Episode 2: Trends: Then, Now, and Into the Future
Trends: Then, Now, and Into the Future
Sean Atkinson and Tony Sager discuss the top cybersecurity issues from 2020 and what the road ahead holds for the industry.
2020 was considered “the year like no other”. The industry saw a mass convergence of social issues with cyber issues due to the pandemic, the elections, and the SolarWinds supply chain issue. Cybersecurity resilience was tested and it was crucial that the industry adapt quickly. With the onset of the COVID-19 pandemic in March of 2020 many organizations went fully remote, including CIS. CIS had to be agile and the cybersecurity industry had to adapt to new challenges with a growing remote workforce.
Increased Risk Management
Risk management strategies such as ways to identify gaps, how to best implement the CIS Controls, data management, and privacy requirements were the foundations for crisis management. It also brought focus to organizations to know who they are using as a product vendor and gain a better understanding of criticality and how their infrastructure runs.
Ransomware is here to stay as a top cyber threat. . It moved from the lone hacker to a capitalist business structure where the software just needs to be purchased and used as opposed to needing to build it yourself. Payouts are successful because the response is pay or you had better have offline backup. Due to remote workers, at-home schooling, and government and hospitals relying more heavily on technology, ransomware is going to continue to be a top cybersecurity challenge.
Sean uses the analogy of “the castle and the moat”. Today the drawbridge is always open and things are going in and out without the ability to monitor it all. Zero Trust is setting the new tone for security practices. Zero Trust is not just implementing the underlying technologies of authentication, multifactor, and assigning privilege, but understanding the architecture and building from the inside out.
What the Future (May) Hold
Small Businesses need support
The weight of responsibility to small businesses to accommodate the assessment evaluations for risk management is a huge burden. A possible solution for an industry-wide evaluation of how the data is collected and what is important and necessary as a national solution.
A Diminishing Cyber Workforce
There is a growing concern about the shortage of cybersecurity professionals. Educational systems are focused on their current infrastructure due to the pandemic and are finding it difficult to target new interest in the industry. Typically competitions grabbed interest but with the limited pubic events this same problem is expected to extend into 2021.
The Role of Government
With the change in government, like we have in 2021, there is a change in the way government thinks about priorities. Most of our public services are now digitized and subject to security breaches. Technology is part of our infrastructure The same way as how we build bridges with a plan, regulations, protections to the public, so should our attention to technology and cybersecurity.