Adaptability. This would prove to be the top requirement for businesses to survive 2020.
By mid-March, virtually every employee around the globe found themselves asking the same questions: How do I access business-critical tools? Or customer data? Or maintain communication both internally and externally? Can I use my own computer? And what about public Wi-Fi?
The stress of the unknown was real. And everyone was feeling it.
But on top of all those challenges, information security was charged with not just navigating and distributing all of this information, but protecting all of it as well. In many cases, this demand involved implementing completely new processes, tools, certifications and requirements — on an extremely limited budget and an underskilled staff — all working from the couch.
So for those of you that navigated these waters and made it through to 2021, congratulations! Reflecting on 2020’s absolutely unprecedented year of challenges, we’ve broken down the four key lessons we learned and how they will drive information security in the year ahead.
TREND #1: CIOs and CISOs shift from a hierarchical relationship to a true partnership.
Historically, we have seen these roles share mutual interests, with a CISO owning implementation and reporting into a CIO, who oversees all facets of security. However, in 2020, with companies moving away from on-prem solutions and adopting third-party and external vendors for security tools, companies’ reliance on security has become a top priority. This shift has been the driving force in elevating the role of the CISO, owning all business, data and IT security and risk management. This includes, but is not limited to, vendor relationships, due diligence, business delivery and communicating security risks with the executive board.
TREND #2: Zero trust is no longer a buzzword — it’s today’s operational reality.
As organizations moved all operations from in-office to on-couch in just a matter of days, this required many businesses to rapidly shift from on-prem to cloud security tools — and in turn, realign security prioritization from being data-focused to role-based. Differently than the traditional “trust but verify” approach to network security, the Zero Trust model requires all users, even those inside an organization’s enterprise network, to be authenticated, authorized and continuously validated before being granted or keeping access to applications and data. In practice, this means one-time validation won’t suffice, hence the need for advanced technologies and security measures, such as multi-factor authentication.
TREND #3: The role of communicating security risk to your board of directors has never been more important — or nuanced.
Boards, ultimately, have one goal: making money for your company. And in many cases, it’s hard for boards to draw the connection between implementing extraneous, expensive security measures and profitability. In a year in which so many shifts in security had to take place alongside frozen budgets, the case to be made for increased investment wasn’t easy but, also, never more important. The key for CISOs in 2021 will be to communicate on the grounds of financial viability, in the context of risk over profitability. After all, a company at risk of a breach, even when all the “security boxes have been checked,” is not only putting profitability at risk — but it’s survival altogether.
TREND #4: The infosec labor force is underskilled yet over-available.
Simply put: the job description for infosec has changed, but the pool of candidates has not. Last spring the infosec field got absolutely gutted, while simultaneously leaving gaping holes on virtually every IT team. As on-prem servers collect dust, so do their corresponding highly intelligent network engineers in an ever-growing community of unemployed talent. This means that as shiny new cloud-based tools get licensed, no one is there to implement and manage them. And with droves of organizations shifting to a permanent, remote-first model, on-prem experienced infosec talent will need to study up quick if they want to resuscitate their careers in 2021. The good news? IT teams globally have a severe shortage for cloud-experienced talent. Meaning jobs are available, if you’re willing to put in the work to make a shift in expertise.
To learn more about these top trends and how you can better prepare your infosec programs for the year head, watch our recent webinar Key Takeaways from 2020 for More Effective Information Security in 2021.