This year has taught us the value of building flexibility into our thinking, our infrastructure and the way we do business. Cybersecurity has always been about being ready for anything, and 2020 has underlined that. So, to help you prepare as much as possible for the future, here are the important lessons you need to take from this year and build into the foundations of your 2021 cyber strategy.
The elasticity of an organisation, allowing it to securely flex across different environments and different technologies - whether employees are in the office, working from home, or remotely - will be paramount. As we’ve seen this year, organisations that had already laid the foundations of a digital infrastructure were ready to respond effectively with digital solutions. Those that hadn’t, scrambled to keep up. Businesses need to avoid basing their policies and controls on how they operate today, or even on how they think they will operate in the future. The pandemic has reinforced the need for businesses to be able to pivot quickly and effectively, in the face of any future uncertainty.
As technologies such as edge computing and the cloud bring increased distribution and decentralisation of data, it’s important that organisations understand where their critical data is and manage it very tightly. From a criminality perspective, the opportunities associated with services distributed around the periphery of a super low latency network are endless - including the potential for launching large scale DDOS attacks. It’s important to make sure that your control mechanisms and security don’t just sit in the core of your network but are distributed around the perimeter as well. Businesses need to understand what’s happening and have the right monitoring and mediation capabilities in play.
Months of working away from the office means that engagement has become the ultimate driver of productivity. One of the biggest threats to an organisation is its own employees - whether accidentally sharing privileged information outside the business, or actively doing something because they are upset, feeling disenfranchised, or under pressure. Employers should keep a close eye on the link between culture and security - an engaged and informed workforce are far more likely to take security requirements seriously.
As cyber criminals realise that large corporations have become more difficult (and expensive) to attack, they turn their attention to the non-digital supply chain. When a business is considering its cyber maturity, controls and visibility, it must also extend this view to the entire ecosystem it works with and relies on to be successful and deliver its services. Remember that third party organisations, customers and partners are ‘part of the family’ too, and that any vulnerability at all within the ecosystem brings a profound risk to your own business.
Think about how your products will work together, rather than focusing in on the specific benefits of individual products. This will give you effective integration and the best control and visibility right across your estate. A global partner will also help you to identify global threats and how they manifest - which is becoming increasingly relevant as attacks become more sophisticated and distributed.
It may not sound glamorous but, however many employees you have, make sure that your computers are patched and that you’ve got good, strong passwords. It can be easy to take all these basic things for granted, but they are the building blocks for any security strategy, and often the point of weakness that presents the ‘low hanging fruit’ that cyber criminals will target.
Educate your staff to help them spot and flag security threats. With many people working at home, this education should also extend to families - particularly at a time of year where we see lots of spear phishing emails claiming to be related to Christmas deliveries. A knowledgeable team really is your best line of defence.
We may not know exactly how 2021 will challenge our cybersecurity, but following these signposts is the best way to prepare for the unexpected. If you’d like to find out more about how we can help you protect your business in the coming year, get in touch with your account manager.