1. Data security is growing in complexity amidst a cyber security workforce shortage
With more tools and services in the cloud, a remote and dispersed workforce, and an explosion in IoT devices, the complexity around data security continues to rise amidst a security skills gap. According to a 2019 Cybersecurity Workforce Study from ISC, USA is suffering from a cyber security labor shortage of almost 500,000.
When evaluating cyber security tools, it’s important to look for technologies that are easier for the next generation of security professionals to use right away without having to be experts first. Most security teams are understaffed and are stressed with staffing ratios as low as one security professional supporting 100+ employees. As you look to recommend tools to your CISO, ensure you have security fundamentals covered, then move to addressing insider threat activity and determine if you have response and detection capabilities in place. Ensure the cloud services being used are actually known. Challenge yourself and your team to check if current tools can detect and differentiate between files being uploaded to users’ personal or company-sanctioned apps.
If you don’t have the resources, you can arm users with security information, such as tips on protecting their home networks or avoiding phishing scams as quick wins.
2. Encryption adoption is growing
The increase in encryption adoption in enterprise organizations is largely driven by several factors. You need to protect sensitive data, avoid reputational damage, protect against human error and meet global data protection laws (such as Global Data Protection Regulation and California Consumer Privacy Act).
According to Thales eSecurity and Ponemon Institute, 43% of enterprises have an encryption strategy, but it does not come without challenges. Some of the difficulties with implementing an encryption strategy include understanding what the most sensitive organizational data is and where it lives, what technology should be used and which data should be encrypted. When talking to your CISO about an encryption strategy, you want to ensure you have the basics covered, including the right cyber security skills on your team to tackle implementation.
3. Increased need for collaboration tools
Though COVID-19 has accelerated remote work, it is not the only factor contributing to this trend. Remote work has grown almost 160% over the last 15 years, according to the U.S. Census and Bureau of Labor Statistics. With increased adoption of collaboration tools such as Zoom, Slack, Google Drive, Microsoft OneDrive, Box and many others, remote work is here to stay.
As security professionals, we understand the security challenges these tools and home networks bring. Yes, they are great to boost productivity, but they also make it easier to exfiltrate data whether it be product ideas, source code or customer lists. We need to help our CISOs, who in some cases are also playing the role of CIOs, recognize that this culture shift requires a technology shift as well. IT teams are being asked to quickly implement collaboration tools without security considerations, and saying “no” is simply not an option for security teams. The last thing that security teams want is to be viewed as obstacles. That said, proper risk management still applies, and there are absolutely times when security needs to draw firm boundaries.
Knowing that digital transformation is a top initiative for any CEO, today’s progressive CISO is embracing the collaboration culture. Arm your CISO with programs and tools that uncover user behavior patterns, reveal what drives user actions and speed incident response times. This may be a shift for some security teams, as their CISO expects security to be an enabler rather than a blocker of the collaboration culture.