In 2021, Eric predicts even bigger migration and movement to the cloud. Indeed, this has been the case for a while, with many businesses turning their attention to AWS or Microsoft Azure, to name a few. However, the pandemic has ramped up cloud migration exponentially, and it looks like cloud is going to stick. 

With so few employers and employees likely to return to the office in a traditional sense, the idea of having devices or appliances in-house and being run by local staff is now a thing of the past. Instead, Eric believes that 2021 will be about letting those companies that focus in this area manage and control our data.

Eric reminds us that effectively, we don’t just equip our teams with laptops; instead, we’re giving them portable servers. Pre-pandemic, these laptops were used inside an office with a robust architecture - but even then, that wasn’t ideal in terms of security. 

Thus, for 2021, Eric proposes that we get better control of our data and information by removing the hard drives from all those local offices. In particular, a thin client approach should be used to ensure a new, fresh, and secure install so that laptops are never infected for too long at once.

If somebody comes into an office and plugs in their computer, organisations will normally have a very robust architecture in place to protect them. The probability of compromise was relatively low with thanks to this robust perimeter, which often put several appliances in place to protect employees and the business.

However, amid pandemic-driven remote working, companies no longer had the safety net of their company’s perimeter and architecture. Thus, in 2021, the focus will shift from the previous robust infrastructure to protecting and securing critical data.

One of the key models of cybersecurity is “prevention is ideal, but detection is a must.” Indeed, the former is preferable, but already, most organisations are doing everything they can in terms of prevention.

“Organisations that are going to thrive and survive in 2021 are going to start putting a lot of energy and effort towards detection,” Eric states. This could be through a variety of methods, such as setting up decoys or threat hunting.

The pandemic necessitates that CISOs become a lot more strategic. Dr Cole reflects on how, in the last couple of years, the CISO role “has been a promotional path for the technical engineer.” 

After 10 or so years in a company, a technical engineer will rise to the CISO level - perhaps by their own demand - which is problematic because a CISO is not a technical position. Instead, a CISO must be an executive that understands and manages the business of security from a strategic standpoint.