The State of Security

Security — both physical and digital — is at the forefront like never before. After the mega- breaches of 2018 and 2019, analysts were preparing for a year of unprecedented attention to security. That was before COVID hit.

Trends that had worried cybersecurity teams for years, like endpoint proliferation, reliance on cloud infrastructure and decentralized workplaces, have accelerated faster than anyone could have imagined.

Security Defined:

Security means protecting users’ data from misuse or disclosure to internal and external threats. It is foundational to privacy and reliability. Build an effective security infrastructure before you collect your first piece of customer data. Putting off security improvements is simply another way of accruing technical debt, and a dangerous one at that.

Key Trends in Security in 2020

SECURITY: TREND 1

The Rise of Multi-factor Authentication

In 2019, more than 4 billion records were exposed due to data breaches. Poorly secured identities and passwords are still our weakest link, especially in the face of social engineering and password-cracking tools. In fact, 81% of all confirmed data breaches involved weak, default or stolen passwords.

A key weapon for fighting back is to implement a multi-factor authentication (MFA) system that can help reduce the risk of identity compromise by more than 99.9%. By using biometrics and physical tokens such as the user's mobile device, organizations can increase safety and streamline the user experience, and industry partners can help scale while still ensuring personal privacy.

A bubble chart depicting security breaches. Some bubbles contain the number affected. A vertical axis ranges from 2018 to 2020 in increments of 1. All data are approximate. From largest to smallest the data is as follows. Facebook 420,000,000 2019, Marriott Hotels 383,000,000 2018, OxyData 380,000,000 2019, Twitter 330,000,000 2018, Indian citizens 275,000,000 2019, Microsoft 250,000,000 2020, Chinese Resume leak 202,000,000 2018, Pakistani mobile operators 115,000,000 2020, Dubsmash 162,000,000 2019, MyFitnessPal 150,000,000 2018, Canva 2019, Nametests 120,000,000 2018, Quora 100,000,000 2018, Firebase 100,000,000 2018, Cathay Pacific Airways 2018, Capital One 2019, WordPress 2018, MyHeritage 2018, Careem 2018, Facebook 2018, Google+ 2018, LocalBlox 2018, Newegg 2018, Panerabread 2018, SKY Brasil 2018, TicketFly 2018, Animoto 2019, 8fit 2019, 500 px 2019 , Facebook 50,000,000 2018, Microsoft 44,000,000 2019, Wawa 30,000,000 2019, BriansClub 26,000,000 2019, db8151dd 22,000,000 2020, MGM Hotels 10,600,000 2020, EasyJet 9,000,000 2020, Marriott Hotels 5,200,000 2020, Chtrbox 2019, Black Media Games 2019, HauteLook 2019, EyeEm 2019, Fotolog 2019, Houzz 2019, Ixigo 2019, ShareThis 2019, Suprema 2019, Whitepages 2019, YouNow 2019, Amazon 2018, Amazon 2018, British Airways 2018, CMS 2018, Dixons Carphone 2018, Click2Gov 2018, Dell 2018, Health South East 2018, Grindr 2018, Healtcare.gov 2018, High Tail Hall 2018, GovPayNow.com 2018, MBM company 2018, Orbitz 2018, NMBS 2018, Saks and Lord & Taylor 2018, T-Mobile 2018, Ticketmaster 2018, Texas Voter Records 2018, SingHealth 2018, Vision Direct 2018, Urban Massage 2018, ViewFines 2018, Artsy 2019, Amo Games 2019, Blue 2019, BookMate 2019, Australian National University 2019, Blur 2019, Bulgarian National Revenuw Agency 2019, DataCamp 2019, DoorDash 4,900,000 2019, Desjardins Group 2019, CoffeeMeetsBagel 2019, Coinmama 2019, HauteLook 2019, ge.tt 2019, Roll20 2019, Petflow 2019, Quest Diagnostics 2019, Stronghold Kingdoms 2019, Toyota 2019, Unknown 2019, US Customs and Border Protection 2019, Vardguiden 2019, WiFi Finder 2019, Boots Advantage Card 2020, Buchbinder Car Rentals 2020, Dutch Government 2020, Israeli govenment 2020, Virgin Media 900,000 2020, Tesco Clubcard 600,000 2020, Zoom, 500,000 2020, Nintendo 300,000 2020, US Marshals Service 287,000 2020, Mount Olympus 188,000 2018.

Georgian Impact Podcast

Episode 105: You Will Be Breached with Kerry Bailey

“You will be breached, you need to know where your data is, you need to know you're going to have vulnerabilities in this very distributed world."

Our Prediction

MFA Spreads to All Sectors and Company Sizes

Innovation and competition in the multi-factor authentication space will, for the first time, produce cost-effective and user-friendly solutions for SMBs to adopt in 2020, which will drive mass MFA rollout globally.

Best-in-Class Responses

WHAT TO DO

  • Implement MFA throughout your organization for systems that support it.
  • Use a password manager for those services that do not offer MFA
  • Train employees on the risks of weak passwords.

SECURITY: TREND 2

Extreme Proliferation of User Device Endpoints

The past decade has seen a significant switch from company-provided devices to bring-your-own-device (BYOD) policies. It’s no longer just smartphones, either — employees are now using their own laptops, tablets and smart watches at home and at work. In fact, Gartner, Inc. forecasts that the enterprise and automotive Internet of Things (IoT) market will grow to 5.8 billion endpoints in 2020, a 21% increase from 2019.

Our Prediction

Attackers Focus on IoT at Home

The more devices that are connected, the more vulnerable your network is to security threats, thus increasing your chances of malicious attacks from online sources and malware threats. We predict that a major vulnerability will be found in a consumer IoT device as attackers target the distributed workforce.

WHAT TO DO

  • Assess which employees or devices are within your company’s realm of responsibility.
  • Proactively identify vulnerabilities and develop contingency plans.
  • Install security protection on all devices that will be used for work.
  • Ensure robust monitoring of all authorized devices — and that all relevant applications are updated and patched.

SECURITY: TREND 3

Total Decentralization of the Workplace

WFH Security Policies Become Table Stakes

Many companies, for the first time, will need robust and scalable security infrastructure to manage sensitive business information on their employees’ home devices and networks. IT managers will need to assess the effectiveness of new solutions and roll out policies as quickly as possible to maintain the peak performance of their organizations.

Our Prediction

WFH Security Policies Become Table Stakes

Many companies, for the first time, will need robust and scalable security infrastructure to manage sensitive business information on their employees’ home devices and networks. IT managers will need to assess the effectiveness of new solutions and roll out policies as quickly as possible to maintain the peak performance of their organizations.

WHAT TO DO

  • Provide employees with basic security training at frequent intervals.
  • Provide your people with secure remote access to work resources.
  • Install endpoint protection on all devices that will be used for work.
  • Define list of approved cloud services for file and data sharing.

Security: Key Takeaways

Now that you know what data you should be collecting, and your stakeholders are fully aware, it is your responsibility to protect it from bad actors.

Businesses have the opportunity to differentiate on security by protecting data from misuse or disclosure to internal and external threats and proactively planning for breaches. In summary, tech leaders should consider these important points in 2020:

  • 1 Innovation and competition in the multi-factor authentication space will, for the first time, produce cost-effective and user-friendly solutions for SMBs to adopt in 2020, which will drive mass MFA rollout globally.
  • 2 The more devices that are connected, the more vulnerable your network is to security threats, thus increasing your chances of malicious attacks from online sources and malware threats. We predict a major vulnerability will be found in a consumer IoT device as attackers target the distributed workforce.
  • 3 Many companies, for the first time, will need robust and scalable security infrastructure to manage sensitive business information on their employees’ home devices and networks. IT managers will need to assess the effectiveness of new solutions and roll out policies as quickly as possible to maintain the peak performance of their organizations.

Security Checklist

The Rise of Multi-factor Authentication

  • Implement MFA throughout your organization for systems that support it.
  • Use a password manager for those services that do not offer MFA.
  • Train employees on the risks of weak passwords.

Extreme Proliferation of User Device Endpoints

  • Assess which employees or devices are within your company’s realm of responsibility.
  • Proactively identify vulnerabilities and develop contingency plans.
  • Install security protection on all devices that will be used for work.
  • Ensure robust monitoring of all authorized devices — and that all relevant applications are updated and patched.

Total Decentralization of the Workplace

  • Provide employees with basic security training at frequent intervals.
  • Provide your people with secure remote access to work resources.
  • Install endpoint protection on all devices that will be used for work.
  • Define list of approved cloud services for file and data sharing.

Continue reading

This post is part of our 2020 State of Trust Report. If you don't see a menu on the left of your screen, dive into the rest of the report here.