Little did the year start until it was clear this was going to be a challenge for everyone regardless of location, business or otherwise.
In March, it was undoubtedly a fact that COVID-19 was not going to turn back at the door to Europe, we all needed to act. To maintain business, we turned to digitalization in order to maintain ability to keep the business momentum going regardless if we represented public sector or private. Most organizations had a this point several digitalization projects going and for the most part those were accelerated in order to facilitate the new immediate need now surfacing. One which was standing out was the ability to work from anywhere. For those of us who have been roaming users for the past 15years the change was not profound but for other roles in organizations the impact was significant. Mission critical roles not only had the need to operate remotely but also being served access deeper into the back-end systems of the organization which called for additional security capabilities to maintain resilience.
At Nixu, we swiftly got going with ramping up capabilities in order to meet the not new but increased demand of services enabling the new way of working for our existing and new clients. In addition, we put some words down in order to support our clients in terms of guidance:
Building a path to secure digitalization in the current situation has four states: Enable - Validate - Optimize - Operate
It is at present time quite clear that security organizations have been challenged as expected in terms of keeping up in the enablement phase and are now playing catch up in the validation phase. Make no mistake, there are times where enablement of the organizational capability need to be prioritized over security as long as it’s a known decision and measures are taken once the organization is up and running at a steady state. We have significant indicators that most organizations are now in the Validation state or are entering it currently. Evidence of this is the uptake of services relevant in this stage such as:
- Red Teaming
- Scanning services (specific to cloud security configurations and vulnerabilities)
- General Pen tests
- Cyber Security Roadmap
- Digital Identity Reviews
In combination of the massive acceleration in digitalization there have been dark clouds coming in on many levels.
For organizations based in Europe who have invested heavily in cloud technology Schrems II came as an additional slap in the face, some might have seen this coming, but the majority did not. Those organizations are facing an uncertain future in terms of what to do with a construct that goes against current regulations. Regardless of how this will play out in 2021 it will be profound.
Threat actors have not been slowing down, on the contrary, they accelerated as well both from organized crime syndicates to state actors. In the region we reside (Northern Europe) we are facing a unique Geopolitical situation which is expressed through illicit activities which will constitute additional challenges for the future.
This being said, yes there are profound challenges currently and those will not go away nor decrease even in a post pandemic world. You will not be able to completely control the narrative, but you can control your potential exposure. Key in all this is to know your scenery, the risk appetite if you will in combination of your current security posture. If you have not already, start by reviewing your risk appetite, this needs to be signed off by your business meaning go well beyond IT operations and onto the C level table. Once you have a proper view on this continue to map out your current security posture, based upon this work you will be able to identify what gaps to work on which should be constructed into a roadmap for the next 24months.
While you digest your Christmas dinner why not kick back and listen to Mr Almeflo and his view on some of the topics mentioned above:
Want to keep track of what's happening in cybersecurity? Sign up for Nixu Newsletter.