Here’s one prediction that you can bet on: Forecasting enterprise security trends will never go out of style. That’s not a bold call but it’s a bankable one. Technology trends come and go; security is an everlasting issue. There’s no finish line where everyone gets to clink glasses and declare: “All secure!”

In the same vein, security trends tend to be a consistent mix of “old” – think phishing scams and malware – and “new,” such as the COVID-19 pandemic and its widespread impacts on organizations and individuals. That was true in 2020 and it will remain so in 2021.

[ How can automation free up more staff time for innovation? Get the free eBook: Managing IT with Automation. ] 

We asked a wide range of IT and security leaders to share with us their insights and expectations for the year ahead. Here’s what they are keeping tabs on as we open a new calendar – and what IT leaders should be paying attention to as well.

1. The new normal for the security architect(ure)

We’ll likely see organizations re-clarify their security focus – though potentially with new constraints – because security didn’t necessarily top priority lists in 2020. In particular, organizations will more intentionally begin adapting their security playbooks to reflect the lasting changes to how they operate, including remote workforces.

“The focus on the need for stability and operational efficiency in 2020 because of the pandemic has deflected the attention and focus on security,” says E.G. Nadhan, chief architect and strategist, North America, Red Hat. “With the gradual transition to the new normal, security will get renewed focus, reviving the proactive execution of security strategies.”

Those strategies will need to become more intentional about the realities of remote work and other lasting changes to how many businesses will operate, even if effective vaccines become widely available in 2021. “Normal” has been permanently redefined; security programs will need to adapt accordingly.

“Securing the next normal will be a top priority for 2021,” says Shawn Burke, chief security officer at Sungard AS. “Following the seismic shift to remote working, we will continue to see an increased focus on securing beyond the perimeter and cloud deployments.”

Nadhan expects the role of security architect to become more visible and in-demand, as hybrid cloud and multi-cloud strategies proliferate and both the workforce and IT portfolio become increasingly distributed.

“The role of the security architect will become more critical across the various platforms and cloud providers, driving a ‘security first’ approach to architecture,” Nadhan says.

This isn’t solely a matter of remote workers. It’s fundamentally an architecture issue, especially as cloud-native applications and infrastructure become more common.

2. Automation will help support a security-first approach to architecture

“A key area I see for cybersecurity in the years to come is related to businesses seeking methods to innovate and build software at quicker speeds,” says Chris Eng, chief research officer at Veracode. “This need for speed is resulting in development teams breaking down comprehensive applications into the smallest reusable blocks – microservices – so they can be put together in multiple areas of the business. While it helps drive increased speed, it will be a challenge for development and security teams to assure the security of these microservices[-based] technologies.”

[ Read also: 5 approaches to security automation and How to automate compliance and security with Kubernetes: 3 ways. ]

That’s where automation becomes not just nice-to-have but necessary, fueling the rise of  Kubernetes and enterprise Kubernetes platforms in organizations working with microservices and containers at scale. That’s often happening in tandem with the DevOps or agile ways of working, both of which emphasize speed.

To secure all that work happening at speed, enterprise IT organizations will pursue integration, automation, and orchestration of cybersecurity systems’ workflows. “Various functional cybersecurity securities will be tied together to form an orchestrated system to handle identification of vulnerabilities, attack vectors, and automated remediation workflows,” says Michael Cardy, Red Hat’s chief technology strategist and director, solution architecture, Canada.

[ Read also: OpenShift and Kubernetes: What’s the difference? ]

3. Phishing and ransomware remain ubiquitous – and the home office will be under siege

You’ll be hard-pressed to find many security pros predicting a sharp decline in phishing scams, ransomware, and other common attack methods in 2021. These threats exist because they work – and that’s not going to change in 2021.

“Phishing and ransomware will continue to be a primary means for malicious activity,” says Mitchell Kavalsky, director of security governance, risk and compliance at Sungard AS.

In 2021, these already widespread threats will increasingly target the many thousands of people who will continue to work from home indefinitely.

“There will be an increase in attacks on personal emails and systems in the coming year,” Kavalsky says. “More people are working from home than ever before, and with that trend not changing any time soon, attackers will go after people’s personal systems. Since they are typically running on the same home network as their work laptop, hackers will use that as a conduit to gain access to the work laptop. Diligence in preserving and protecting not only work but home systems will be of the utmost importance.”

The shift to working from home (in businesses where that was possible) was a 2020 story, and Sixgill CEO Sharon Wagner says that both companies and individuals alike handled the rapid transition quite well. But the security impacts of widespread remote work – and employee homes becoming significant entry points into corporate systems – haven’t really landed yet. That’s the 2021 story.

“While the cybersecurity fallout of this global shift has yet to be felt, it’s likely we will see a spike in data leaks and breaches on endpoints in the next year,” Wagner says. “The shift to remote work brought with it increased risks of attacks on home networks, personal devices, and other endpoints that are now more exposed than ever.”

[ Get the primer: What is SOAR (Security Orchestration, Automation, and Response)? ]

Subpar or unpatched VPNs will probably be a renewed focus as a potential weak link. SAS chief information security officer Brian Wilson thinks more organizations will move toward edge-based authorization tools, diminishing the role of VPN as a primary guardian of network security. He also expects Zero Trust security models to regain some of their earlier buzz since user access and privileges are as big of a threat vector as ever. Count Wilson among those IT and security leaders who expect remote work setups to last indefinitely, even as some people begin to return to traditional offices when it is deemed safe to do so.

“Educating employees about how to keep their home environments secure is more critical than ever,” Wilson says.

4. COVID-related threats will continue even when the pandemic is subdued

Even if the active phase of the COVID-19 pandemic is brought under control in 2021, COVID-related security threats are likely to continue for a long time after that milestone. Bad actors will attempt to capitalize on a flood of information related to vaccines, government and private sector responses, and other long-term impacts of the pandemic. Jerry Gamblin, manager of security and compliance at Kenna Security, thinks many of these bad actors will have government ties.

“We will likely see an increase in cyberattacks from state-sponsored groups and an aggressive move by state-linked ransomware groups to cash in on uncertainty around the translation back to ‘normal life’ after a widely distributed COVID-19 vaccine,” Gamblin says.

That eventual return to “normal life” – a relative term, to be sure – itself will create new risks. If in-person conferences return at some point in 2021, for example, the planning required to hold them safely might become an attractive target.

“Next year, businesses may look to require proof of a COVID vaccination to travel or attend in-person events,” Gamblin says. “Companies that collect this sensitive data will be an attractive target for malicious actors given the dubious track records of organizations tasked with protecting normal customer data.”

It’s virtually certain that cybercriminals will continue to use the pandemic as a mask for phishing, ransomware, and other campaigns. It’s also clear that attackers will go after the global effort to mitigate COVID-19 itself.

That’s already underway in advance of the new year: On December 3, the IBM Security X-Force team announced it had uncovered a worldwide phishing campaign targeting organizations associated with a COVID-19 vaccination cold chain. (In short, a “cold chain” is a critical part of the global supply chain for distributing an approved vaccine.)

Let’s delve into three more key security trends to watch:

5. Cloud misconfigurations remain a major problem

Like ransomware and phishing, improperly configured or monitored cloud accounts will also be a continued threat. Actually, continuous is the better word, since it will (like those other threats) be a mainstay in the threat landscape.

“In 2021 we will continue to see companies leak large amounts of customer data through misconfigured cloud storage services,” Gamblin says. “We will not, however, see a workable solution to this issue and it will likely be back on the list in 2022.”

This points to a disconnect in cloud security: The major platforms invest heavily in their security, but they’re not directly responsible for your own internal policies and processes. Even platforms and tools with robust native security features need to be properly set up and tuned over time for your specific environments.

Burke, the Sungard CSO, expects cloud-jacking – the practice of taking over an organization’s cloud account(s) with compromised credentials – to increasingly go hand-in-hand with ransomware threats. In general, this is a reminder that ongoing diligence and monitoring are key to a layered approach to cloud security.

“Organizations will need to have a clear understanding of their cloud footprint, assets, and provider relationships,” Burke says. “The cloud provider aspect is key because although the providers are responsible for securing the cloud environment, the customer must still implement policies and procedures around access management, data protection, etc. to complete the loop.”

[ Working on hybrid cloud strategy? Get the four-step hybrid cloud strategy checklist. ]

6. Compliance requirements fuel cloud decision-making

Data privacy and protection is both a security matter and a compliance issue. This will continue to be a considerable factor in cloud architecture and strategy in 2021, especially for large enterprises or any organization with a global presence.

“Consumer data privacy pressures continue to mount – a particular challenge for U.S. companies with a European footprint, which must contend with the stringencies of GDPR,” says Wilson, the SAS CISO. “This is a definite factor in the push to cloud. Keeping data in-region eases control and data management strategies, but it also underscores the need for global alignment and resources on the legal and compliance fronts.”

This is among the appeals of hybrid cloud and multi-cloud architectures.

Asher de Metz, security consulting senior manager at Sungard AS, expects more cybersecurity and data privacy regulations to roll out in the year ahead, too. “I foresee an increased development of cybersecurity and privacy requirements driven by countries that are in line with regulations such as GDPR,” de Metz says.

7. MITRE ATT&CK framework gains steam in the business world

Organizations need the best possible information about potential attackers and threats to improve their security posture. That information, which was once the stuff of classified government files, is more readily available than ever, thanks to the MITRE ATT&ACK framework. Given the increasingly global and complex nature of enterprise security, this knowledge base is becoming a bigger and bigger deal.

“The MITRE ATT&CK framework will continue to increase in prominence as the backbone for cybersecurity planning and threat-informed defense across the public and private sectors,” says Jonathan Reiber, senior director of cybersecurity strategy and policy at AttackIQ. Reiber previously served as the chief strategy officer for cyber policy and speechwriter in the office of the Secretary of Defense during the Obama administration.

“Historically, only well-resourced organizations like the Fortune 10 and major U.S. government agencies had the resources and personnel required to develop real-world threat intelligence and adversary emulations,” Reiber explains. “Thanks to the analytic resources made available by MITRE ATT&CK, organizations all over the world can focus on known threat behaviors and improve their security effectiveness.”

The MITRE ATT&CK framework means you no longer need to be a massive bank or tech company to level the playing field with adversaries. There’s a famous Sun Tzu quote from The Art of War that sounds like it could have been written for the cybersecurity realm: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

First made public in 2015, MITRE ATT&CK is essentially about ensuring you know your enemy, and businesses, in particular, may be overdue to make more active use of it.

“The ATT&CK framework has gained significant momentum in both the public and private sectors as a globally vetted, all-source repository of adversary behavior, cited regularly by the U.S. government’s Cybersecurity and Infrastructure Security Agency and recently by the Office of the Australian Prime Minister,” Reiber says. “When used in tandem with an automated adversary emulation platform, ATT&CK allows organizations to test their cyber defenses against known attacker behaviors safely, at scale, and in production.”

Reiber also notes that the MITRE Engenuity’s Center for Threat-Informed Defense has begun developing free adversary emulation plans. It released the first plan, for security teams to emulate their defenses against the cybercrime group FIN6, earlier this year.

[ How do containers help manage risk? Read also: Ten Layers of Container Security. ]