A year and a half in the evolution of digital society

For close to eighteen months now, most people around world have gone through highly challenging times, regardless of location, business and other factors. We wanted to take a look on how digitalization has coped amid the pandemic turbulence.

In March 2020, it was becoming clear that COVID-19 was not going to turn back at the door to Europe and we all needed to act. To maintain business, we turned to digitalization in order to maintain ability to keep the business momentum going regardless if we represented public sector or private.

Most organizations had a this point several digitalization projects going. For the most part those were accelerated in order to facilitate the new immediate needs now surfacing. One which was standing out was the ability to work from anywhere. For those of us who have been roaming users for the past 15years the change was not profound; for other roles in organizations the impact was significant. Mission critical roles not only had the need to operate remotely but also being served access deeper into the back-end systems of the organization. This called for additional security capabilities to maintain resilience.

At Nixu, we swiftly got going with ramping up capabilities in order to meet the not new but increased demand of services. This enabled the new way of working for our existing and new clients. In addition, we put some words down in order to support our clients in terms of guidance:

Building a path to secure digitalization in the current situation has four states: Enable - Validate - Optimize - Operate 

 

Security organizations have during the pandemic been challenged – as one might have expected – in terms of keeping up in the enablement phase and are now playing catch up in the validation phase. Make no mistake, there are times where enablement of the organizational capability needs to be prioritized over security. This is acceptable as long as it’s a known decision and measures are taken once the organization is up and running at a steady state.

By the end of 2020, we saw that most organizations had reached or were about to enter the Validation state. Evidence of this was the uptake of services relevant in this stage such as:

• Red Teaming
• Scanning services (specific to cloud security configurations and vulnerabilities)
• General Pen tests
• Cyber Security Roadmap
• Digital Identity Reviews

In addition to the massive acceleration in digitalization there have been dark clouds coming in on many levels.

For organizations based in Europe who have invested heavily in cloud technology Schrems II came as an additional slap in the face. Some might have seen this coming but the majority did not, and the situation added to the ongoing uncertainty. The European Data Protection Board adopted in June 2021 its final recommendations on supplementary measures, first adopted after the November 2020 Schrems II ruling. It remains to be seen how the situation continues to develop.

Threat actors have not been slowing down, on the contrary, they accelerated as well both from organized crime syndicates to state actors. In the region we reside (Northern Europe) we are facing a unique geopolitical situation: this can be seen in various illicit activities which will constitute additional challenges for the future.

Globally, the cybercriminal threats continue to evolve. A recent example is the six-day shutdown of the Colonial Pipeline that triggered panic buying and fuel shortages in south-east United States. The attack was carried out by a group calling itself DarkSide that describes its operational model as “ransomware as a service”.

There currently are profound challenges that will not go away nor even decrease in a post pandemic world. You will not be able to completely control the narrative, but you can control your potential exposure. Key in all this is knowing your scenery – the risk appetite, if you will – in combination of your current security posture.

If you have not already, start by reviewing your risk appetite. This needs to be signed off by your business: go well beyond IT operations and onto the C level table. Once you have a proper view on this, continue to map out your current security posture: based on this work you will be able to identify what gaps to work on and how to construct a roadmap for the next 24 months.

Threats evolve, so security measures must do so as well. In 2021, Nixu has made additional moves in fronts such as industrial IoT and security awareness training. The return to a more normal daily life post-COVID is hopefully close, but digitalization is unlikely to return to where it was in early 2020.

We recommended the presentation below in late 2020 and it is still relevant six months later. So kick back and listen to Mr Almeflo and his view on some of the topics mentioned above:

Want to keep track of what's happening in cybersecurity? Sign up for Nixu Newsletter.