June 29, 2020 By Paul Gillin 3 min read

The events of early 2020 have prompted organizations to shift priorities across the board, and security processes are no exception. While the current working environment has presented numerous short-term challenges, it has also caused security leaders to take a fresh look at what really matters to their businesses. The cybersecurity trends that emerge could ultimately make organizations more resilient in the long term.

Numerous studies have documented the increased speed at which digital transformation initiatives have been fast-tracked as organizations scramble to apply automation to support large numbers of remote workers and skyrocketing e-commerce traffic. AppDynamics found that three-quarters of IT professionals say digital transformation projects that previously would have taken a year to gain approval are now being signed off in weeks.

With digital infrastructure more critical than ever to the operations of many businesses, executives are more attentive than ever on securing them. A recent Adobe survey found that 70 percent of enterprise chief information officers (CIOs) anticipate investing more in cybersecurity in the immediate future. This has implications across people, processes and technology.

Cybersecurity Professionals in High Demand

Given that skilled cybersecurity professionals continue to be in desperately short supply while businesses plan to ramp up investments even more, we can expect that demand for skills will remain high.

Adobe reported that 40 percent of CIOs expect to increase headcount in their cybersecurity organizations compared to their original plans. More people will be required to staff help desks and to attend to security processes such as supporting devices outside the office. Attention will also turn to shoring up web servers, securing remote access ports and troubleshooting endpoint devices.

With travel limited for many security professionals, much of the increase in demand for field support may be met by contractors and independents working in the rapidly growing “gig economy,” which by some estimates now comprises 60 million people in the U.S. workforce.

Cloud providers have seen a surge of new business as organizations have sought to quickly employ software-as-a-service (SaaS) applications to cope with rising e-commerce demands and the need to support employee collaboration and communication. More people will be required to ensure that those services are available and properly configured, and that access is controlled and monitored.

Misconfiguration continues to be the No. 1 cause of security vulnerabilities in cloud services, yet 90 percent of organizations allow privileged users to make configuration changes directly to cloud infrastructure after deployment, according to Accurics. Expect those controls to be tightened.

Rapidly Shifting Security Processes

The shift of large numbers of people to remote work environments will likely drive a corresponding need for processes that support and secure endpoints, which IDC has estimated are the origination point of 70 percent of successful breaches. In particular, home-based workers will need to be educated on the risks of attacks like ransomware, which has surged in recent months. The risk of successful ransomware attacks has grown because of the higher likelihood of users clicking on phishing emails related to the current crisis and financial relief programs, according to KPMG.

Cybersecurity trends also point to a tighter focus on business resilience and data protection. Two years ago, Forrester Research and the Disaster Recovery Journal reported that more than half of businesses never tested their business continuity preparedness plans. Expect that number to fall significantly in the future. Heightened awareness of resilience issues will drive increased investments in security processes like backups, data protection and supply chain security.

Zero Trust security, which assumes that no user or device can be trusted, has increasingly drawn attention from cybersecurity leaders who are frustrated by the weaknesses of perimeter defenses. Expect more Zero Trust projects to get the green light going forward, prompting organizations to micro-segment their networks and invest in multifactor authentication (MFA).

New Technologies to Defend the Business

Zero Trust projects will also drive investment in several technologies. Software-defined networking services, particularly in the cloud, make it relatively easy to dynamically segment networks based on access policies, which is a key requirement of Zero Trust. The use of federated identity management systems, which consolidate on-premises and cloud access controls, was already growing rapidly and is likely to accelerate with the use of cloud applications by remote workers.

The same goes for unified endpoint management (UEM), a technology that enables IT organizations to manage the proliferation of desktop and mobile devices, including applying patches and security updates. Finally, expect increased investment in security information and event management (SIEM) as organizations look beyond perimeter security to applying artificial intelligence (AI) techniques to spot and isolate intruders.

None of the cybersecurity trends, technologies and processes mentioned above are new, but all could get more attention and investment due to recent events. Crises often give way to big leaps ahead in process efficiency and technology innovation. That will be one of the silver linings of 2020.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today