I joined the Infosecurity Magazine team almost one year ago, in March 2020, just as the COVID-19 pandemic led to the introduction of lockdown measures throughout the world. I – like so many other people – have therefore worked almost entirely from home since that time.
Throughout the past year, it has been fascinating to observe the cybersecurity industry adapt to the challenges posed by shifts to remote working and the growing use of digital technology in everyday life, such as for shopping and entertainment purposes. Beyond adaptation, the sector has now pushed itself to the forefront, with its critical importance to society emphasized in the wake of the huge rise in online fraud and cyber-attacks over the last 12 months.
One positive legacy to emerge from the difficulties and challenges that the pandemic has brought about could be that individuals and organizations take cybersecurity far more seriously in the future, following the practices and measures that security professionals have advocated for years. This includes the wider implementation of zero trust architectures and developing basic security habits, such as strong passwords and two-factor authentication.
Thankfully, the arrival of various COVID-19 vaccines offers a pathway out of the crisis and the return to some form of normality. Nevertheless, it seems inevitable that the way we live and work will differ in a number of ways to the pre-pandemic era, with people and organizations continuing to take advantage of digital technologies. I’m personally very much looking forward to reaching the point where physical cybersecurity events get back up and running, allowing security professionals to discuss and debate the changing landscape in person.
Alongside the gradual emergence from the pandemic, 2021 has brought with it major changes at a political level that are set to have a profound impact on the cybersecurity industry. One of these is the new administration in the White House, led by President Joe Biden. All indications are that this government will place a greater emphasis on cybersecurity compared to the previous administration.
“2021 has brought with it major changes at a political level that are set to have a profound impact on the cybersecurity industry”
One way in which this could manifest is a greater willingness to launch offensive cyber-strikes against state-backed threat actors. The growing trend of nation states developing their own offensive capabilities is the subject of my feature on page 38, where I quote Biden’s response to the high-profile hacks against vendors FireEye and Solarwinds at the end of 2020, allegedly conducted by Russian-backed cyber-criminals: “A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place,” he said.
Another issue relates to having a clear cybersecurity strategy at the federal level. The decision in 2018 by then President Donald Trump to abolish the role of White House cybersecurity advisor, a position created in 2012 by President Barack Obama, left a leadership vacuum in this area in the view of many experts. It will be interesting to see how Biden, who was vice-president under Obama, will address this matter.
Another major sea change we are getting to grips with is the UK’s complete departure from the EU, following the end of a yearlong transition agreement. This came after a trade deal was finally struck between the two parties at the last minute, on Christmas Eve 2020. The ways in which this will affect data protection and privacy is likely to be another vital topic in 2021. While the UK now technically does not need to adhere to the GDPR, its provisions are, in effect, now included in UK law. Additionally, the GDPR’s extra-territoriality provisions mean that the rules will continue to impact UK companies that offer goods or services to customers in the EEA. Nevertheless, this is an area to keep a watchful eye on in the months and years ahead.
Conversely, it may be the case that, in time, the EU makes the regulations more stringent, with the UK no longer at the table in such negotiations. Jonathan Armstrong, partner at Cordery, told Infosecurity recently: “With the UK leaving the EU, GDPR itself might change and become less business-friendly, whereas the UK position more or less stays the same.”
A more pressing issue related to the UK’s full departure from the EU is that of data transfers. As it stands, a temporary deal has been put in place to allow uninhibited data transfers between the EU and UK for a period of at least four months, with the possibility of an additional two-month extension. In the meantime, the UK is seeking an adequacy decision from the EU to enable the flow of data to continue. The ruling by the Court of Justice of the European Union last year to invalidate the EU-US Privacy Shield shows that such a decision is by no means a given, and with the deadline for the end of the temporary bridging mechanism now looming, organizations that operate between the EU and UK will be looking at this issue very closely.
While COVID-19 will undoubtedly continue to influence the cyber-landscape for many years to come, it is to be hoped that the vaccine rollout will allow the information security sector to push the many other issues to the forefront. I hope to finally see many of you in person at events in the near future to report on these issues.