2020 was surely a year to remember that most of us will want to forget. The first rule of 2021 is to never talk about 2020!
However, as we recover from the worst pandemic in a century, we need to look back on the past year and learn from the cybersecurity mistakes we may have made, and examine some predictions for the future.
The pandemic has turned BYOD on its head. Workers are now bringing work devices to their homes instead of bringing home devices to the office.
For organizations that had BYOD under control in the past few years, this shift is a growing concern as staff carry out even the simplest work tasks at home with an increased risk of data leakage. As businesses rushed to support the massive increase in employees taking their devices home, no doubt many were exposed to cybersecurity gaps, challenges, and misconfigurations.
Company devices that had never moved beyond the organization’s walls - kept safely behind firewalls, IDS, DMZs, and set up with security solutions that kept cybercriminals from attacking them – are now outside those protected networks. These remote devices are potentially vulnerable to cyber-attacks if existing on-site security solutions are no longer fully effective.
More than ever before, it is now imperative that secure remote working starts with protecting the user endpoint. Strong cybersecurity awareness training is essential to prepare an employee to be the first line of defense. Privileged access security is critical to protect access to data, applications, and systems - and active endpoint security should control what activities can be executed on the device.
In 2020, we saw a rise in phishing attacks exploiting COVID-19 concerns through malicious domains, social profiles, and campaigns. We know phishing is here to stay, especially with the home workspace starting to blur the lines between work and personal life.
The widespread shift to remote working resulted in undetected security vulnerabilities, making it a matter of “when” not “if” a cyber breach will occur. As the pandemic forced organizations to quickly revamp their IT operations and establish a remote working environment, the door was open to new security threats.
It’s important to remember that ransomware is not just a security incident where information is hacked; it’s a data breach by organized cybercrime groups stealing the data before they encrypt it. This means that companies not only have to worry about getting their data back, they also worry about it being shared publicly with the associated impact to brand reputation, customer trust, and regulatory fines.
During the COVID-19 crisis, investment in technologies supporting remote working and cloud solutions dramatically increased. This will continue to accelerate as we move towards more complex, data-intensive workloads. Cloud is no longer a cutting-edge experiment; it's now a business requirement, fueling better economics and more innovation at a greater speed.
Enterprises are looking for cloud-enabled capabilities including data analytics, artificial intelligence, and more resilient data solutions - all to help cut costs and generate revenues from new services. At Tectrade, we are seeing more and more organizations prioritizing cloud spend as the largest share of their IT investment over the next two years.
In 2021, companies need to take stock of security awareness and provide the knowledge needed by their employees to recognize and fend off cyber and phishing threats.
Our Cyber Security Consultants are experts in developing security and risk strategies using our portfolio of Advisory, Professional, and Managed Security Services.
We can help you run custom phishing campaigns to ensure security is front of mind while employees remain outside the office - or implement agent-based scanning to help you detect and monitor disconnected endpoints and shadow IT to reduce potential vulnerability.
To find out how Tectrade’s Security Services can help reduce your risk exposure to zero-day threats and enable your users to become a better first line of defense, contact us
Blog by Leyton Jefferies, Head of Cyber Security Services & Solutions at CSI Group