Cybersecurity Program Adoption: A Decade of Changes in Just One Year
In any given year, an organization may pick up one or two new pieces of technology as the need arises. If your sales department needs new billing software, you check the budget and see when you can fit it in. When your marketing department needs a new project management tool, you see how you can reallocate some funds to make it happen. Change happens, but it requires a significant amount of forethought, and it usually isn’t quick.
The past year, as we all know, was a bit different. Change happened not because we necessarily wanted it to; it happened because there was no other option. Change happened because it was either shut down your business or adapt to the new reality. Change happened, it happened quickly, and it happened without regard for the norm.
Instead of organizations taking their time to add one or two new pieces of tech into their stack, they made the radical changes necessary to keep going. The need for one new software program quickly turned into the need for many.
Though it feels like much longer, it’s been just a year since the switch to work-from-home. And in that one year, companies adopted technology at a rate that we would typically see over a decade.
How Have Things Changed in the Past Year?
With employees now at home scrambling to get an office together wherever they could (in spare bedrooms, dining rooms, or just about anywhere with a flat surface), employers were scrambling to get everyone the tools they needed to work.
This was a task easier said than done. In a rush to get everyone home, companies were focused on productivity first, cybersecurity programs later. After the initial rush, many companies came to the same realization: we sent them home, but now they (and we) aren’t secure. The swift adoption of cybersecurity tech arrived.
Many companies began looking into developing a cybersecurity adoption plan that included endpoint detection, various SIEM offerings, and identity access management tools. They also looked at securing their employees, who were now working in unknown environments.
Virtual private networks
A VPN (virtual private network) quickly became a must-have for many employees working from home. Employees were now logging into the company network outside of the office, and they needed a secure way to do it.
With companies giving their employees access to a VPN, they could access everything they needed to do their jobs properly and securely. Now, employees working from home are better protected than they were a year ago as a result.
With everybody out of the office, how do you make sure that the person logging into an email account 100 miles away is who it’s supposed to be? Many companies realized that enabling 2FA was one of the easiest ways to increase security.
There are conversations about what form of 2FA authentication is the most secure (text, call, authenticator app), but it’s still a move in the right direction for building a stronger cybersecurity program.
There are two things you can always count on being true: the sky is blue, and the most common password is 123456. How do you prevent your employees from reusing the same weak passwords across multiple sites? Password managers.
They help employees create stronger passwords, won’t automatically fill in on phishing sites, and make it convenient to have different passwords for everything.
As organizations saw an increased need for more secure environments in the work-from-home world, password managers became increasingly common – and we’re all better off for it. Some companies even require them for continued employment.
Endpoint detection and response
EDR allows companies to detect and respond to threats beyond the scope of traditional firewalls and anti-virus. Organizations can monitor endpoints both on and off their network and can have a fully-trained, 24/7 security operations center (SOC) at their back.
As companies began to switch to a more remote workforce, they realized that they not only needed to protect their servers at the traditional office but their desktops now sitting in home offices. Adding EDR into their cybersecurity adoption plan allowed them to take faster action when faced with potential threats.
Security information and event management
Organizations realized they had the need to generate network and log-based event notifications for a plethora of scenarios, with employees now logging into networks from around the country (and world).
Many chose, and rightfully so, to incorporate a SIEM into their cybersecurity stack. This gave them greater oversight into what was actually going on, giving them the ability to collect logs, detect threats, and respond appropriately and in a timely manner.
Cybersecurity awareness training
One of the most significant changes over the past year has been, ironically, not a shiny new piece of tech but an increased need for cybersecurity awareness training.
You can give employees access to a VPN and a password manager, but all it takes is one malicious email link clicked from a seemingly trustworthy address to compromise your secure environment.
Securing employees with software has been a necessity, but training them on recognizing common phishing attacks has become paramount. Business email compromise (BEC) remains one of the easiest ways for attackers to access secure information.
Cybersecurity training has been a significant focus for the past year, and every organization should continue with implementing it into their cybersecurity program.
Consequences of non-adoption
Companies that have failed to take cybersecurity adoption seriously are putting themselves at significant risk.
A year ago, employees weren’t working at home with their children taking classes on the same network they’re conducting business on. Their laptops – filled with sensitive information – weren’t lying around for easy access to family and friends.
Without the proper tools, your employees are opening up your business for ransomware attacks, data exfiltration, and more. And even with the proper tools, employees need the proper training. What your employees don’t know can and will hurt your business.
Cybersecurity wasn’t the only focus for the past year. Companies around the world implemented technology that allowed for greater connectivity, communication, and collaboration.
Put yourself in your shoes a year ago. Could you have imagined having just about every meeting occur on the computer, every document written and edited synchronously, and every company event online?
The adoption of technology like Zoom, Microsoft Teams, Slack, Google Workspaces, Microsoft 365, and others – even ones outside of the workforce, like DoorDash, Instacart, and scanning a QR code to check out a menu – came quickly. Their use may have very well been inevitable, but the rate of adoption was faster than many of us could have imagined.
There’s no doubt that the work environment is forever changed. We’re already starting to see companies – like Spotify, Twitter, and Salesforce – ditch the traditional office and allow their employees to work anywhere – permanently.
So, what will the next year look like? Will we continue to adopt technology at a quick rate? With employees working throughout the country and abroad, how do you provide IT support that would have been traditionally in the office? What problems (and opportunities) are we creating with this work-from-home reality?
The office as we once knew it is gone, and we’re adopting technology quicker than ever before. How secure have you become over the past year? See where you stand and how you can continue to improve your cybersecurity program with the MSP+ Cybersecurity Framework.