In 2020, organizations fast-tracked digital transformation initiatives and cloud migrations to provide remote capabilities to employees, customers, and overall processes hampered by the pandemic. It’s safe to say many of these prioritized decisions were put forth by organizations that didn’t perform a proper threat analysis or weren’t aware of the potential risks they were introducing to their company. As a New Year’s resolution, it’s imperative for all 2020 digital transformation initiatives to be revisited and course corrected. This includes double-checking any rushed decisions by performing proper risk assessments, reassessing interconnected cloud applications, reexamining access controls to third party applications, and tightening up outstanding misconfigurations and patches.
All Chief Information Security Officers and cybersecurity leaders should perform a full risk assessment before introducing any new processes or changes to existing processes. Still, with the urgency of speedy digital initiatives caused by the pandemic, it’s understandable that time was not of the essence. In 2021, organizations should take a step back and revisit changes with a proper risk assessment. This assessment should identify all critical changed systems that access sensitive data, recognize any potential threats created by the change, and determine the inherent risk and overall impact. Once the risk assessment is performed, security teams should partner with IT and other stakeholders to inspect the environment and put the proper threat prevention, detection and mitigation solutions in place.