June 29, 2020 By Paul Gillin 3 min read

The events of early 2020 have prompted organizations to shift priorities across the board, and security processes are no exception. While the current working environment has presented numerous short-term challenges, it has also caused security leaders to take a fresh look at what really matters to their businesses. The cybersecurity trends that emerge could ultimately make organizations more resilient in the long term.

Numerous studies have documented the increased speed at which digital transformation initiatives have been fast-tracked as organizations scramble to apply automation to support large numbers of remote workers and skyrocketing e-commerce traffic. AppDynamics found that three-quarters of IT professionals say digital transformation projects that previously would have taken a year to gain approval are now being signed off in weeks.

With digital infrastructure more critical than ever to the operations of many businesses, executives are more attentive than ever on securing them. A recent Adobe survey found that 70 percent of enterprise chief information officers (CIOs) anticipate investing more in cybersecurity in the immediate future. This has implications across people, processes and technology.

Cybersecurity Professionals in High Demand

Given that skilled cybersecurity professionals continue to be in desperately short supply while businesses plan to ramp up investments even more, we can expect that demand for skills will remain high.

Adobe reported that 40 percent of CIOs expect to increase headcount in their cybersecurity organizations compared to their original plans. More people will be required to staff help desks and to attend to security processes such as supporting devices outside the office. Attention will also turn to shoring up web servers, securing remote access ports and troubleshooting endpoint devices.

With travel limited for many security professionals, much of the increase in demand for field support may be met by contractors and independents working in the rapidly growing “gig economy,” which by some estimates now comprises 60 million people in the U.S. workforce.

Cloud providers have seen a surge of new business as organizations have sought to quickly employ software-as-a-service (SaaS) applications to cope with rising e-commerce demands and the need to support employee collaboration and communication. More people will be required to ensure that those services are available and properly configured, and that access is controlled and monitored.

Misconfiguration continues to be the No. 1 cause of security vulnerabilities in cloud services, yet 90 percent of organizations allow privileged users to make configuration changes directly to cloud infrastructure after deployment, according to Accurics. Expect those controls to be tightened.

Rapidly Shifting Security Processes

The shift of large numbers of people to remote work environments will likely drive a corresponding need for processes that support and secure endpoints, which IDC has estimated are the origination point of 70 percent of successful breaches. In particular, home-based workers will need to be educated on the risks of attacks like ransomware, which has surged in recent months. The risk of successful ransomware attacks has grown because of the higher likelihood of users clicking on phishing emails related to the current crisis and financial relief programs, according to KPMG.

Cybersecurity trends also point to a tighter focus on business resilience and data protection. Two years ago, Forrester Research and the Disaster Recovery Journal reported that more than half of businesses never tested their business continuity preparedness plans. Expect that number to fall significantly in the future. Heightened awareness of resilience issues will drive increased investments in security processes like backups, data protection and supply chain security.

Zero Trust security, which assumes that no user or device can be trusted, has increasingly drawn attention from cybersecurity leaders who are frustrated by the weaknesses of perimeter defenses. Expect more Zero Trust projects to get the green light going forward, prompting organizations to micro-segment their networks and invest in multifactor authentication (MFA).

New Technologies to Defend the Business

Zero Trust projects will also drive investment in several technologies. Software-defined networking services, particularly in the cloud, make it relatively easy to dynamically segment networks based on access policies, which is a key requirement of Zero Trust. The use of federated identity management systems, which consolidate on-premises and cloud access controls, was already growing rapidly and is likely to accelerate with the use of cloud applications by remote workers.

The same goes for unified endpoint management (UEM), a technology that enables IT organizations to manage the proliferation of desktop and mobile devices, including applying patches and security updates. Finally, expect increased investment in security information and event management (SIEM) as organizations look beyond perimeter security to applying artificial intelligence (AI) techniques to spot and isolate intruders.

None of the cybersecurity trends, technologies and processes mentioned above are new, but all could get more attention and investment due to recent events. Crises often give way to big leaps ahead in process efficiency and technology innovation. That will be one of the silver linings of 2020.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today