmonitored networks, with the perimeter now expanding into workers’ homes.

The Continued Importance of People, Process, and Technology      

Interestingly, the new remote work model has provided both pros and cons to security. For example, home systems and computers may not have the same paths to lateral movement and attacking as in an office, so threat actors have had to adapt to this change. Conversely, from a social engineering perspective, organizations that previously relied exclusively on stopping attacks from a technology perspective have had to recognize the valuable contributions people and processes play in building a strong foundation for overall security. The last year has shown companies the importance of embracing and adopting a defensive posture that includes the combination of people, processes, and technology working together to protect the organization. Joe Vest, Senior Security Consultant for Cobalt Strike by Fortra, provides further insights on this.

 

#2: Cyberthreat Evolution

2021 also saw a transformation in the approach and type of cyberthreats. At the beginning of the pandemic, bad actors started targeting the healthcare industry, with medical facilities and hospitals falling victim to attacks. But during the last year, this expanded into critical infrastructure—like oil and gas—and moved into multi-stage, multi-pronged attacks that are more sophisticated than ever before across multiple verticals.

Companies are having to shift resources to cover potential attack vectors and, in terms of IoT, there is no way to know how secure those devices are that are accessing the network. This makes it incredibly important to ensure network traffic analysis tools are in place and protections are sufficient to minimize attacks.

From a ransomware perspective, the security industry as a whole has shown that it is not keeping pace with bad actors. Organizations—especially small-to-medium-sized businesses (SMBs)—are vulnerable because they often do not have the means to do detection and response. And once an incident happens, ransomware becomes more effective. Once an entity has been identified as willing to pay the ransom, the organization opens itself up to more targeted, multi-pronged attacks. It is clear that organizations cannot patch their way out of problems any more—instead it takes a multi-layered security approach to defend against ransomware. Watch Mieng Lim, Vice President, Product Management, Digital Defense by Fortra, discuss how paying a ransom can hurt more than it helps.

 

#3: Adapting Defensive Strategies

While cyberthreats have evolved over the last year, cybersecurity has also seen a number of shifts in defensive strategies. One strategy organizations have employed more frequently is combining penetration testing with vulnerability management. Whether attempting to take on internal pen testing or engaging with pen testing services from a third-party engagement, this defensive strategy taps into the strengths of both vulnerability management and pen testing to reveal and prioritize security weaknesses before a threat actor might.

However, this is only one aspect of threat-based testing. The rise of other combat strategy trends during 2021 included: 

  • Broader Deployment of Multi-Factor or Two-Factor Authentication
  • Strengthening Identity Governance and Access Management Policies
  • Enhancing Overall Application and Data Security

Organizations that adopted these multi-layer strategies were more effective in reducing their attack surfaces, and in the identification and discovery of potential threats. In other words, security teams that successfully leveraged adaptive security tools to monitor events, and then employed specific processes to determine if those activities were anomalous in their environment, were more successful in minimizing loss and preventing further damage across the business.

Learning from the Past, Moving Toward Greater Protection in the Future

If the continued events of 2021 have reinforced anything, it is that organizations should not be surprised by disruptions or caught off guard in protecting their networks and infrastructure from attack. The best safeguard within this turbulent environment is to put in place a multi-layered security approach that is both proactive to prevent potential attacks and responsive when attacks can—and likely will—occur.

Related Products
Core Impact
Access Assurance Suite
Network Insight
Related Solutions
Penetration Testing
Identity Governance & Administration
Threat Detection
Related Content
cybersecurity-trends-predictions
Blog
The New Normal in Cybersecurity: Exploring the Top Three 2022 Predictions
IT professionals in server room
Blog
Three Lessons Learned From A Data Breach
mergers-acquisitions-identity-access-management
Blog
IAM in an M&A World: Finding the Right Balance Between Security and Efficiency
Top 12 Vulnerability Scanners for Cybersecurity Professionals
Blog
Top 14 Vulnerability Scanners for Cybersecurity Professionals

Watch Cybersecurity in a Changed World: 2021 Trends and 2022 Predictions

CTA Text

Get more in-depth analysis from our cybersecurity experts when you check out our on-demand trends and predictions webinar.

WATCH THE WEBINAR
  • Email Core Security Email Us
  • Twitter Find us on Twitter
  • LinkedIn Find us on LinkedIn
  • Facebook Find us on Facebook

Products

  • Access Assurance Suite
  • Core Impact
  • Cobalt Strike
  • Event Manager
  • Browse All Products

Solutions

  • Identity Governance

  • PAM
  • IGA
  • IAM
  • Password Management
  • Vulnerability Management
  • Compliance
  • Cyber Threat

  • Penetration Testing
  • Red Team
  • Phishing
  • Threat Detection
  • SIEM

Resources

  • Upcoming Webinars & Events
  • Corelabs Research
  • Blog
  • Training

About

  • Our Company
  • Partners
  • Careers
  • Accessibility

Support

Privacy Policy

Contact

Impressum

Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners.