6 Post-Pandemic Information Security and Privacy Trends
By Kaarthick Subramanian – VP, Security & Privacy
The world’s businesses run on information technology (IT), and everyone who was forced to work remotely during the pandemic recognizes its continued importance. Tech advancements undoubtedly make companies run smoother, but they also bring their own set of information security challenges. The global pandemic made those challenges just a little harder to overcome.
Here are six trends that address the challenges that are all too common in today’s post-pandemic workplace.
#1 Increased Use of Zero Trust Network Access
If you had asked an IT professional about their favorite network security tools years ago, virtual private networks (VPNs) would likely have made the list. However, the IT landscape is constantly changing, and VPNs can’t keep up with the information security requirements of today’s workforce. VPNs were originally designed to provide safe data transmission between outside devices and on-site servers. In today’s environment, cloud computing has replaced many dedicated on-site servers because of its convenient, cost-effective architecture. VPNs are now expected to protect a wider area, which they weren’t originally designed to do.
Zero Trust Network Access (ZTNA) has become the new darling of the cybersecurity space for forward-looking IT departments. ZTNA is a network security framework that assumes that each user is not authorized to access the system. Users gain access to portions of the network by providing authentication details for every connectivity request. With ZTNA, users only get access to segments of the network on an as-needed basis. This is different from a VPN that gives a user access to the whole network after he or she provides a valid username and password.
#2 Vendor-Focused Risk Management
The SolarWinds cyberattack of 2019 proves how vulnerable digital supply chains are. The attack was so sophisticated that the Department of Homeland Security is still investigating the incident years after the breach was detected. According to the government agency, Russian hackers breached the SolarWinds network and remained there undetected for several months gathering data about the company’s 320,000 business customers that are located in over 100 countries. The hackers then inserted malware into an update of a popular SolarWinds network monitoring product. When the update was downloaded by SolarWinds’ customers, thousands of computer systems were infected. The bad part about the hack was that the malware didn’t noticeably disrupt business operations right away. It just sat there collecting data from emails and other files on those infected networks.
This cyberattack highlighted security risks that are related to vendor management. Most vendors use some type of third-party software or proprietary system to manage their communications with customers. When those trusted systems are breached, customers are left scrambling to detect possible malware infections. It’s expected that IT departments will take a more proactive approach to vendor information security management in the future. Adopting a ZTNA framework is a first step in this direction. When ZTNA is used, a vendor only has access to a specific portion of a network, which reduces the risk of a system-wide security breach.
#3 Increased Spending On IT Security
Spending for IT security awareness and compliance initiatives will continue to increase, and this is no surprise. The rise in security threats and reported breaches are only two reasons why companies will budget more for information security going forward. Many businesses are changing their IT operations to stay competitive and to avoid pitfalls. For instance, some companies are adopting artificial intelligence-based platforms to speed up customer service responsiveness. Other businesses that are responsible for transmitting and storing sensitive personal and financial data have taken the bold step to ignore sentiments about cloud computing and acquire servers for on-site networks. These changes require funding for updated security policies and employee training. Companies will also want to ensure security compliance by funding periodic audits.
#4 Data Protection Highlighted
Hackers no longer launch cyberattacks for thrills anymore; they’re often digital mercenaries for hire. Besides hijacking business operations with ransomware, it’s common for hackers to steal data for rival companies and even governments. As a result, IT shops in the public and private sectors are making data protection a higher priority in the coming years.
According to statistics that Hosting Tribunal recently published, there were 2,013 data breaches in 2019 alone, and over half of those breaches were caused by hackers. Data breaches are costly to organizations these days. Many governments have enacted laws that hold companies accountable for safeguarding user data. When breaches occur and the companies are found to not be in compliance with legislative data privacy and protection regulations, the organizations can face high fines. The public also loses confidence in those companies, which is often worse than the fines.
#5 Reversed Stance on BYOD
Bring Your Own Device (BYOD) is the practice of allowing workers to use personal computing devices to perform office activities. While smartphones are the most common personal devices that employees use for work-related tasks, workers use their own laptops, tablets, and USB drives at work as well. BYOD became popular prior to the pandemic, and many companies drafted policies to promote the practice. At first, BYOD was well received by both workers and employers. Studies show that workers who use their own devices are more productive because they are more familiar with their own hardware and know how to get the most out of the tech tools’ features.
Both parties have lately soured on BYOD, however. BYOD presents some marked security risks. For instance, employers must rely on workers to secure their personal phones to protect company data. When an employee leaves the company under less-than-optimal circumstances, employers will likely not have control of their proprietary data that’s stored on the employee’s personal laptop. To solve these challenges, companies tighten security policies by requesting that IT personnel be given access to the employee’s phone to “help” with tech support. They also may insist on having the employee download applications for work-related tasks that contain tracking mechanisms. Employees may not want to use their phone’s storage space for company programs, and they certainly don’t want to expose themselves to the company’s tracking technology. When BYOD first became a big trend in 2017, IT professionals recognized the security risks and raised the warning flag. It looks like the tide is shifting in their favor as data theft and network security breaches increase.
#6 Increased Demand for Cybersecurity Insurance
Data loss statistics show that the average cost of compromised data was close to $4 million in 2020. Most small and medium-sized businesses can’t survive that kind of a financial hit. That’s why many companies will be opting for cybersecurity insurance policies in the future. These policies cover costs that are associated with data recovery, business interruption, and cyber extortion.
Conclusion
With negative aspects of the pandemic getting all of the attention, nearly everyone fails to see the positive outcomes of this historic event. The pandemic proved that companies can go fully virtual with the help of technology. It forced many businesses to streamline their processes and realize that they can do more with less. Armed with the latest security tools and updated policies companies will emerge from the pandemic refreshed and ready to take on new opportunities in the marketplace.
References
https://www.comptia.org/content/research/trends-in-information-security-study
