6 Cybersecurity Lessons From 2020
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.
November 3, 2020
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt1ff4f2bab0862f93/64f0d2a2a01b5a2eef5176ac/1.jpg?width=700&auto=webp&quality=80&disable=upscale)
To call 2020 a rough year for enterprise cybersecurity teams would be something of an understatement.
The COVID-19 pandemic and the newly distributed workforce that it engendered upended security strategies and forced a rethink of approaches to securing remote workers and supply chains at many companies.
Security teams that had implemented controls for managing remote workers suddenly had to contend with a magnitudes-fold increase in the number of users they had to support this way. With more users accessing enterprise systems and data from their homes, attack surfaces increased dramatically. Enterprise security teams found themselves scrambling to implement new controls to manage threats due to their increased risk exposure.
Security operations teams found themselves scrambling to address issues around communications and challenges related to breach investigations and visibility into endpoint systems. Organizations that had adopted a zero-trust approach to security suddenly found reason to accelerate their plans.
Already overburdened security operations teams had to find ways to remain effective in a new threat environment, even as software-as-a-service (SaaS) and zero-trust initiatives attracted greater enterprise interest and investments.
Here, according to a half-dozen security experts, are the six main takeaways from 2020 for cybersecurity practitioners.
The large-scale shift to remote work triggered by the COVID-19 pandemic put an enormous strain on already overburdened security operations centers (SOCs). In an Exabeam survey of some 1,005 cybersecurity professionals who manage and operate SOCs, 35% of US respondents cited communications with other team members as the most significant pandemic-related challenge. Thirty-four percent reported difficulty investigating security incidents, and 30% described a lack of visibility into individual networks as an issue. Nearly one in two (47%) of the US SOC members in the survey reported having problems with new tools, including SaaS applications.
"SOC managers with immature processes learned very quickly that when the SOC team is not mostly in the same room, nothing worked as well," says John Pescatore, director of emerging security trends at the SANS Institute.
Going forward, security operations groups will need to implement architectures better equipped to address the requirements of hybrid environments where a large section workforce is remote.
Eric Parizo, an analyst with Omdia, says security information and event management (SIEM) is one area within the SOC, in particular, that will see a lot of change. Newly distributed workforces and ongoing digital transformation initiatives will accelerate the transition to cloud-based SIEMs, he says.
"As the new heart of cloud-based SecOps solutions sets, next-gen SIEMs are SaaS-based, offer built-in activity and behavioral analytics, and offer flat-fee-based data ingestion supporting multiple public clouds, as well as traditional on-premise and network data sources," Parizo says.
With the growing adoption of SaaS, one trend the pandemic highlighted was the relatively quiet shift to a choose-your-own-IT (CYOIT) model. Unlike bring-your-own-device (BYOD) -- a term generally used to describe self-owned mobile devices -- CYOIT encompasses a broader range of tools that workers use to do their jobs, SANS Institute's Pescatore says.
The pandemic-driven movement to Zoom is one example of how the business world has long evolved beyond BYOD, he says. "It used to be corporate chose between Webex and GoToMeeting and said, 'Use this,'" he says. "Now most users can fill in a bingo card with the different web conferencing systems they've used [in a single week]."
The implications for IT security are significant, Pescatore adds. "With BYOD, the major worry was corporate data ending up on a device where the organization had no footprint and no security stack on the device," he says. Though BYOD created problems, IT still had control over the server side and could therefore enforce which apps could be used.
With CYOIT, users can choose different cloud-based apps -- for example, accessing their work email via Gmail or using Zoom and Webex, among other things, Pescatore says. CYOIT puts more pressure on organizations to focus on the data. "If you can't control the hardware or the apps, you [need to] have the controls travel with the data," he says.
With more organizations shifting workloads and data to the cloud to support remote and virtual workforces, SaaS environments have become a big attacker target. Expect IT staff to be increasingly engaged in managing their organizations' SaaS applications and cloud footprint, says Brendan O'Connor, CEO and co-founder at AppOmni.
Increasingly, tools -- such as those required for scanning APIs between applications to automate SaaS configuration, and monitor user access, activity, and changes in the environments -- are going to become important, he says.
"The shift to the cloud, unfortunately, has not gone unnoticed by hackers and bad actors," O'Connor says. "As organizations play catch-up, attackers are shifting their strategy to leverage the lack of SaaS expertise and necessary tooling to monitor and keep attackers at bay."
Many IT teams are struggling to keep up with the massive operational changes caused by the pandemic and the resulting accelerated rate of cloud adoption, according to a survey of 200 IT security professionals conducted by AppOmni earlier this year. Due to increased responsibilities tied to COVID-19-related changes, 68% said they had less time to spend on managing and securing SaaS applications.
Zero-trust security models -- where all access requests to enterprise data whether from inside the enterprise network or outside are fully authenticated and vetted -- gained increased attention this year. IT teams looking to address new threats raised by a suddenly expanded remote workforce turned to zero-trust in larger numbers.
For instance, 60% of 252 IT professionals surveyed in August by Enterprise Management Associates (EMA), on behalf of Pulse Secure, described their organizations as having accelerated their zero-trust strategy. Four in 10 cited increased operations agility as the primary benefit of zero-trust, and 35% pointed to improved governance and risk compliance.
Some of the other major benefits that respondents cited included breach prevention and containment, reduced attack surface, and unauthorized access mitigation -- all major concerns in a post-COVID-19 era. EMA found that companies with a formal zero-trust strategy were far more likely to succeed than companies with an ad-hoc approach. Ironically, the largest companies represented in the survey were the ones most likely to have an ad-hoc approach.
"For the companies who already had proof-of-concept underway for their zero-trust journey, COVID-19 served as an accelerator, moving up the timelines for adoption," Microsoft said in a blog earlier this year.
The rapid increase in ransomware attacks where threat actors also stole data and threatened to release it publicly complicated matters for enterprises this year. Not only were victims locked out of applications and systems, they also faced the threat of sensitive data -- including trade secrets and IP -- being leaked publicly via websites that threat groups created explicitly for that purpose.
"The ransomware uptick wasn't really new. But it did raise a new management issue: Will our standard corporate insurance pay extortion demands?" Pescatore says. For most, there is no simple answer, he says.
Multiple lawsuits filed recently by victims of major cyberattacks -- including pharmaceutical giant Merck and food and beverage conglomerate Mondalez -- have brought into focus the challenges organizations can sometimes face in recovering damages from their cyber insurers.
Rick Holland, CISO and vice president of strategy at Digital Shadows, says threat actors flocked to the cyber extortion racket in droves this year. In Q1, Digital Shadows tracked just two groups with extortion websites. By Q4, that number had grown to 17.
Initial access brokers that specialize in breaking into organizations and handing over their initial access to ransomware groups, in particular, thrived as a result of the extortion gold rush, Holland says. "Outsourcing this component of the extortion value chain [enabled] ransomware operators to increase their extortion operations' scale and velocity," he says.
The COVID-19 pandemic is a striking example of how not all events that have a big impact on cybersecurity are security-related. The rapid and massive shift to remote work prompted by the pandemic forced all kinds of change on information security groups.
IT and security leaders had to refocus efforts around securing remote work practices, ensuring supply chains remain secure and rolling out tailored security awareness campaigns and training to combat the sudden flood of phishing scams related to COVID-19, says Steve Durbin, managing director of the Information Security Forum (ISF).
"The [pandemic] accelerated and concentrated forces, such as the move to remote working and adoption of cloud services, that were already in motion," he says.
The pandemic shows why companies with a global footprint need to have a plan to deal with a global-scale crisis, says Oliver Tavakoli, CTO at Vectra.
While many have plans for dealing with a disaster at a regional level, few are prepared to deal with a scenario impacting all their global locations simultaneously. "Invest in security technology [that] works regardless of where your end users are working from," Tavakoli advises. "Putting a shiny, new web proxy on your campus perimeter doesn't buy you much when everyone is sent home to work."
The COVID-19 pandemic is a striking example of how not all events that have a big impact on cybersecurity are security-related. The rapid and massive shift to remote work prompted by the pandemic forced all kinds of change on information security groups.
IT and security leaders had to refocus efforts around securing remote work practices, ensuring supply chains remain secure and rolling out tailored security awareness campaigns and training to combat the sudden flood of phishing scams related to COVID-19, says Steve Durbin, managing director of the Information Security Forum (ISF).
"The [pandemic] accelerated and concentrated forces, such as the move to remote working and adoption of cloud services, that were already in motion," he says.
The pandemic shows why companies with a global footprint need to have a plan to deal with a global-scale crisis, says Oliver Tavakoli, CTO at Vectra.
While many have plans for dealing with a disaster at a regional level, few are prepared to deal with a scenario impacting all their global locations simultaneously. "Invest in security technology [that] works regardless of where your end users are working from," Tavakoli advises. "Putting a shiny, new web proxy on your campus perimeter doesn't buy you much when everyone is sent home to work."
To call 2020 a rough year for enterprise cybersecurity teams would be something of an understatement.
The COVID-19 pandemic and the newly distributed workforce that it engendered upended security strategies and forced a rethink of approaches to securing remote workers and supply chains at many companies.
Security teams that had implemented controls for managing remote workers suddenly had to contend with a magnitudes-fold increase in the number of users they had to support this way. With more users accessing enterprise systems and data from their homes, attack surfaces increased dramatically. Enterprise security teams found themselves scrambling to implement new controls to manage threats due to their increased risk exposure.
Security operations teams found themselves scrambling to address issues around communications and challenges related to breach investigations and visibility into endpoint systems. Organizations that had adopted a zero-trust approach to security suddenly found reason to accelerate their plans.
Already overburdened security operations teams had to find ways to remain effective in a new threat environment, even as software-as-a-service (SaaS) and zero-trust initiatives attracted greater enterprise interest and investments.
Here, according to a half-dozen security experts, are the six main takeaways from 2020 for cybersecurity practitioners.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024