The Most Important Cybersecurity Lessons of 2020

It’s finally over

At the close of a year that turned our world upside down, it’s more than fair to wonder and worry about what 2021 might bring. Even as we pray for health, prosperity, and peace, cybersecurity professionals understand that these blessings will remain under constant attack by malicious actors for whom every upheaval in our lives is an opportunity to strike. 

Despite the high-profile breach of SolarWinds and ongoing attacks from state-sponsored actors, I believe the COVID-19 pandemic best illustrates that point in a couple of different ways. Here’s why: In 2020, companies worldwide asked their teams to work remotely all or part of the time. But not all of them had appropriate security protocols in place beforehand, leaving their networks vulnerable to attackers as they made the transition. 

I’m not suggesting that business owners (or even health professionals) should have predicted the arrival of the novel coronavirus, but there are any number of natural and manmade disasters that can force us out of our offices. We all need to have a continuity plan – and cybersecurity should certainly be one of its guiding principles. 

For those who did have a plan, now is the time to ask if it was followed correctly and if it worked effectively. I strongly encourage CEOs and business owners to include your infosec teams in these discussions and perhaps have them take the lead. More importantly, listen and act on their recommendations because the new normal will come with new challenges for all of us. 

Assuming that the US and other nations are able to contain the spread of COVID (as we hope and expect), some companies will ask their workers to return to an office environment, some will make the remote model a permanent feature, and still others will adopt a hybrid approach that features elements of both. Safety and productivity are the factors that will most likely (and appropriately) drive those decisions. But effective cybersecurity measures should be a non-negotiable feature regardless of the workplace model.

Shameless plug

Not to turn this post into a commercial, but Raxis (and some other pen-testing companies) can be of great help in this process. That’s because we understand where attackers are most likely to focus their efforts and thus where your company is most vulnerable. We speak the same language as your infosec team, so we can work with them to come up with a plan that gives you the most flexibility to meet your business needs, but still keeps you and your network safe from attackers.

My hope is that an enduring lesson from the COVID-19 experience (and other events in 2020) is that more organizations need to take a proactive approach to cybersecurity. Though we can’t predict who will be breached and when, we know for certain that the attacks will continue indefinitely. And while we don’t know when a global or local disaster will disrupt our operations, we should be ready to respond swiftly and securely if it does.

Here’s to a safe, secure, and prosperous new year for your business. At Raxis, our business is helping you stay that way.