2020 has been tough on every business. Organizations are used to stretching their budgets to fit their security and operational needs, but the pandemic upped the ante by throwing in an immediate shift to remote work that required support. As chaotic as 2020 sometimes felt, 2021 shouldn’t be as disruptive as businesses settle into their next normal. For security teams, this means getting back to basics and effectively managing their people, processes, and technology.
The only thing that appears to be for certain in 2021 is that work from home (WFH) isn’t going anywhere too soon. Google, the proverbial ‘canary in the coal mine’ for workplace trends, recently said that employees wouldn’t be coming back to the office until July 2021. This is a good indicator that most businesses will continue to have employees work remotely until mid-summer at the earliest. This means that businesses must emphasize the protection of their employees even if they are outside of the corporate network and firewall. Organizations should enforce remote security standards, including upgraded router security, to prevent data breaches.
This is particularly important because cybercriminals have ratcheted up people-focused cyberattacks since the pandemic started. We expect both the volume and sophistication of these attacks to increase in 2021. Phishing attacks are both the most prevalent and most effective types of attacks and that is especially true this year as the Verizon Business 2020 Data Breach Investigations Report found that users are three times more likely to click on a phishing link and then enter their credentials than they were pre-COVID. Given that many businesses migrated to new SaaS platforms this year, there are a number of new alerts and blind spots that an organization’s security team may not have prepared employees to handle. User-based attacks take advantage of those miscues and can make businesses pay dearly. It’s important that businesses train their employees on how to securely work on new productivity platforms and instill new processes to prevent cybercriminals from preying on them.
Organizations must resist the urge to allocate funds away from cybersecurity in 2021. Many businesses that are trying to survive are looking to cut operational expenses to stay afloat. Cybersecurity does not fall within that bucket. At worst, security investments can prevent large-scale data breaches that can erode customer confidence, scare away prospects, and subject the company to fines from regulatory bodies. When executed correctly, security can be a sales enablement tool that demonstrates an organization’s commitment to its clients.
Businesses that can’t commit the time, money, and people to executing a sound cybersecurity strategy are increasingly outsourcing those responsibilities to a capable partner. This is especially important for businesses that haven’t fully wrapped their heads around the new challenges and responsibilities of their new SaaS and cloud platforms. These applications offer significant operational benefits – particularly during the pandemic – but make it difficult for organizations to see exactly how they are used and what apps they interact with on the corporate network. A cybersecurity partner can help businesses better understand their IT infrastructure, identify vulnerabilities, and monitor for cyberattacks.
While the rough seas may be behind businesses, now is not the time to rest. It’s important for security leaders to remain diligent about their company’s security posture and adapt to the latest state of the world. Focusing on people, processes, and technology is not only the foundation to a solid cybersecurity strategy, but also absolutely critical at a time where workers have never been further from security teams’ protection. The only constant is change but some truths are eternal. Businesses that are able to maintain their focus during these difficult times position themselves to push through their current difficulties and rebound stronger than before.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.