This perspective by our CEO was compiled for ALI’s strategic services clients in early 2021.
2020 Brought Changes No One Could Have Predicted
Everything that could, went virtual. Cloud applications proved their value. Business continuity became a priority. Cyber security challenges showed malware’s ability to cripple organizations faster than any pandemic. While we are cautiously optimistic about the positive impact vaccinations should have on getting the US economy re-opened in 2021; there are certainly a new set of challenges from the pivots made in 2020.
In 2021 I expect IT-related priorities to be:
- continued reconfiguring IT systems and tools for hybrid working and learning scenarios
- addressing IT security issues driven by the mass move to virtual Working/Learning
- proactively planning, testing and executing Return to Operations strategies
- accelerating migrating IT to the public and private clouds for greater agility, collaboration and business continuity.
HERE TO STAY: DISTANCE WORK & DISTANCE LEARNING
I expect that in 2021, a large number of knowledge workers and students will continue to operate in a hybrid or fully remote model. This is not just based on conversations locally, but also connections with other founders and contacts in the tech investor community.
In an industry-wide survey, Venture Capital firm NfX put together their VC & Founder Predictions for 2021. Their data on remote work moving forward aligns with our expectations:
Clearly, there’s no putting the “remote access” genie back into the bottle. Now that many have adapted to Work from Home, employees and organizations are seeing the benefits of a zero-minute commute. Organizations can now more flexibly retain valuable employees, more easily recruit new staff and reduce health risks for everyone.
We do see many people missing in-person meetings and the collaborative office environment. However, we expect this will return under different conditions. Rather than an office as a location for individual work, the office will likely become more a hybrid environment. Likely employees will start working some days in the office for meetings and other days from their home office.
CYBERSECURITY & THE DISTRIBUTED ORGANIZATION
Ransomware and credential phishing are rampant. Cyber-attacks grew by more than over 700% in 2020 alone. Why? The pivot to Work from Home (WFH) disrupted IT security systems and policies that had not envisioned the impact of WFH en-masse. The problem was amplified by the need to embrace BYOD computers, tablets, consumer-grade home Wi-Fi routers. Personal devices came without the benefit of security protocols, management and adequate data protection. More data than ever before was distributed to personal devices and not secured with centralized, automated backup or archiving that was in place back at the office. As a result, many IT networks became very porous. They became a target-rich environment for malware of all kinds.
However, WFH alone was not solely responsible for the growth. Cyber-criminals have become extremely sophisticated with their attacks. Ransomware and phishing are specifically targeting not only functions but specific employees. If you think you are too small to be a worthwhile target, you are wrong.
We see cyber-security, data protection and archiving as critical focus areas for 2021. We’ve unfortunately had to help too many organizations with breach remediation during the past year. I encourage clients take a more aggressive approach to securing environments and training employees in 2021. All too often we see this responsibility as an “IT issue”. As a CEO, I urge all senior leadership to get a better understanding of these issues this year. They point directly to business continuity – a key responsibility of every organization’s leadership.
Unfortunately, best in class measures will still result in some lost battles with the cyber-criminals as they continue to evolve their methods. Sound RTO (Return to Operation) plans along with Cyber-insurance policy reviews are now a shared “C” level priority. Our experience has shown that cyber insurance policies do not align with a customers’ desire for an expeditious return to operations. A careful review and understanding of your cyber policy is highly recommended.
RETURN TO OPERATIONS PLANS AS A STRATEGIC IMPERATIVE
As organizations were impacted by Ransomware and other IT service interruptions, we saw that many did not have a clearly defined metric and process for RTO, along with a common agreement on which systems took priority.
RTO used to be thought of as needed mostly for natural disasters resulting from fire, floods, storms, riots, traditional theft, embezzlement and so on. In many ways organizations and insurers could effectively analyze and mitigate those kinds of risks. 2020 was a different year. RTO took on a new a very real threat from a global pandemic and a flood of activity from cyber criminals.
Ransomware statistics and trends in 2020
- 51% of businesses were targeted by ransomware.
- There was a 40% surge in global ransomware, reaching 199.7 million hits.
- The average ransomware payment demand was $233,817 in Q3 2020 and nearly doubled in total for the year.
Ransomware and data loss can be far more crippling to an organization than a natural disaster or even a personnel issue. With nearly half of all organizations being attacked, an effective rehearsed and well communicated RTO plan can make all the difference between back in business with minimized impacts or going completely out of business.
More organizations are purchasing cyber insurance coverage, but that too requires some understanding of what that policy will and will not provide. Many don’t realize that relying on an insurance policy or company savings to pay a ransom to quickly return to normal operation is not a good strategy. In an increasing number of cases, insurance policies are not automatically paying on cyber-events until they can prove that professional proactive management was in effect.
A victim in many cases may not even have the option to pay the ransom as the US Treasury does not allow for payments to be made to organizations whose funds are used to support organizations deemed detrimental to the United States. The fact that most of these transactions happen with cryptocurrency only opens your organization up to even more risk. We have heard of cases where the ransom was paid but the files would still not decrypt because the decryption code was broken. After all, once they are paid, there is no incentive to make sure that the decryption keys actually work.
Paying an organization on the US Treasuries OFAC (Office of Foreign Assets Control) list without a special license from the Treasury may result in fines, civil penalties and sanctions. Fortunately, there are many options available to help protect your organization from attacks and RTO efficiently when compromised. However, and increased focus to plan and implement solutions should be a top priority in 2021.
As a CEO, I cannot stress enough that RTO can no longer be relegated as merely an IT issue. IT’s role is to ensure that the objectives are met, but the challenge of orchestrating input and agreement across an organization calls for engagement and support at the highest levels. In 2021, this must be a priority for the entire organization and led from the top. RTO metrics and priorities must be identified, documented, communicated and tested in advance. With such a high likelihood of a breach or interruption, a clear RTO strategy will significantly reduce negative impacts to reputation and bottom line.
CLOUD GOES MAINSTREAM
The cloud was the key technology that enabled so many organizations to carry on during 2020. Video conferencing, Office365, Team collaboration spaces, possibly even your phone system – all cloud-powered. Cloud in its many forms (private, hybrid and public) has proven itself to be not only extremely reliable and secure but cost effective.
In 2021 we expect to accelerate cloud migration wherever possible because of the opportunity to quickly deploy scalable IT resources without the traditional capital investment and management overhead. Our Brush Mountain Data Centers, along with our partnerships with other major cloud providers are prepared for a strong uptick in activity in 2021 as more and more organizations move out of hardware ownership and into monthly managed services delivered via the cloud. Our managed IT services and FLx Suite were built in anticipation of a cloud transformation; we just had no idea that a pandemic would be the tipping point. In 2021 our FLxStore, FLxTalk and FlxCloud offerings are joined by FlxSecure, FLxDR and OneVault to ensure our clients have secure, scalable IT systems.
MOVING FORWARD TOGETHER
My team and I value the trust you place in us to deliver the IT expertise and support you need. We look forward to continuing to support your strategic IT initiatives in the year ahead.
If you’d like to learn more about how ALI’s strategic services can help your organization adapt, please schedule a no-obligation discussion.
1. ZDnet “”Ransomware: Huge rise in attacks this year as cyber criminals hunt bigger pay days”
 The State of Ransomware 2020, Sophos
 Ryuk Ransomware Behind One Third of all Ransomware Attacks in 2020
 Ransomware Demands Continue to Rise as Data Exfiltration Becomes Common and Maze Subdues
 The Year in Ransomware Payouts (2020 Edition), Heimdal Security
 Ransomware Victims That Pay up Could Incur Steep Fines from Uncle Sam
Ransomware Response Strategies