4 Cybersecurity Lessons for 2021

From a human standpoint, COVID-19 continues to be a tragedy globally. We all look forward to a day when we can once again go about living our lives normally. From the perspective of our digital world, the pandemic has been a rapid accelerator of many trends. Over the past decade or so, remote work had become popular for certain types of work. The same with remote learning. Popular, but not pervasive. 

What had been privileges pre-COVID, however, have now become necessities. No one could have anticipated the scale and speed at which remote work and remote learning have expanded and the impact on supply chains, corporate cultures, morale and productivity. 

Some business leaders may have thought it possible to skate by for a year or two without embracing digital transformation, but COVID provided no option other than to hurry up and do it. If you were a brick-and-mortar retailer pre-COVID, by now you probably have some kind of online business. Otherwise, you may be out of business altogether. 

Now that 2020 is coming to a close, what are some of the important lessons we have learned? How can these lessons help us to do a better job in the critical area of cybersecurity? Here are four areas to keep in mind as we enter 2021:  

1. Visibility: Now that many more people are working from home, and will likely continue working from home, we have to extend the visibility of the enterprise network. Our employees are likely using the same network as their families, which creates additional points of entry for attackers. We have to think of the home as the new network, with a broader perimeter than ever before.
2. The New Workplace: People have always gone to work. But now, work needs to be delivered to people. They could be using any device, any network, any location. What used to be bring-your-own device (BYOD) is evolving to bring-your-own choice (BYOC). Wherever workers are working is the new normal, so we need a more uniformed and structured way to do security. This will require the acceleration of automation, machine learning, artificial intelligence, cloud delivery and other trends that have been in the works for years.
3. Building and Sustaining Cybersecurity Awareness: As we made the rapid transition to work-from-home, the attackers didn’t pause to give us time to make adjustments. Far from it. They became more aggressive than ever and used COVID-19 to weaponize their attacks. Check out this blog post my colleague Ryan Olson wrote back in July: COVID-19: The Cybercrime Gold Rush of 2020. We need to double down on building cyber awareness, ongoing training and regular fire drills. Nobody planned for a pandemic, but we know enough now to plan for potential cyberattacks.
4. Cloud Delivery, Software-Defined: One of the big challenges at the outset of COVID and the sudden shift to work-from-home, was delivering security at scale. The defining factors in where and how we work will likely change as a result of the pandemic, probably forever. You will see commercial office space abandoned, entire campuses barren of people. But the people will be working, and they will need secure remote access at all times. We have to look at cybersecurity modernization as a vital investment in our organizations, as important as any other business function. 

Legacy approaches to cybersecurity won’t work in a world changing as rapidly as it is now. COVID has been an instigator and accelerator of change, and organizations need to be able to adapt quickly as a core business capability. One of the lessons of COVID is to be prepared for anything. Another is that modern challenges require modern solutions.

In cybersecurity, modernization means cloud-delivery, software-defined models, Zero Trust, cloud-based data loss protection, autonomous SOC, AI, machine learning, shared threat intelligence, and a platform model that eliminates unnecessary point products. 

Business leaders would be wise to be conversant with these critical trends so they can ask the right questions of their cybersecurity teams and make sure their investments are maximally effective, for now and into the future. 

Sean Duca is Vice President, Chief Security Officer, Asia Pacific and Japan, for Palo Alto Networks.