How Can CISOs Re-Analyze and Shift Focus?
2020 was a year of relentless disruptions. The protective layer of secured enterprise networks and controlled IT environments of the physical premises did not exist. Over the past year, CISOs (Chief Information Security Officers) have had to grapple with the challenges of bolstering the security posture, minimizing risks, and ensuring business continuity in the new normal. The rise in volumes and sophistication of cyberattacks in the rather borderless IT situation only compounded the challenges. All this has necessitated a shift in cybersecurity priorities in 2021.
In this article, we have put together the top cybersecurity priorities for 2021 and beyond that will enable businesses to be fully equipped for future disruptions, without compromising on security.
Cybersecurity Priorities for 2021
Strengthen the Cybersecurity Fundamentals
CISOs must focus on security fundamentals, including asset management, password management, cyber hygiene, configuration, vulnerability management, patching, threat detection and prevention, user education, reporting, documentation, and so on. Without a solid foundation, any investment in cybersecurity will not yield the kind of benefits it should.
Organizations must redesign their security defenses in such a manner that it works, with or without the secure, controlled environment of the office premises. The security solution chosen must offer always-on, multi-layered, intelligent protection against existing and emerging threats. The solution must be continuously updated based on global threat intelligence and past attack history. In addition, it must assure zero false positives.
Cybersecurity Must Be a Boardroom Agenda
Cybersecurity is a business concern and needs to be treated as one, instead of being looked at as an IT issue. CISOs need to be aware of the business risks, that’s a given. Similarly, the other leaders and executives need to be aware of the threat landscape, the security risks involved, and the level of investment required to counter them and strengthen the security posture. After all, in the case of a security breach, the CEOs and the boards will have to answer questions on how it occurred.
Further, organizations need to create a culture of cybersecurity that starts with the board and percolates down. When the leaders lead from the front, buy-ins are easier among the employees in adopting and maintaining standards of security in their routine work.
Leverage Intelligent Automation and Other Advanced Technology
The level of sophistication of attacks has increased manifold in the past couple of years. Attackers leveraging advanced technology to infiltrate company networks and gain access to mission-critical assets.
Given this scenario, organizations too need to leverage futuristic technology such as next-gen WAF, intelligent automation, behavior analytics, deep learning, security analytics, and so on to prevent even the most complex and sophisticated attacks. Automation also enables organizations to gain speed and scalability in the broader IT environment with ramped-up attack activity. Security solutions like Indusface’s AppTrana enable all this and more.
Shift to A Zero Trust Architecture
Remote work is here to stay, and the concept of the network perimeter is blurring. For business continuity, organizations have to enable access of mission-critical assets to employees wherever they are. Employees are probably accessing these resources from personal, shared devices and unsecured networks. CISOs need to think strategically and implement borderless security based on a zero-trust architecture.
Zero-trust architecture mandates that organizations always verify and never trust with respect to data, employees, networks, and devices. So, CISOs need to redesign their security controls and identity and access management policies to reflect the current scenario.
To this end, they must have full visibility into connected devices and the rapidly expanding endpoints.
They must have updated intelligence on what data is produced by the connected devices, who is connecting to company networks and from where, what are they accessing, are they authorized to access that and so on.
Focus on Securing Your Cloud Infrastructure
Even though cloud adoption was on the rise, the pandemic led to an almost instant surge in the use of public cloud and cloud-native resources. However, this isn’t a momentary surge; the shift to cloud usage is permanent.
This essentially means that CISO’s need to rethink their security policies to secure the cloud infrastructure. They must deploy new intelligent tools & technology, holistic processes, and comprehensive governance models that provide visibility into the cloud environment and help secure the cloud infrastructure.
Develop Robust Continuity Plans
Organizations typically have security incident response plans and business continuity plans. But neither factored in worldwide impact events such as the Covid-19 pandemic. The cybersecurity priorities for 2021 and beyond require CISOs and business leaders to develop robust continuity and resilience plans for such events.
The Way Forward
The Covid-19 pandemic has furthered the case for creating autonomous teams in a hybrid work environment to ensure increased agility and responsiveness to the relentless changes in the future. The cybersecurity priorities for 2021 and beyond provide an insight into how CISOs can redesign security to be better equipped for the future.