Forcepoint Future Insights reveal the key trends set to shape cybersecurity in 2021
December 2020 by Forcepoint
Forcepoint has revealed the trends that will shape cybersecurity in 2021 as part of its Future Insights series. Developed by Forcepoint X-Labs and a team of Forcepoint’s expert leaders, the series explores the emerging behaviours, threats, disruptions and solutions that will impact both cybersecurity end users and the industry over the coming 12 months.
“2020 has been a year of considerable upheaval and change. We’ve seen an incredible acceleration of digital transformation, changes to the traditional security perimeter, and major shifts in everyday behaviours as people around the world adapted to the ‘new normal’,” said Nicolas Fischbach, Forcepoint Global CTO and Future Insights series editor.
“We developed the Future Insights series to ensure the industry, organisations and individuals alike could understand the trends and events that will influence cybersecurity in 2021. At Forcepoint, we understand that risks are continuous, but we also believe that our industry can overcome these risks to build better, and continue to protect important data and the people who access it,” Fischbach added.
The Emergence of the Zoom of Cybersecurity – Nico Popp, Chief Product Officer With the move to mass remote working and accelerated digital transformation in 2020, cybersecurity has moved up the foodchain. Cybersecurity is now a business differentiator, and it needs a category disruptor.
The need for a converged, digital, cloud-delivered platform means we’ll see the emergence of the “Zoom of Security” – a high-tech system that ‘just works’ and is easily accessible for the everyday consumer.
Any serious category disruptor must be more deeply integrated into the public cloud ecosystem. Cloud must become part of cybersecurity’s DNA, in a way that it isn’t today. Currently, developers are using security as a tool, but having to shoehorn in applications and functions not necessarily designed as cloud-native. Security will move to the left for the developer, and will become easily deployable and fully integrated. This integration will result in security becoming so engrained in applications and platforms that people will no longer realise they are being “secured”.
Inherent Bias in Machine Learning – Raffael Marty, Vice President, Research and Intelligence
Trends in accelerated digital transformation means automated systems are more necessary than ever: and the sheer quantity of data involved means it has to be managed with Machine Learning. But in 2021 machine learning and analytics will fall under tightened scrutiny, as trust in their unbiased nature and fairness, as well as ethical boundaries will be questioned.
When undertaking any analysis which uses machine learning or algorithms to make automated decisions which impact people’s lives, organisations must use a combination of algorithms and human intelligence. Without bringing in human intuition, insights, context and an understanding of psychology, organisations risk creating algorithms which are themselves biased or make decisions based on flawed or biased data.
In addition to involving human expertise in the algorithms, the right training data and the right data feeding the live analytics is just as important. The right data means the right amount, the right training set, the right sampling locations, the right trust in the data, the right timeliness, etc. As this data comes for the most part from looking at a user’s activities, this monitoring must be done appropriately, with consideration for people’s privacy and the appropriate ethical guidelines in place.
People do People Things – Dr Margaret Cunningham, Principal Research Scientist for Human Behavior
2021 will see us uncover the security impacts of “people doing people things” – those normal, yet risky behaviours we all undertake. Whether it is creating multiple workarounds and shortcuts to accomplish goals, stockpiling data, making human errors or experiencing decreased risk perceptions, everything has an impact.
Rather than trying to use technology as a unilateral force to control their workers’ behaviours, companies need to better understand how their people adapt to, respond to, and inform their environments – and begin to implement security practices and tools that work with humans rather than against them.
By pulling experts from security, counter-intelligence, IT, and behavioral sciences together, behavioral understanding can be built into cybersecurity systems. And this is the first important step for finally starting to move cybersecurity “left of breach” – designing security for the human element.
Disinformation is Inevitable – Eric Trexler, Vice President of Sales, Global Government
In 2021 and beyond, disinformation is inevitable as people continue to believe what they read online at face value without any additional research. Disinformation is one of the biggest threats facing democracy, but the Internet was built on anonymity, which makes it difficult to combat.
In 2021 and beyond, disinformation will continue to increase in focus and scope. And why not? Disinformation campaigns are easy and low-cost to implement, while the risk and penalties are nearly nonexistent.
There is no silver bullet to remedy the threat—no single tool that can guide people to truth or safety. Instead, everyone must be diligent about questioning what they see online, as opposed to simply taking information at face value without further thought or inquiry. Public/private partnerships could also help combat disinformation campaigns and bad actors – for example, academics, large social platforms and commercial tech companies working together to ramp up disinformation research and creating new technologies or evolving social media practices to meet this challenge.
The Rise of Insider Threat-As-A-Service – Myrna Soto, Chief Strategy and Trust Officer
In 2021 the biggest threats will come from the people and places organisations least expect.
In the past we’ve thought of “insider threats” as disgruntled employees who walk out of the building with proprietary information hidden in their briefcases. But today, employees may be scattered around the world, and could be hired after only meeting via Zoom. In fact, they may never step foot inside a physical office. And today, you can buy almost anything on the dark web, including “trusted insiders”.
The only way to find these people before they do irreparable damage to your organization is by understanding human behavior and knowing when their activities don’t match their profile. Insider threat needs to be taken seriously and accepted as a real risk by security leaders, who should ask tough questions about whether they have the tools and solutions in place to spot and stop anomalous behavior, before it’s too late.
Where is my data? You’ll find out in 2021 – Nicolas Fischbach, Global Chief Technology Officer
As we got used to remote working, many companies gave up on protecting the perimeter and trusted in basic networking and cloud services to protect “the branch office of one”. In 2021 the consequences of these actions will come to light and we will start to realise exactly how much intellectual property was stolen by attackers and malicious insiders during 2020.
Data visibility and the management of data protection is the most important cybersecurity imperative for enterprises in 2021, so that we can work securely, regardless of location. To achieve this goal, we must introduce real-time user activity monitoring. Cloud-native solutions with a deep understanding of users’ behaviour will deliver permanent solutions, rather than stopgaps.
The accelerated digital transformation seen over the past year has pushed organisations forward, but also created new challenges for the cybersecurity industry. Security leaders must ask tough questions about whether they have the tools and solutions in place to spot and stop anomalous behaviour, before it’s too late.
Understanding the emerging challenges and creating cybersecurity technologies which can address them, while also remaining ‘invisible’ to the end user and simple for the practitioner to implement, will be key to ensuring the ongoing security of people and data alike.