Cyber priorities for 2021
Threat visibility, identity management among leading priorities and projects
More than eight out of 10 information technology executives said the distributed IT landscape and rise of remote work created new security challenges for their businesses, according to Insight, an IT hardware, software and service provider.
The Cybersecurity at a Crossroads: The Insight 2021 Report found 72% of executives said threat visibility and identification was a bigger priority as a result of changes in 2020, followed by incident response, and network security. Two-thirds of respondents also cited endpoint and Internet of Things security as increasing priorities in the work-from-home/distributed IT environment.
Ninety-six percent of IT executives increased their cybersecurity budgets in 2020, and 91% said they plan to do so again this year, according to Insight.
However, over three-quarters of respondents still say they lack confidence in their company’s IT security. Respondents cited concern over their company’s whole approach, with 32% saying their organization’s overall strategy and roadmap to address cybersecurity was inadequate.
Insight found 72% of executives launched identity and access management projects in 2020, while 15% had a project in progress before last year. Meanwhile, 69% of companies initiated a threat visibility and identification project last year, while 18% had in-progress projects at the beginning of 2020.
Workers exposing employers to cyber risk
Those projects are important, as a survey by Ivanti found a quarter of consumers are exposing their employers to risk by using their work email or password to log in to consumer websites and apps. The 2021 Secure Consumer Cyber Report surveyed 1,000 Americans who were working from home on a company-provided computer. The report found “insecure, unmanaged and unsanctioned IoT devices [have] become a highly popular attack factor at home and work.”
Related: Hacking, IT incidents leading cause of data breaches
These consumers reported a lack of basic cybersecurity protections required of them, including:
- VPN access, which only 30% of respondents said they are required to use to access company networks.
- Security software, which 28% of respondents said they’re not required to use on work devices.
- Password hygiene, as 24% of respondents said they aren’t required to regularly update passwords or use one-time password generators.
Comprehensive cybersecurity approach
Increasingly complex security infrastructures put more pressure on companies to implement automation to help them keep up, but 55% of executives say their company hasn’t deployed automation, calling it the top challenge in operations and management.
Related: Firms overlook key cybersecurity partners
Companies were more likely to have addressed cyber security as a business continuity issue, as 70% of respondents said they have made incident response part of their continuity plan.
About 60% of respondents are incorporating cybersecurity into operations and broader business decision making, while 97% are changing up their team structures to make security a more integrated part of their IT strategy.
Making cybersecurity measures accessible
Another challenge some companies may be overlooking is how accessible their cybersecurity measures are. NuData Security, powered by Mastercard, notes that cybersecurity measures need to account for user experience.
For example, biometrics like fingerprint readers are often held up as a powerful identity management tool, but the 21 million Americans with temporary or permanent impairment of their upper limbs may lack the dexterity required for fingerprint logins, according to the company.
NuData recommends adopting passive biometrics to build a profile of each user to account for things like typing speed and preferred browser. Passive biometrics tools help companies “expand the inclusivity of [their] cybersecurity protocols by simplifying access — your product or app doesn’t need to rely on one-time passwords, fingerprint scans or other exclusive tactics that may cause inclusivity issues,” according to NuData.
Companies need diverse teams to anticipate the needs of their end users, NuData stated. Understanding how users interact with their technology provides important insight into vulnerabilities that might go overlooked by homogeneous teams.
READ MORE