CompTIA’s State of Cybersecurity 2021 Report reveals a growing concern about cybersecurity practices. Businesses must rethink how they approach cybersecurity from the ground up if they want to address all aspects. The cybersecurity community saw a clear lesson ten years ago when cloud computing revolutionized the IT landscape. Cloud solutions were embraced by many companies, but they were less interested in the security implications. This was a similar story that has been playing out in IT for a long period. Security is almost always outweighed by productivity and convenience. The problem with cloud was a little more complex. Cloud solutions were disruptive to the IT architecture and left big holes in traditional security strategies.
It’s hard to see how many lessons were learned ten years later. Companies have been slow to adopt the best practices in cybersecurity in a cloud environment, including identity and access management (IAM) and data loss prevention (DLP). The shift to remote work also saw cybersecurity as an afterthought. The pandemic was certainly more important than the shift to the cloud. There is still a disconnect between the cybersecurity priorities of organizations and the actual actions they take.
CompTIA’s State of Cybersecurity 2021 Report found that cybersecurity practices are becoming more uneasy. The general cybersecurity situation in the United States is worse than it was in 2020, with 69% saying that the situation is improving over 2020. However, 72% are less satisfied with their company’s security position than 82% in 2020. Businesses need to rethink how they approach cybersecurity from the ground up in order to address all aspects.
Policy
CompTIA’s study defines policy as the corporate mindset and culture in cybersecurity. For many years, the mindset was defensive and focused on securing assets that were all located in one place. A new policy is required today, as assets are more widely distributed.
Zero trust is the policy that all post-cloud activities must follow. Zero trust architecture does not make assumptions about access requests or the authenticity of data. Each piece is examined individually and, in many cases, checked multiple times. This allows for a wide range of activities, including multifactor authentication, microsegmentation and least-privilege accessibility. However, the activities are not as important as the fundamental understanding of why these activities are necessary (and how much investment is needed).
Process
The focus can shift to the process when everyone is on board with the policy. These are the practices that will lead to a more secure position. The main reason why buying-in on policy is so important, is that the process scope can quickly expand beyond what most companies have dealt in the past. The cybersecurity process must be both broad and deep. The number of processes required determines the breadth. This can include technical areas like security monitoring and threat information, as well as non-technical areas like workforce education and risk management. The level of detail required for each process determines the depth. Security monitoring does not just include setting alerts to search for known threats. It also includes analytics to analyze network behavior over time, and highlight anomalies.
People
It is important to have the right level expertise among cybersecurity professionals in order to manage the complexity of cybersecurity processes. There are so many gaps to fill, it is difficult for companies to bring every skill in-house. While there will be plenty of training and hiring, there will also be increased use of existing partners as well as new partnering with specialized companies. This is only the beginning of the security team. Every employee in the company is now part of the cybersecurity chain. This includes the board of directors, business staff, and IT specialists. It is important to ensure that cybersecurity messages are consistent across all levels and that metrics are designed to address concerns at all levels.
Product
The last piece of cybersecurity is the place most companies started using the old approach. Technology tools used to be the first line defense. But now they are the last ingredient that allows people to execute the processes.
As with all other parts of the c