The events of early 2020 have prompted organizations to shift priorities across the board, and security processes are no exception. While the current working environment has presented numerous short-term challenges, it has also caused security leaders to take a fresh look at what really matters to their businesses. The cybersecurity trends that emerge could ultimately make organizations more resilient in the long term.
Numerous studies have documented the increased speed at which digital transformation initiatives have been fast-tracked as organizations scramble to apply automation to support large numbers of remote workers and skyrocketing e-commerce traffic. AppDynamics found that three-quarters of IT professionals say digital transformation projects that previously would have taken a year to gain approval are now being signed off in weeks.
With digital infrastructure more critical than ever to the operations of many businesses, executives are more attentive than ever on securing them. A recent Adobe survey found that 70 percent of enterprise chief information officers (CIOs) anticipate investing more in cybersecurity in the immediate future. This has implications across people, processes and technology.
Cybersecurity Professionals in High Demand
Given that skilled cybersecurity professionals continue to be in desperately short supply while businesses plan to ramp up investments even more, we can expect that demand for skills will remain high.
Adobe reported that 40 percent of CIOs expect to increase headcount in their cybersecurity organizations compared to their original plans. More people will be required to staff help desks and to attend to security processes such as supporting devices outside the office. Attention will also turn to shoring up web servers, securing remote access ports and troubleshooting endpoint devices.
With travel limited for many security professionals, much of the increase in demand for field support may be met by contractors and independents working in the rapidly growing “gig economy,” which by some estimates now comprises 60 million people in the U.S. workforce.
Cloud providers have seen a surge of new business as organizations have sought to quickly employ software-as-a-service (SaaS) applications to cope with rising e-commerce demands and the need to support employee collaboration and communication. More people will be required to ensure that those services are available and properly configured, and that access is controlled and monitored.
Misconfiguration continues to be the No. 1 cause of security vulnerabilities in cloud services, yet 90 percent of organizations allow privileged users to make configuration changes directly to cloud infrastructure after deployment, according to Accurics. Expect those controls to be tightened.
Rapidly Shifting Security Processes
The shift of large numbers of people to remote work environments will likely drive a corresponding need for processes that support and secure endpoints, which IDC has estimated are the origination point of 70 percent of successful breaches. In particular, home-based workers will need to be educated on the risks of attacks like ransomware, which has surged in recent months. The risk of successful ransomware attacks has grown because of the higher likelihood of users clicking on phishing emails related to the current crisis and financial relief programs, according to KPMG.
Cybersecurity trends also point to a tighter focus on business resilience and data protection. Two years ago, Forrester Research and the Disaster Recovery Journal reported that more than half of businesses never tested their business continuity preparedness plans. Expect that number to fall significantly in the future. Heightened awareness of resilience issues will drive increased investments in security processes like backups, data protection and supply chain security.
Zero Trust security, which assumes that no user or device can be trusted, has increasingly drawn attention from cybersecurity leaders who are frustrated by the weaknesses of perimeter defenses. Expect more Zero Trust projects to get the green light going forward, prompting organizations to micro-segment their networks and invest in multifactor authentication (MFA).
New Technologies to Defend the Business
Zero Trust projects will also drive investment in several technologies. Software-defined networking services, particularly in the cloud, make it relatively easy to dynamically segment networks based on access policies, which is a key requirement of Zero Trust. The use of federated identity management systems, which consolidate on-premises and cloud access controls, was already growing rapidly and is likely to accelerate with the use of cloud applications by remote workers.
The same goes for unified endpoint management (UEM), a technology that enables IT organizations to manage the proliferation of desktop and mobile devices, including applying patches and security updates. Finally, expect increased investment in security information and event management (SIEM) as organizations look beyond perimeter security to applying artificial intelligence (AI) techniques to spot and isolate intruders.
None of the cybersecurity trends, technologies and processes mentioned above are new, but all could get more attention and investment due to recent events. Crises often give way to big leaps ahead in process efficiency and technology innovation. That will be one of the silver linings of 2020.
Partner, Gillin + Laberis