As 2020 comes to a close, security professionals around the world have started assessing how to make the most significant improvements next year.
Here are five issues that the security sector should strongly consider taking a collective approach to fix — or at least improve — in 2021.
1. People Ill-Equipped to Work From Home
The COVID-19 pandemic caused many decision-makers to let people work from home whenever possible. Employees of numerous companies can keep doing that for the foreseeable future, in fact. However, remote working environments introduce new security issues to tackle.
A June 2020 poll from IBM of Americans who recently started working from home revealed some worrisome findings. For example, 45% of them did not receive new training before beginning to work remotely. Then, 53% reported using personal laptops without receiving new security tools for those devices.
IT security professionals cannot assume that employees know how to stay safe online while getting stuff done from home. Providing them with widely available tools like password managers and distributing cybersecurity checklists with best practices could help organizations with distributed workforces maintain protection from threats.
2. Ransomware on the Rise Globally
Ransomware is an issue that’s not going away anytime soon. The trouble is that it’s getting worse. Company leaders must prepare now to limit how it might affect them.
Research associated with the third quarter of 2020 found a 98.1% increase in ransomware attacks in the United States compared with first-quarter figures. Sri Lanka experienced a staggering 436% increase, while there was a 57.9% jump in Russia. Double extortion is another recent trend. Before cybercriminals encrypt stolen information, they take sensitive data and threaten to publish it unless victims pay the demanded amount.
Performing regular data backups and making the content accessible via several methods could enable companies to keep operating smoothly if perpetrators interfere with the availability of crucial files. However, security professionals must go further to identify and fix the vulnerabilities that give unauthorized parties access.
3. The Lack of Gender Diversity
A study associated with data centers found that females typically comprise less than 5% of the staff roles in those facilities. That’s the reality, despite the same research indicating that 45% of respondents believe the lack of female representation poses a threat to their industry.
Unfortunately, the situation is not much better in the cybersecurity sector. Statistics show that women make up only 14% of the North American cybersecurity workforce, a mere 7% in Europe and 5% in the Middle East.
Companies can tackle this issue in numerous ways. For example, they might launch scholarship programs or internship opportunities that specifically target women in cybersecurity. Business leaders can also explore whether their job ads unintentionally feature male-centric language and remove instances of it.
4. Unhelpful Perceptions of the Cybersecurity Industry and Its Practitioners
The IT security industry has a culture problem. That issue also decreases diversity in the field, but it is one of many contributing factors.
The broad public perception — that security practitioners do little to dispel — is that cybersecurity is a “dark arts” specialty full of mystique. That assumption often promotes the development of IT security tools that are overly complex and daunting for the public to use.
Cybersecurity professionals possess specialized skills, but they must play central roles in spreading the idea that everyone can help secure our infrastructure.
They also need to address this issue with better communication. For example, a board member could easily become overwhelmed by hearing industry jargon. Describing concepts using accessible language should help security professionals make progress and get their points across.
5. Concerns About On-Premises Safety
While many employees can work from home to stay safer during the pandemic, cybersecurity professionals often do not have that option. Some perform duties that require coming into offices. Others work in classified facilities that don’t permit remote possibilities.
Unfortunately, 78% of cybersecurity professionals reported having concerns about their safety while on-site. Organizational leaders cannot remove all risk, but they can minimize it.
Providing masks and hand sanitizer for on-site personnel are good starting points. However, decision-makers should also explore staggered shifts and have people consistently work alongside the same colleagues. Those things reduce how much time employees spend mixing with larger numbers of people, restricting virus transmission potential and facilitating better contact tracing if an outbreak happens.
Awareness Paves the Way for Progress
These five issues pose daunting challenges for the cybersecurity sector. It is unrealistic for people to think that they or their companies can completely fix all of them next year.
However, becoming aware of the problems and committing to making progress should lead to meaningful outcomes that strengthen the industry and empower the people working in it.