Has the pandemic fast-tracked the evolution of cybersecurity?
- MFA and Zero Trust are emerging as two key trends from the security response to the pandemic, says Microsoft
As enterprise technology has advanced, so too have cyberthreats. Digital transformation – be it migrating workloads to the cloud or embracing Internet of Things (IoT) – adds new complexity and new vulnerabilities.
2020 has thrown a lot at businesses. The sudden shift to remote work, combined with a spike in cyberattacks capitalizing on the chaos saw spend on cybersecurity remain higher while elsewhere IT spend fell away.
According to Microsoft, the importance of cybersecurity in facilitating productive remote work catalyzed two years’ worth of digital transformation.
And while much of this renewed focus on cybersecurity has been to fortify a distributed-endpoint workforce against a rise of threats, it has also been about ensuring confidence in and delivery of business operations day-by-day, minute-by-minute.
“In this era of ubiquitous computing, security solutions don’t just sniff out threats, they serve as control planes for improving productivity and collaboration by giving end-users easier access to more corporate resources,” the firm said.
In a recent study, Microsoft surveyed nearly 800 business leaders of companies of more than 500 employees across India, Germany, UK and the US. It asked them about how they expect the pandemic could reshape approaches to cybersecurity in the longer term.
For the majority, ensuring a proliferation of devices are protected has been the main concern and challenge – ensuring secure remote access to resources, apps and data. With a rise in targeted phishing scams (90% of businesses claimed to have been targeted), the shortfalls of the relied-upon trust model – built on company-managed devices, physical access to building and limited remote access to select line-of-business apps – have been exposed in a new paradigm.
The rise of MFA
The vulnerabilities this creates have been most apparent in the context of basic username and password authentication. As a result, the top security investment during the pandemic has been in multi-factor authentication (MFA).
When billions of people became a remote workforce overnight, companies were reminded that, fundamentally, effective security should be about improving productivity and end-user experiences.
Improving end-user experience and productivity while working remotely is the top priority of security business leaders (41%), with the need to “extend security to more apps for remote work” identified as the most positively received action by users.
For many businesses, MFA is the solution to the problem, enabling secure remote access to resources, apps and data.
The age of Zero Trust
With employees spending most of their days within a web browser, Microsoft said the concept of Zero Trust shifted from an option to a business priority in the early days of the pandemic. It will soon become the industry standard.
More than half of leaders are speeding up the deployment of Zero Trust capabilities – 94% say they’re in the process of deploying Zero Trust to some extent. By not trusting any website, email, or web application it becomes much easier to isolate systems so that the malware cannot infect the user, the device and the network.
The implications of the pandemic saw spend hike significantly on security (58%) and compliance (65%), but that uptick hasn’t come willingly, with 81% feeling pressure to lower overall security costs. To rein in expenses in the short-term, leaders say they are working to improve integrated threat protection to reduce the risk of costly breaches and acquire security solutions with self-help options for users to drive efficiency.
YOU MIGHT LIKE
Cybersecurity needs more cash and more people
Business leaders claimed a need to invest further in cloud security, while spend on information security and anti-phishing tools were also top priority.
Faced by a continued deficit of skilled cybersecurity professionals, meanwhile, human expertise is also in huge demand, among 80%, despite an ongoing deficit of security professionals.
A study by (ISC)2 found that 65% of organizations report a shortage of cybersecurity staff, while a lack of experienced or qualified professionals is a worry for more than a third.
However, with career progression halted for many and concerns over furloughing and unemployment prevalent, many will be reassessing their current position, or looking to upskills and diversify their skillset. At the same time, the demands of working from home has forced people to become more digitally-literate and ‘cyber aware’.
This combination of situational factors could provide a “golden opportunity” for the cybersecurity industry – traditionally with a reputation for being “pale, male and stale” – to recruit outside of its usual narrow bracket, Amanda Finch, CEO of the not-for-profit Chartered Institute of Information Security (CIISec) told TechHQ previously.
“While many security employees will likely have come from STEM backgrounds, cybersecurity covers a broad spectrum and demands an array of skill sets, many of which individuals across other industries will already possess.”