The year 2020 has been marked with ransomware attacks, data breaches, and phishing exploits using COVID-19 as a bait that threatens to chip away at an organization’s security defense. Despite IT leaders ramping up investments in security products, these solutions often fall short of expectations. In this post, Andrew Gibson, Solutions Engineering Consultant at STANLEY Security, shares his thoughts on what cybersecurity will look like in 2025 and what technologies will play a major role in keeping organizations protected from constantly evolving threats.Â
This year has shown how difficult it is to predict the future. While businesses prepare for all kinds of challenges, their ability to adapt to changes is still the most important aspect. Security professionals are accustomed to adaptation, especially those tasked with a company’s fast-moving cybersecurity efforts.
As we look ahead to cybersecurity’s future, several technologies are emerging now that will play pivotal roles in the years to come. The key to these technologies is automating as many of a company’s security needs as possible to free up your teams to handle the more complex issues they’ll soon face.
Remote Work Requires VPN and Intelligent Firewalls
The current pandemic has shown many companies how to handle remote operations more effectively. Some offices may return to full-time, on-site staff, while others adopt a hybrid model or stay entirely remote. And while security teams may have already responded to physical threats thanks to remote security management programs for video surveillance and access control, cyber threats pose equally serious risks.
The early months of 2020 saw companies rapidly move their employees onto VPNs as they worked from home. The security a VPN offers is a great first step in implementing a long-term remote work structure. But, success with VPNs depends upon available network capacity and users following proper security policies. The stress test COVID-19 forced upon businesses showed that while more server space can solve capacity challenges, employees must still follow policies on properly securing their devices and limiting permitted activities on company devices.
Preventive technology like intelligent firewalls will continue to become a larger piece of this security puzzle in several years’ time. Leaders have balked at a firewall’s exponential cost increase in relation to higher throughput, and when fewer employees worked remotely, it was easier to skate by at lower levels. That’s changing, and capacity must scale to accommodate hundreds or thousands of users over VPN connections.
Fortunately, security integrators (SIs) are developing more intelligent firewalls to compensate. Instead of blocking simply on IP addresses, machine learning-powered firewalls search for threats and block them in real-time using threat intelligence gleaned from around the globe.Â
As threats evolve in the near future, adaptable firewalls built to handle higher capacities created by remote work will automate much of a company’s threat detection and prevention, helping cybersecurity teams stay abreast of the threat landscape.
Network Access Control Systems Protect Network Health
Several years ago, network security used to be more like an M&M â€” a hard exterior shell but a soft middle. All the security lived at the network’s edge, and everything inside was trusted. Now with cloud- based services, mobile workforces, additional hardware platforms and IoT proliferation, there is no definitive edge. Security now requires a â€œZero Trustâ€ mentality where you protect everything from everything else.
Recently, companies have deployed Network Access Control (NAC) solutions across networks to institute and manage a Zero Trust system. With a NAC implemented, you can call up an inventory of everything on the network and apply policies to users and devices based on what and where they are, what resources they use, when they’re using them and more. Although NACs are very complex, they let organizations microsegment their network and control and secure traffic flow within it. They can also assist teams in analyzing and classifying networked devices to help create and enforce security policies based on those classifications.
In the future, endpoints on a network will increase, and teams will see much more service utilization. NACs will become a critical feature of a company’s cybersecurity efforts by automating and controlling network usage to keep up with an ever-increasing network capacity demand.
Companies Must Govern IoT Use
The early days of IoT devices were like the Wild West. Manufacturers pushed device after device into the marketplace, presenting solutions for more and more areas. Companies tried them out to see what benefits they offered, but they typically never addressed how exactly these devices integrated into networks.
IoT will only grow from here: It’s projected the global IoT market will surpass $1.4 trillion by 2027. Companies will need to respond by more intelligently controlling devices on their networks and providing clearer policies around device governance. Plus, mounting pressure from private enterprise and government will soon force IoT manufacturers to develop stricter standards and more secure protocols before shipping devices to market.
In five years’ time, those security protocols will likely be installed and in use. But, companies are still responsible for the devices operating on their networks â€” and the number of devices will only increase over time, adding to the monitoring burden cybersecurity teams face. Today’s teams often fill out tracking sheets for each port in use and protocol in place, but that won’t scale as devices proliferate. Standalone or purpose-built monitoring solutions can automate monitoring an expansive IoT framework and check for health, performance and uptime, freeing teams to pursue more complex IoT cybersecurity demands.
Data Privacy Management Matters More than Ever
All these new technologies produce copious amounts of data and, without proper guidelines on storing and managing that data, leave companies exposed to cybersecurity threats. For example, the COVID-19 has led to companies capturing health information through human temperature screening or a visitor pre-registration health assessment. Those functions meant to protect the physical office generate sensitive data; who manages and protects that data?
It’s not limited to health, either. Some companies are installing productivity tracking software on employees’ computers to check in on employees working remotely. That also generates data: you can know what pages your employees visit â€” professional and personal â€” and that kind of information also requires policies around access and use.
Technology operating as middleware can help solve some of these issues. A platform that connects a human resources system tasked with visitor management to access control systems can manage interactions and protect transferred data. Coupled with strong policies around data access and management, security teams can ensure they safeguard all users’ personally identifiable information. It’s difficult to know where cybersecurity will stand in 2025, but several trends emerging now will likely grow by leaps and bounds as companies adapt to a continually changing world. Cybersecurity demands a lot of rapid change, but that highlights technology’s greatest benefit: the power of automation. Put it to work for your security team and then let your people do what they do best.