Cybersecurity Lessons From 2020: C-Suite Weighs In on Both Good & Bad
Toolbox asked CEOs and CISOs to take some time to look back on 2020, share their biggest learnings, and how to address the challenges heading into 2021.
One of the biggest cybersecurity lessons from the COVID-19 pandemic is clearly how one should – and should not – manage cybersecurity. True, cyberattacks and malware have been ramping up for the past decade. Even before the pandemic gripped the world – data and enterprise networks have been under attack. No matter how strong the defenses, external intrusions still led to massive data breaches.
But the pandemic created multiple security vulnerabilities, ranging from the technical to cultural. For instance, phishing attacks (the oldest cybersecurity trick) have gone through the roof. Phishing incidents rose 220% during the height of the global pandemic compared to the yearly average as workforces across the world embraced remote work. In light of the phishing scams, companies ramped up security awareness programs for employees to spot these scams and avoid security breaches.
Also, as the cloud expanded its reach, so did the exposure to attacks. Though organizations leaned on managed cloud services for infrastructure, they also dealt with growing security threats to data in the cloud. Toolbox asked CEOs and CISOs to take some time to look back on 2020, share their biggest learnings, and how to address the challenges heading into 2021.
1. Recognize the Cyber Enemy & Address it Head-On
Jay Prassl, CEO and Founder of Automox
When we shifted to remote work, companies needed to quickly deploy new approaches to support this overnight digital transformation. Additionally, employees who began working from home full-time using unreliable, insecure at-home WiFi networks and slow VPN connections were likely not getting the protection they needed, especially for collaboration apps they increasingly rely on. Because of the less than ideal patching protocols exacerbated by the shift to remote work, we saw an expected growth in breaches from misconfigurations, missing patches, and poor cyber hygiene. Sadly, attackers are even exploiting vulnerable industries such as healthcare through these gaps.
In 2021, attackers will likely continue targeting things like VPNs and collaboration applications that now have a spotlight on them from a security perspective. We’ll see even larger numbers of malware and attacks focused heavily on remote workforces. Companies need to recognize their vulnerabilities and address them head on. The best practice for staying ahead of attackers will be utilizing cloud-native tools for managing and securing their remote endpoints any time, anywhere.
2. Post-Breach Remediation: The New Cybersecurity Buzzword
Ralph Nickl, CEO, Canopy Software
If there’s one thing 2020 has taught us, it’s when not if an organization will fall victim to a cyber attack. The shift to remote work environments has significantly expanded the attack surface and cybercriminals are taking full advantage. Because of this, a shift in mentality is required in how organizations mitigate risk and preserve brand reputation.
Not getting hit in the first place will always be best practice but cleaning up the mess is now just as important as preventing it. This reality has been compounded by an enhanced focus on consumer privacy rights and the continued proliferation of global data privacy laws. Data breach fatigue is real, but no one is tired of corporate responsibility. Moving forward, CISOs and SOC teams must place greater priority on strategies and tools that allow them to meet post-breach requirements under both the law and consumer expectations in order to succeed in the new normal.
3. Security Budgets: How CISOs Can Prioritize
Chris Kennedy, CISO of AttackIQ
The pandemic has forced many businesses to very rapidly evolve to enable remote work and invoke minimal human interaction to maintain productivity. This meant unchaining legacy processes and applications that required in office work, a relaxing of company policies and intended culture that thrives on face to face interaction, investments in remote enabling technology, and some likely relaxing of security at the expense of trading off a material risk to the business. Though offices will reopen one day, these investments are made, and remote work is now a core business enabler. I expect more strides in more remote enablement in the future from a CISO perspective.
The economic climate has also caused many industries to suffer financially. Security programs have historically grown year over year, for example — Fortune 500 organizations spend an average of $18.4 million annually on cybersecurity, and a report from 2019 found that 58% of companies would be increasing their IT security budget by an average of 14% in the next year.
The economic outcome from 2020 will likely be some organizational retraction, and security leaders should have a plan. It takes money to save money, and making an investment in a productivity optimization program will more than pay for itself, well executed. Start with an inventory of controls and execute a comprehensive evaluation of their effectiveness. This is much easier to do today with the ATT&CK framework and automated breach and attack simulation technologies. Use that assessment, and the context from the “what changed” analysis to drive tool and process rationalization, replacement, consolidation, and future investment strategy.
4. Need for Validating Cybersecurity Effectiveness
Russ Kirby CISO at ForgeRock
2020 has highlighted the following key learnings:
The importance of business continuity planning
Organizations often test for business continuity and the concept of losing an office or losing internet connectivity to a site, but organizations haven’t really been tested on the concept of losing all of their offices without an alternative space to use. At ForgeRock, we have essentially been operating in our business continuity mode for the last nine months. We were fortunate as an organization to be able to scale remote work quickly and securely, as we have an identity-driven, zero trust model for our entire corporate infrastructure. This means our employees were able to securely connect to the work systems from anywhere to start, which is an advantage to having a distributed workforce as a standard with many locations and many roles.
Traditional corporate infrastructure models are no longer effective
Having all IT in an office with a closed network, which a lot of companies still run on, is ineffective in the types of remote work scenarios that we’re living in right now. This is where Zero Trust CARTA and SASE models have given organizations an advantage, with the management of identity being a core concept for the successful implementation of these models, during COVID-19, we saw a lot of companies pivot to a zero-trust approach very quickly.
The need for proper risk and threat modeling
Another takeaway from the last 12 months is the importance of keeping track of current affairs around the world and projecting what could happen in the near future. At ForgeRock, we were planning for our offices to be closed globally in response to COVID-19 lockdowns about two to three months before the first set of restrictions were announced. We identified the risks as the pandemic evolved, and we strategized, not just based on what was happening at the moment but also looking at what could happen in our risk models in the next six months to a year. We make sure to strategize for the worst-case scenario which, unfortunately, became reality when the pandemic spread.
5. Making a Case for Layered Security Approach
Ashish Gupta, CEO, Bugcrowd
The COVID-19 pandemic sent businesses across industries into a period of intense digital transformation. To meet the challenges of a distributed workforce and to stay ahead of evolving threats, CISOs are adopting crowdsourced cybersecurity as an integral component of their security posture. The combination of intelligent cybersecurity platforms that address multiple use cases, and highly skilled researchers, help keep employees and customers secure.
As organizations further integrate cloud, mobile devices, and web services into their infrastructure following the pandemic, the attack surface may be at a heightened risk for security issues. The CISOs of 2021 will have to embrace a layered “strength in numbers” approach to evolve and innovate faster than their adversaries. This is possible today as crowdsourcing has changed the gravitational coefficient of providing access to skilled security professionals via a platform that gives access to the right talent for the customer use case.
Learn More: Top 7 Cybersecurity Trends CISOs Must Watch Closely in 2021
6. Basic Cybersecurity Practices Can Hacker-Proof the Business
Liron Barak, CEO and Co-Founder of BitDam
2020 was a tough year in all aspects. The good news about tough times is that those who survive, typically improve.
In terms of cybersecurity, there are three main takeaways from the past year: remote work CAN be secure, protection from phishing attacks is crucial, and small and medium businesses are valid targets so they need to secure themselves just like larger organizations.
Back in March, when we saw the huge uptick in the usage of Zoom, Teams, OneDrive and other collaboration platforms, it was clear that there would be bad actors who would exploit them. This indeed happened but the CISOs that were quick to protect these platforms kept their businesses safe.
Phishing can be devastating. And unfortunately, education by itself isn’t enough. With a huge rise in phishing attacks and a growing number of successful ones affecting businesses of all sizes, there is no doubt that CISOs need to take this threat seriously and adopt anti-phishing technologies quickly.
In the past, SMEs were considered safe, just because attackers didn’t see them as targets. This isn’t true anymore and we see that security/IT managers, and even business owners, actively search for solutions to protect their business.
Learn More: Cybersecurity Awareness Month: 6 Tech Leaders on How to Up the Ante on Security
7. Putting Faith in SIEM
James Carder, CSO of LogRhythm
COVID-19 caused a rapid shift from organizations operating predominantly on-premise, from corporate-owned sites to an entire workforce being pushed almost completely remote. This dramatic shift in the operations of the business forced information technology and security organizations, and the infrastructure they manage, to quickly adapt to ensure the business could operate effectively and with minimal impact. This accelerated digital transformation initiatives and caused a spike in cloud-based infrastructure and SaaS-based services which then caused security organizations to rapidly adapt and compensate for that shift.
The visibility and protections that they once had, were likely no longer and would need to be re-established quickly. It then became a race as cyber attackers were quickly adopting attack techniques to take advantage of the rapid shift and lower visibility and protections into the workforce; which makes it extremely hard to detect and respond to attacks if you can’t see them. To adapt, CISOs and security leaders have implemented SIEM solutions, built interconnectivity with all the cloud-based infrastructure and SaaS services, ensured endpoint protection, visibility, and trust was re-established and added additional controls specifically around collaboration technologies, remote access, authentication, and general security services.
Let us know if you liked this article on LinkedIn, Twitter, or Facebook. We would love to hear from you!
