Question of the day

Teleworking will catalyse the shift from the corporate perimeter concept to the security certification of micro-desks. Outsourcing IT and cybersecurity functions will be crucial to address insufficient expertise and save budgets. Coordinating service providers together with the use and management of more cloud services, cloud security and management skills will become a ‘must have’. These and other cybersecurity challenges and trends will be among the most common this year, and companies will have to manage them efficiently, according to a new Kaspersky report, writes startupcafe.ro.

The shift to teleworking, financial constraints due to the economic recession and the increase in cyber threats due to the global pandemic will affect the daily role of cybersecurity professionals in 2021. Understanding the challenges, but also perceiving the opportunities in IT and managing IT security are very important for maintaining protection.

Kaspersky Report, “Plugging the gaps: 2021 corporate IT security Predictions’provide tips for each cybersecurity-related role, including Executive Directors or Business Owners, CISO, SOC Team Leaders and IT Managers.

Here are some of the main trends that should be monitored:

— Perimeter protection is no longer sufficient – home offices will need to be assessed and certified. Tools must be in place to scan the security level at the site of work – from the presence of software vulnerabilities to connection to an unsafe or unprotected Wi-Fi hotspot. This will also require wider adoption of VPN, privileged access management, multi-factor authentication systems, implementation of stricter monitoring and updating of existing contingency plans.

— Switching to a service model will allow achieving IT security levels with lower investments. According to Kaspersky’s survey, seven out of 10 companies (69 %) have stated that they already plan to use a service provider (MSP) or a managed security service provider (MSSP) in the next 12 months. This happens for good reasons, as the service model helps to minimise capital investment and cost shifting from CapEx to OpEx.

— In-house training sessions for IT security specialists should also include management skills. Cybersecurity-related professions are divided into limited specialisations, which means that hiring the necessary staff for each specific role can be too costly. Here, outsourcing can help close the gap. However, companies outsourcing key cybersecurity components still need to focus on developing management skills for their internal teams to manage those outsourced functions.

— There will be an increased reliance on cloud services, requiring dedicated management and protection measures. The survey showed that in 2020, employees in 89 % of large companies and 92 % of SMEs used non-corporate software and cloud services such as social networks, express messaging services or other applications. This is unlikely to change when staff return to the office. To ensure that all important data is kept under control, better visibility on access to the cloud will be needed. It security managers will need to make this cloud paradigm a priority and develop skills for cloud data management and protection.

With the introduction of new cybersecurity practices, the quality of the tools enabling these changes will be equally important. Quality of protection and smooth management are essential when choosing cybersecurity solutions.

“We have seen two important changes in customers’ expectations of corporate cybersecurity offers. First, the quality of protection is no longer questionable – it is now a ‘must have’. Another major trend is that the high level of integration between the different components of corporate security, ideally from a single supplier, now plays a more important role. For example, there was a popular idea in the industry that various specialised solutions from different suppliers can help create the best combination to ensure a high level of protection. Organisations are now looking for a more unified approach, with maximum integration between different security technologies”says Alexander Moiseev, Chief Business Officer in Kaspersky.

Source: bizlaw.md