This year’s COVID-19 pandemic has become a pivot point for businesses around the world. Industries have had to adapt and implement technology to allow for virtual operations, seemingly overnight. And while that shift has allowed society to continue during a pandemic, it’s opened up new opportunities for cyberattacks and security breaches. Data security has come a long way, but what could this sudden vulnerability mean for businesses in 2021 and beyond?
First, we’ll take a look back. For the past few years, these trends in data security for startups have focused around being as secure as you can, as early as you can:
Your companies survival in 2021 and beyond will rely on the choices you make about security now. More enterprise companies are requiring their vendors to invest in security and become compliant with industry standards, as they pass risk downstream.
We’re also seeing increased board and investor involvement, as they’ll also be on the hook to customers, shareholders, and regulators if a breach happens. Overall, there’s been an increase in vigilance — which is always a good thing when it comes to protecting customer and client data.
Still, companies can’t simply button up their security procedures, check the boxes on framework compliance, and call it a day. In addition to the shift the pandemic caused, there are still evolving trends to be aware of in 2021.
Remote work isn’t new, as many companies have been doing it for years or steadily adopting it into their culture. But the sudden large-scale shift to remote work nearly overnight due to the COVID-19 pandemic changed how we work permanently. Employees may never fully return to the workplace — which means companies have new challenges in keeping their systems safe now that their workforce is logging in from unsecured hardware via unsecured connections. Fixing the exposed leaks from the shift to remote work needs to become a priority, which may also require systems upgrades or cloud migration. Training for crisis response becomes a priority as well, as the attacks may not look the same as they did when employees were under the same roof.
The Internet of Things has been a trend for a couple of years now, with no signs of stopping, as our world becomes more interconnected through smart devices that also have data privacy considerations. Meanwhile, cybercriminals continue to get smarter as they find new ways around new systems. They’re turning their focus to small and medium-sized businesses (SMBs), which not only still hold sensitive customer information but also can be turned into an attack on larger players. As mentioned earlier, we’re also seeing boards becoming more invested in ensuring privacy compliance. And finally, we’ve seen an increase in the use of multi-factor authentication on everything from internal enterprise networks to phone apps. These trends from 2019 are only adding to the security considerations startup founders need to be aware of.
Even though the COVID-19 pandemic drastically changed life as we know it in the spring, trends were evolving earlier in 2020 that are still in play. We started seeing that one of the ways hackers are targeting SMBs is through the supply chain, specifically interfering with the trust relationship between enterprise company and vendor. Malicious actors are finding ways to hack entire offices or buildings through the smart technology in it. We’re also seeing the rise of hacker-for-hire services and the malware-as-a-service industry. Finally, we’re anticipating that hacktivism is going to focus on a new target: companies contributing to climate change or social injustice.
In 2021, we may also see the development of state, province, and country-specific data privacy standards, like when the GDPR rolled out in the EU a few years ago — especially since the pandemic has prompted a greater awareness around protecting citizens and economies. This means that companies need to keep an increased eye on regional and industry-specific frameworks and standards around collecting and storing data. And in the near future, it may even be illegal for a company not to have a compliance plan in place.
AI automation is already being utilized across a wide range of industries, from fulfillment centers to advertising to recruiting, so having security audits performed through automation will most likely become the norm in 2021. As more business assets become digital or digitized, and as more systems move to the cloud, hiring a person to sift through data rather than automating the process seems archaic — and leaves room for error. In fact, early-adopter firms are utilizing this technology already.
This may seem like a vast list to consider as you strive to make your company and its data more secure. But making sure that you’re adhering to a comprehensive compliance plan, that your team knows the value of data security, and that you’re keeping aware of information security trends will give you the ability to keep up with the game, or even stay ahead of it in 2021.