Remote and hybrid workforces offer flexibility for companies — employees are able to shift to work-from-anywhere with a cadre of technology and tools that facilitate connectivity and collaboration. This expanded functionality also expands the vulnerability as an attack surface.

Security Magazine’s top prediction for 2021 is that remote workers will be the focus ofcybercriminals in the coming year. Cybercriminals will take advantage of the shifts to remote office-disruption by launching phishing, ransomware, and other attacks that target gaps in companies’ security.

Protecting networks and tools outside-of-the-office will require new and more complex considerations.

In Stanford University’s “Building Your Shield: Mapping the Cybersecurity” online presentation, Dan Boneh and Neil Daswani discussed the landscape of the cybersecurity market.

Fastest growing segments in vast security space according to Boneh and Daswani:

1. Identity and access management – This category includes identity as a service, second-factor tokens, identity and access management (IAM), and general access management. IAM allows for self-registration and self-service functionality. In addition, second-factor tokens have gained broader support and can now be used to authenticate multiple devices like phones and laptops.
2. IoT security – 20B IoT devices are projected by 2025, which breaks down to about 2.5 IoT devices per person. Issues stemming from this explosive growth in devices include a lack of security standards. This leads to important questions, such as: How to protect devices so that they are not vulnerable? And, how can secure home networks be set-up?
3. Cloud security – Cloud access security brokers are tools that sit between user and provider; container security (external or internal monitoring); enclave-based cloud security where customer data is encrypted and prevents cloud from accessing cleartext and customer data (“minimize the trust you put n the cloud”).
4. Application strategy – This includes protecting, detecting, and eliminating first-party software vulnerabilities. Security testing code can demonstrate vulnerability; the link between dev testing and vulnerability is getting blurred by speed and agility, therefore a new approach around constant vulnerability which leads to app security through continuous observability in a CI/CD pipeline is needed. New integrated SAST/DAST/SCA includes dynamic analysis; new startups and tools provide continuous observability.
5. Blockchains – Much of the excitement about blockchains is focused on financial apps, like Square and PayPal, which enable customers to directly buy cryptocurrencies (mostly bitcoin) from their app. There is an interest from central banks in deploying digital currencies.
6. Network and Infrastructure Security – This includes firewalls, network detection, and response, deception, intrusion detection, and prevention. New developments in this space include network-based ransomware detection, detection via machine learning analytics, and more time to detect in milliseconds.

Cybersecurity is a space that’s ripe for innovation and startups. With expanding remote workforces and more digital capabilities in enterprise, the bar will need to be consistently raised against attackers. Enterprises should take a comprehensive approach to achieve security by identifying threats and creating a plan that addresses each threat (rather than just picking one toll from each category.