2021 Trends in Cybersecurity

Mar  11 
Nayan Patel and Adam Lopez  Vice President, Open Solutions, Fiserv; and Senior Cybersecurity Solutions Consultant, Open Solutions, Fiserv 

Pandemic accelerates need to broaden security strategies

COVID-19 has quickly and dramatically changed the way people work and engage with their finances. Remote working, mobile apps and online banking have become the norm, leaving financial institutions and other organizations rushing to expand security services to match a new way of life.

What was a relatively compact attack surface for cybercriminals has now been decentralized through the number of employee devices now at home, consumer reliance on mobile first and an expanded vendor pool to meet changing market demands. There are simply more entry points for criminals, and organizations now must cast a much wider net to secure their data.

In the past year, financial institutions and other organizations acted quickly to adjust to expanding threat vectors. But they weren't taken completely by surprise. The trajectory toward digital had been clear long before COVID-19, but the pandemic accelerated everything.

And when the pandemic ends, the cybersecurity ecosystem likely will remain. Many remote workers will stay remote, and the dependence on digital when moving money certainly won't go away.

The past year was about reacting. Expect organizations in the coming year to step back and say, "We did what we had to do to survive. But are we doing it the right way? How do we plan for five years down the road?"

That proactive approach will give rise to four prominent trends this year in cybersecurity.

There are simply more entry points for criminals, and organizations now must cast a much wider net to secure their data.

1. Reassessing Security Strategies

In 2020, we saw banks and credit unions moving people to remote work even though organizations weren't used to those people working from home. They needed VPN connectivity, collaboration tools, mobile devices and laptops.

Financial institutions had to do it all without necessarily considering an overall security strategy. They made quick decisions to keep the business working, and they did it all in the first few months of the pandemic.

Now, it's time to reevaluate. Expect a lot of organizations and financial institutions to reassess their security to understand where everything now lives in their ecosystems, from a data and user perspective.

They're going to want to know if they have the right authentication solutions for their remote workers. They're going to assess their access controls and determine if they need to beef up their cloud-based security.

More organizations also will take a zero-trust approach to security. It's a system architecture that requires validation and user authentication every step of the way, instead of just once.

It's a foundational strategy for next steps in security and one that really can't be ignored, considering the decentralized landscape we're in. Organizations simply can't trust that people entering an environment are who they say they are.

2. Scrutinizing Supply-Chain Risk

Safeguarding against supply-chain attacks is really a no-brainer at this point, particularly in light of recent attacks, such as SolarWinds. The threat was trending heavily prior to that event, but now it's front and center.

Attackers are looking for weaknesses in vendors, third parties and the supply chain in hopes of getting to the target. Organizations are becoming more integrated with third-party vendors, which is another example of how the attack surface has changed.

Active threats are emanating from many vendors as attackers attempt to use them as launch points for targeted security breaches.

Organizations are now trying to understand what their vendor ecosystem looks like, how that interacts with their day-to-day business and what types of threats vendors pose. Mitigating those threats is a top priority.

The goal is to maintain a trusted brand. Achieving that goal now means building protections around all digital touchpoints.

3. Adopting Cloud Services

As users and data spread out – and as data crosses into the vendor ecosystem – security teams are seeking ways to protect that expanded attack surface. They want control over where data lives and how users interact with it.

Gaining that control is going to be a top priority this year. And one way to do that and mitigate risk is through continued adoption of cloud services.

Cloud services are inherently spread out. It's their job to decentralize services. So as capabilities expand within different types of solutions, organizations will look more often to the cloud and adopting cloud-based security solutions that solve for that broader attack surface.

There's also a big push in the security industry to have solutions talk to one another in ways they'll understand. Cloud services help consolidate tools and solutions that weren't necessarily meant to work together.

4. Digital Asset Protection

We've found in talking to our clients that the risk around digital footprints rose significantly with the onset of COVID-19. It was always happening, but the mobile-first explosion since the start of the pandemic showed criminals areas that are ripe for fraud.

Threat actors will target low-hanging fruit within client environments. Often, that includes digital brand platforms, such as social media and mobile banking apps, that can be overlooked when it comes to security.

Look for organizations to start spending more of their resources and time making sure their trademarks, logos and names aren't on fake websites used for credential harvesting. They'll want to make sure no one is posting apps that look like their organization to draw personal consumer data.

The goal is to maintain a trusted brand. Achieving that goal now means building protections around all digital touchpoints.

Step Back and Strategize

The past year forced organizations to react on the fly, often adopting piecemeal security measures to quickly adapt to changing circumstances.

But many organizations are realizing they were tested last year and passed. They can securely support remote workers. They can protect expanded digital footprints. Now it's time to step back, assess what they have and start building a long-term security strategy around what has become the new normal.