The new cybersecurity priorities of 2020

Business couldn’t stop for the pandemic — even when security was in question.

Taking the time to strategize deployments, and forecast project outcomes is a hallmark of good cybersecurity. As companies hastily adopted tools to facilitate remote work, security, the IT component that often delays projectsto ensure protection, had to keep pace.

But a scattered workforce and fragmented work hours will contribute to more mistakes. Insider threats, malicious or accidental, cause more than one-quarter of data breaches. However, only 17% of businesses are considered “leaders” in cyber resilience, according to Accenture. Leaders outperform their counterparts, or “average performers,” in how they “scale, train and collaborate.”

January 2020

Last year was a record year for ransomware attacks and preparation for privacy regulations in the U.S. The convergence of the two could be lethal for companies. This year was set to focus on following data: how it’s stored, how it travels, and how secure it is.

“The chance of misdirecting an email or sending the wrong data to the wrong person is probably as big a problem if not a bigger problem when people are sitting at home,” Neil Larkins, CTO and co-founder of Egress, told CIO Dive.

Identity management and privacy were fused together to better safeguard personal information. However, legacy systems slow the adoption of identity solution deployment and prohibit building API-based systems compatible with app integration.

This year, industry expected privacy and security solutions to collide as the California Consumer Privacy Act took effect. It was an opportunity for traditional security tools to moonlight as privacy safeguards, if not an opportunity for the privacy market to expand on its own.

Business decisions under COVID-19

With remote work — and data — scrambled across employee households and the CCPA’s enforcement date nearing, companies have a lot to lose.

“It’s a question of what responsibility we each need to take about privacy and what responsibility belongs to the vendors of applications we use,” said Hensarling.

Companies are currently focused on information security management, particularly ISO standards and compliance set by the security operations center.

“Most of that certification is about, who does what and what policies you have,” and whether or not protocols have been followed, said Hensarling. “Protocols about behavior still are maybe the most important thing.”

Companies with a workforce that was mostly in-office were caught off guard by the overnight move to remote work because they lacked VPN capabilities on laptops. Only a handful of employees, who were already remote, were likely to have a VPN.

Traditional processes and procedures, such as physically sending documents, were obliterated by remote work. Egress had several customers in the financial industry reach out just for that reason: how to move away from physical document sharing. The same concern was true for moving large amounts of data.

“Particularly for my role as a CTO, everything I’m thinking about is how can I assist humans to make better decisions and to avoid making mistakes?” said Larkins.