What is the ‘New Normal’ for cybersecurity after COVID?
As countries around the world adapt to prolonged exposure to COVID-19, there have been numerous assessments as to just what the ‘New Normal’ will look like in various domains. Nowhere has this been more prescient than in a cybersecurity function that has been transformed by the pandemic.
As the workforce decamped to their home offices, Chief Information Security Officers (CISOs) had to rapidly pivot away from routine security tasks towards more long-term plans to help ensure this new remote workforce was able to operate safely and effectively. They had to do this at a time when cyberattacks were on the rise, with both this remote workforce and the wider supply chain heavily targeted by attackers looking to make hay out of the mayhem.
All of this has been taking place at a time when budgets and resources have been stretched to the bone, and cybersecurity teams have been asked to do more with less like never before. For many, the first step was to rapidly institute measures to maintain a degree of business continuity and provide as much protection as possible against the new wave of cyber threats.
Despite the early months of the pandemic being typified by adhoc reorientation of budgets to deal with this, there are few signs that the COVID-inspired measures introduced to maintain digital performance will endure into 2021, or at least the budgets that were devoted to cybersecurity won’t.
This might force security teams to limit expenditure on things such as governance and compliance in order to keep core operations secure.
How will different industries tackle cybersecurity investment?
There are likely to be clear industry-based divides in spending on cybersecurity in the year ahead, with sectors like financial services continuing to invest heavily in cybersecurity, whereas those such as healthcare are likely to struggle to maintain spending at a time when resources will be in such extreme demand in other areas. Healthcare organizations have had to invest heavily in digital tools to maintain business as usual, and this investment is likely to result in a difficult period ahead for cybersecurity, even as the threat posed to the sector is so high.
One sector that is enjoying a boom in cybersecurity investment is retail, where the pandemic has seen a huge shift in consumer spending to the internet, with retailers responding by bolstering the security of their digital-payment platforms to ensure customers’ needs are fully met, regardless of the platform they’re shopping via.
With remote working predicted to endure long into 2021 at many firms, a number of key cybersecurity priorities are likely to be seen in the months ahead.
Foremost among these will be the focus on perimeter security, with firms funneling investment towards securing this remote workforce as much as possible. There is also likely to be continued investment in securing e-commerce platforms, especially among smaller businesses that may be new to selling digitally.
This move to remote working at scale is also likely to see continued investment in access and identity controls as companies revisit just who should have access to sensitive data and systems. At larger firms, this investment is likely to focus on approaches that can successfully integrate with event-management and security-information tools in order to make budgets go that bit further.
With the remote workforce also containing technical help-desk personnel, there is also likely to be an attempt to shore up what was largely a virtual workaround during 2020. The need for support staff to be well equipped will be significant, especially if access control and other security measures are bolstered in the months ahead. This will be especially so in smaller organizations that invest in cloud-based platforms to allow for things like collaboration, communication, and file sharing.
A greater demand for tools and skills
With budgets under such enduring pressure, the desire to automate tasks where possible will be significant. There is likely to be growth in the desire for managed-service providers to automate things such as security orchestration.
2020 has also, however, highlighted the vulnerability posed to organizations’ digital systems by their workforce and supply chain. This will result in a fresh emphasis placed on improving cybersecurity awareness and training so that all stakeholders are aware of the threats and the behaviors they must undertake to mitigate those risks.
While it’s tempting to think that the major disruptions we saw in the first half of 2020 are largely behind us and we can begin to settle into the “New Normal” of life with COVID, the reality is likely to require us to maintain much of the agility that we saw in that disruptive period.
The ability to rapidly reorient security processes during that period was central to the general successes achieved in shoring up systems, but with security budgets likely to remain tight for the foreseeable future, the ability to do a lot with a little will remain paramount.
This is likely to require the cybersecurity industry itself to adapt so as to provide companies with a flexible and adaptable partner in these still combustible and uncertain times. The key will be to help companies get every drop of value out of their investment while they continue to weather the COVID storm in the years ahead.