The Exploit

Notes from the Front Lines of Penetration Testing

The Most Important Cybersecurity Lessons of 2020

The Most Important Cybersecurity Lessons of 2020

Written by

At the close of a year that turned our world upside down, it’s more than fair to wonder and worry about what 2021 might bring. Even as we pray for health, prosperity, and peace, cybersecurity professionals understand that these blessings will remain under constant attack by malicious actors for whom every upheaval in our lives is an opportunity to strike. 

Despite the high-profile breach of SolarWinds and ongoing attacks from state-sponsored actors, I believe the COVID-19 pandemic best illustrates that point in a couple of different ways. Here’s why: In 2020, companies worldwide asked their teams to work remotely all or part of the time. But not all of them had appropriate security protocols in place beforehand, leaving their networks vulnerable to attackers as they made the transition. 

I’m not suggesting that business owners (or even health professionals) should have predicted the arrival of the novel coronavirus, but there are any number of natural and manmade disasters that can force us out of our offices. We all need to have a continuity plan – and cybersecurity should certainly be one of its guiding principles. 

For those who did have a plan, now is the time to ask if it was followed correctly and if it worked effectively. I strongly encourage CEOs and business owners to include your infosec teams in these discussions and perhaps have them take the lead. More importantly, listen and act on their recommendations because the new normal will come with new challenges for all of us. 

Assuming that the US and other nations are able to contain the spread of COVID (as we hope and expect), some companies will ask their workers to return to an office environment, some will make the remote model a permanent feature, and still others will adopt a hybrid approach that features elements of both. Safety and productivity are the factors that will most likely (and appropriately) drive those decisions. But effective cybersecurity measures should be a non-negotiable feature regardless of the workplace model.

Not to turn this post into a commercial, but Raxis (and some other pen-testing companies) can be of great help in this process. That’s because we understand where attackers are most likely to focus their efforts and thus where your company is most vulnerable. We speak the same language as your infosec team, so we can work with them to come up with a plan that gives you the most flexibility to meet your business needs, but still keeps you and your network safe from attackers.

My hope is that an enduring lesson from the COVID-19 experience (and other events in 2020) is that more organizations need to take a proactive approach to cybersecurity. Though we can’t predict who will be breached and when, we know for certain that the attacks will continue indefinitely. And while we don’t know when a global or local disaster will disrupt our operations, we should be ready to respond swiftly and securely if it does.

Here’s to a safe, secure, and prosperous new year for your business. At Raxis, our business is helping you stay that way.


Mark Puckett

Posted on

Categories:

Also by Mark Puckett

Human Vs AI Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Penetration Testing

Tailored, expert-led penetration testing services that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Ready to See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.