If we do not learn from 2020’s cybersecurity fiascoes, 2021 may hold greater surprises for CISOs.
As we begin our long journey on the road of vaccine intervention this year and beyond, what will the new hope mean for businesses globally and in our lives?
The changes brought about by the pandemic have made a deep and lasting impact across all industry sectors: from manufacturing to retail and hospitality, from healthcare to education. We will not be able to turn the clock back to how things were anytime soon.
To find out the sentiments of IT security professionals, Check Point polled some 600 of them to get a feel for what organizations’ main security challenges and priorities were for the next two years, and the changes to their security strategies forced by the pandemic last year.
For the majority of organizations, they do not expect their current security issues and priorities to change much, if at all, over the next two years. In addition, for many of the respondents, the rapid changes made to networks and security infrastructures in response to the pandemic are likely to be permanent.
Some key findings from the small global survey indicate these sentiments:
- Organizations have faced more attacks since the start of the pandemic: Over half (58%) of respondents said their organizations experienced an increase of attacks and threats since the start of the COVID-19 outbreak; 39% said that attack volumes have remained the same; just 3% said the figure had fallen.
- Unplanned reinvention of business model was the key shift in 2020: Some 95%of respondents said their strategies had changed in the second half of the year, the biggest being enabling remote working at scale (cited by 67%). This was followed by security education for employees (39%); improving network security and threat prevention (37%); expanded endpoint and mobile security (37%) and rapid adoption of cloud technologies (31%). Only 27% said they had accelerated existing security projects during 2020, showing that for the majority, their pandemic response involved an unplanned re-invention of their business model.
- Remote-working security a key 2021 challenge: Security for employees working remotely was the leading challenge, cited by 47% of respondents, followed by protecting against phishing and social engineering attacks (42%), maintaining secure remote access (41%), and protecting cloud applications and infrastructure (39%).
- IoT and email security still not a critical priority for the next two years: The leading priorities through to 2023 were securing remote-working (cited by 61%), endpoint and mobile security (59%), and securing public or multiple clouds (52%). These were clearly ahead of issues such as IoT security (30%) and email security (24%).
- No going back to the old ways: About half of all respondents believed that their security approach will not return to pre-pandemic norms soon. Some 29% said that they expected a return to pre-pandemic operations at some point in the future, and just 20% believed their situation had returned to what it was.
To block the growing volumes of cyberattacks and threats, organizations need to prioritize closing off any security gaps across their new distributed networks, from employees’ home PCs and employees themselves right through to the data center.
Let me end off by offering some tips to help organizations evolve their security strategies to ensure they can continue to operate as efficiently and as safely as possible in 2021:
- Prevent, not cure: Protective vaccination is better than treatment, and in cybersecurity, real-time prevention is the key to protecting networks, employees and data against attacks and threats.
- Secure your everything: Every part of your network matters. Organizations must revisit and check the security level and relevance of their network’s infrastructure, devices, processes, compliance of connected mobile and PC devices, IoT and more. Increased reliance on the Cloud demands an increased level of security, especially in technologies that secure workloads, containers, and serverless applications on multi- and hybrid- cloud environments.
- Consolidate control and increase visibility: With so many changes made to organizations’ infrastructures, it is essential to ask these key questions: are we getting the security we really need? Are we protecting the right things? Did we miss a blind spot? The highest level of network visibility increases security effectiveness.
Unified network management and improved risk visibility of your entire security architecture can be achieved by reducing the number of point product solutions and vendors.