No doubt, the virus that dominated our lives in 2020 was the coronavirus. But it wasn’t the only viral infection that wreaked havoc.
The Mirai and Gh0st botnets saw a resurgence in May, targeting enterprise networks via employees’ home networks. Thanks to WFH, employees were also the target of a plethora of new phishing attacks, playing on people’s anxieties about the pandemic.
And, of course, ransomware has flourished during this time, including variants of Netwalker, Ransomware-GVZ and Co-Viper (not to mention expanded Ransomware-as-a-Service offerings). No sector is immune: government, healthcare, education and manufacturing are all targets.
Even if you were already shoring up your defences — systems, networks and devices, in the office and remotely — the pandemic pushed this to the top of the IT security agenda with an unprecedented urgency.
IT security priorities during a pandemic
IDG’s newly released 2020 Security Priorities Study, which surveyed 522 IT and security executives, looks at what drove security priorities through 2020 — and will drive those priorities over the coming year. The top priority? Improving the protection of confidential or sensitive data (49 per cent), followed by improving security awareness training for end-users (45 per cent).
Other priorities include upgrading IT and data security to boost corporate resiliency; enhancing identity and access controls; improving security in the application development process; and planning for unexpected risks — such as a pandemic.
Survey respondents expect the pandemic will impact the way they respond to risks going forward — and that means adding more people and resources. Yet, 87 per cent feel their organization falls short in addressing cyber risk and 31 per cent say they’re not investing enough budget, people and technologies to address risks (while some are struggling to find the necessary skilled talent).
Combine all of that with a new WFH environment — along with cybercriminals capitalizing on a global crisis — and it’s clear why 2020 has been particularly challenging on the IT security front.
Shoring up WFH defences
Remote work is here to stay (at least for the foreseeable future), which will continue to increase organizations’ vulnerability to attack. And remote workers will continue to be a focus of cybercriminals in 2021 (along with hospitals and other ‘easy’ targets).
That could be why Gartner’s top 10 security projects for 2020/2021 includes securing your remote workforce. Many organizations have a better handle on their remote workforces than they did six months ago, but “it’s time for a needs assessment and review of what has changed to determine if access levels are correct and whether any security measures are actually impeding work,” according to Gartner.
Other IT security projects cited by Gartner include cloud security posture management, which requires “an automated DevSecOps style of security” as well as simplifying cloud access controls to “offer real-time enforcement through an in-line proxy that can provide policy enforcement and active blocking.”
The IDG report suggests that going forward more organizations are “putting faith in zero trust.” In part, that’s because traditional remote-work security solutions aren’t designed for entire workforces; even virtual private networks have become a target as cybercriminals exploit unpatched VPNs.
What’s ahead for IT security in 2021?
“Interest in zero trust technologies, which trust no device, individual or location until it is verified, has been bolstered by remote work and increases in public cloud use,” according to the IDG report. Indeed, 40 per cent of respondents say they’re actively researching zero trust and 18 per cent have already deployed zero trust solutions.
Another 32 per cent of respondents are actively researching deception technologies, which the report describes as “a modern take on the classic, manually deployed honeypot where intruders are led to decoy passwords lists, false databases or fake access.”
These are in addition to traditional defences, such as multi-factor and role-based authentication, cloud-based cybersecurity services and network and data access controls. One problem, however, is that many of these tools are underutilized, according to the report; there’s also the ongoing issue of end-user awareness.
That could be why some organizations are planning to outsource some of their security functions to the experts; 22 per cent of those surveyed currently outsource or plan to outsource cloud monitoring and cloud data protection, along with security evaluation services.
The first half of 2020 showed us how quickly organizations could pivot to meet the challenges of a global pandemic, such as setting up remote workforces and rolling out new remote-work technologies. But it has also showed us how quickly cybercriminals can pivot, too.
The IDG report indicates that IT security budgets are, in many cases, increasing (or at least staying the same). The right people, resources and third-party experts will be key to continuing the battle against viral infections on the cybersecurity front.