Thanks for following us in 2020! Here is cybersecurity in 2020, as we see it, broken down by key trend/topic.
It's hard to talk about cybersecurity in 2020 without talking about how to stand guard against phishing. Bulk phishing campaigns lurked everywhere, doing everything from encouraging you to sign into a fake login page supposedly from your bank, to alerting you to a "security issue" in your Google account -- with all links pointing into the darkest corners of the web. Spear phishing (highly targeted phishing attacks) grew as well, with a great many new-hires receiving emails supposedly from their CEO, asking for favors such as reimbursable gift card purchases or ACH information changes. Vishing and smishing grew as well. It's safe to say that phishing and it's variants were one of the biggest stories for cybersecurity in 2020.
When office workers suddenly went home in March 2020, office routines ground to an immediate halt. Half-full coffee mugs sat on desks for months. Sweaters and jackets stayed idle on setbacks as the seasons changed. What else went idle? Office telecom closets jam packed with protective equipment. Instead, executives all the way up to the CEO found themselves at home, with their home network guarded only with their Comcast router.
What happens when an enterprise wants to bring on a small business as a vendor? Would you believe that the answer is STILL (after all these years) that the enterprise typically sends the small business an excel spreadsheet with dozens or hundreds of security questions?
This has to stop. Risk grading can dramatically reduce the burden on both sides. Purpose-built web experiences can light the path to controls satisfaction and compensating controls where necessary. Will we say goodbye to the Excel-based enterprise security questionnaire in 2021? Here's hoping. But, in the meantime, the story for cybersecurity in 2020 continues to be a battle between small business operators and enterprise compliance teams, duking it out over hundreds of nuanced cybersecurity questions. Here are our reflections on enterprise security questionnaires and vendor onboarding in 2020.
4. Infosec Policies
Of all of the top trends for cybersecurity in 2020, this one is the one we would have least predicted. Companies everywhere are scrambling to settle on infosec policies that strike a balance between keeping the company secure and being realistic about their employees' role in cybersecurity. Too strict, and employees will ignore it. Too loose, and the company opens up big vulnerabilities. One thing is certain: in the massively changing world that we witnessed in 2020, there is no defense that saying your pre-existing infosec policies should remain unchanged. Changes in the world around us are driving a need to re-evaluate infosec policies at a greater pace than we have ever witnessed before. We had a lot to say about infosec policies in 2020.
5. Shadow IT
Got employees that are human? Are they ever in a hurry? Yes and yes.
When well-intentioned employees are in a hurry, they make judgement calls about technology that they need in order to do their job well. Sometimes it comes in the form of an employee who is working late, long past the time that the IT helpdesk is open, when they realize that there is a particular website that could help them power through a project faster than the old-fashioned way. When employees register for a website that isn't an official vendor for the company, shadow IT is born. And a whole lot of shadow IT was born in 2020.
Cybersecurity in 2020
2020 was not a boring year for cybersecurity. From high profile attacks, to innovative solutions, to trends that got turned upside down when COVID-19 hit, 2020 was a year of change. We've tried hard to be there for you as both a sounding board and a service provider when you've needed it most. It seems like our posts our resonating, since our google search impressions are up about 17x in the past six months, so we'll keep at it! We can't wait to be a part of 2021 with you, to help you keep knocking down cybersecurity challenges and helping you free up time and focus to build your business... letting us do the heavy lifting when it comes to cybersecurity.