Cyber CEO: Is Your Enterprise Up For the Most Challenging Year in our Industry?

March 19, 2021

---

If your entire workforce returned to the office tomorrow, would your security team be prepared?

A new year is always filled with the hope of new beginnings and oftentimes, a little uncertainty, and boy was that the case this year. If 2020 taught us anything, it’s that we have to be as prepared as possible for whatever comes our way and embrace a flexible and nimble approach to life… and cybersecurity !

Herjavec Group kicks off each year by releasing our annual Cybersecurity Conversations for the C-Suite report. This report is a guide to executive-level cybersecurity conversations. It showcases the cybersecurity trends we expect to capture attention in the upcoming year and highlights the questions that executives should be asking themselves and their teams as cyber-aware professionals.

In last year’s report, we predicted it would be “The Year of Digital Transformation.” We recommended enterprises take an integrated approach to cybersecurity by prioritizing three areas:

• Identity-Focused Digital Transformation Driven by Context
• Proactive & Customized Security Planning Through Threat Modelling
• Leveraging the Power of Security Orchestration, Automation & Response (SOAR)

While these transformations were critical, they were overshadowed by the mass accelerated moves to the cloud, and to remote work scenarios due to the COVID-19 Pandemic.

Over the last year we experienced a complete change to our “every day” - from the immense pressures on our global healthcare system, to the way we travel, do business, and most importantly, connect with others. Almost overnight, enterprises sent employees home, supported by monitors, laptops, desktops, printers, and phones which were connected to unknown, or unsecured personal environments.  Phrases like “just get it done” and “do what you can to keep the lights on” became the mantras for many organizations (and unfortunately security programs) as we did our best to grapple with the dreaded “new normal.”

Some of you thrived – you quickly rolled out your remote workforce, your SOC transitioned to work from home (as ours did), and for many, it almost felt too easy.

Let me be the first to say, it was.

We got it done but did we proactively protect this transition as well as we could have? Think long and hard…

• What endpoint protection was in place before you sent those devices home?
• What was the frequency of your scanning program?
• What was your process for patch management, and have you kept it up?
• How confident are you in your cyber visibility? In your ability to detect and contain an infected device?
• How would you feel if your entire team returned to work tomorrow and plugged into the enterprise network?
• Do you have the support required to address the infections that may follow another dramatic shift in the way we work?

To truly prepare for the security challenges we will face this year you need to be able to address the points above with complete confidence. Just because 2020 is behind us, it doesn’t mean we can sit back and relax. To put it frankly, we are in for a difficult year.

I will go on the record confirming that 2021 will be the most profound year in cybersecurity in our global history.

This is going to be the year we look back to in terms of heightened impacts of nation-state attacks and emerging malware threats. Targeted attacks like those against the SolarWinds supply chain, and the total system disruption of UVM Health Network, are only the beginning of what we can expect to see. The challenges we will face as a cybersecurity community will be varied, continuous, and demanding. With the COVID-19 vaccine being rolled out, enterprises will start heading back into the physical workspace, embracing a flexible, hybrid work model. We will reconnect the devices we sent home a year ago and be in for a world of hurt if the right processes, programs and support services are not in place. 

As cybersecurity professionals, the pandemic drastically affected the way we detect, manage, respond, protect, and secure. I surveyed the Herjavec Group executive team to get their take on how enterprise leaders will need to adapt their security programs as a result.  This year Herjavec Group’s Conversations for the C-Suite Report is dedicated to the conversations we recommend having with your executive teams in order to confront the paradigm shift resulting from the pandemic head on:

• “COVID Testing” Your Devices – The Process and Support Required to Manage, Detect & Respond to Emerging Threats
• Refreshing Emergency Preparedness Plans – Why Incident Response Expertise is More Critical Now Than Ever
• Re-Prioritizing Scanning and Testing Programs– Continuous Improvement Is Not Optional

2020 proved to be a formidable adversary, bringing historic losses and challenges. If we have learned anything throughout the pandemic, it’s that we as a people are resilient, adaptable, and industrious. The collaborative innovations, moments of compassion, and examples of sheer willpower that we bore witness to are undeniable proof that if we work together and support each other in moving forward towards our common goals, there is nothing we cannot overcome as a cyber community.

I’m a huge proponent of reading – and continuous learning. My team will tell you, I say all the time that, “being a great leader, is being a great reader”. So with that, I encourage you to review our latest HG Conversations report and share your perspectives with us, and with your team.

Download the Herjavec Group 2021 Cybersecurity Conversations for the C-Suite Report here.

Here’s to a (cyber) safe 2021…Let’s keep the conversation going.

To Your Success in 2021 and beyond, 

Subscribe below for new issues of Cyber CEO, timely Threat Advisories, and Herjavec Group Thought Leadership