5 ways to improve your security posture in 2020

Billions of records were exposed through thousands of data breaches in 2019. Ransomware continues to loom large as a threat, with cybercriminals adopting ever more sophisticated approaches to attack. Regulatory compliance has proven challenging for corporations and government organizations alike.

At the same time, the evidence is increasingly clear for corporate boardrooms that cyber risk and business performance are inextricably linked. CEOs are more often being held responsible for cybersecurity incidents, according to Gartner research, and this is driving a deeper commitment to tighten defenses.

If you’re determined to safeguard your organization and achieve a stronger security posture in 2020, watch these five trends in the coming year.

1. Zero trust networks

While the traditional approach to data security was to build an impenetrable wall, there’s a growing realization that this idea is flawed. Maintaining a defensive perimeter when your network is spread across multiple cloud vendors, physical locations, and distributed workforces is very difficult, perhaps impossible.

It’s time for a new mindset of zero trust.

Again and again, we’ve seen cybercriminals and bad actors exploit weak links to gain access to networks and then do serious damage by moving laterally. Stricter identity verification for every device or person that wants to access your data is required. Don’t blindly trust any request.

Zero trust may seem radical and it will require a rethinking of processes and the adoption of several technologies, but it provides a holistic strategy to deal with a problem that has so far proven impossible to solve.

2. Next wave of privacy, security and compliance

Expectations for data privacy and security are shifting. People are fearful of their personal data being exposed and expect businesses to go further to protect the precious data they hold. The cost of a data breach isn’t just about the clean-up, there is reputational damage to consider, not to mention the potential fines and penalties that can be applied.

Failure to meet compliance requirements is not an option for a responsible company. It’s vital to consider third-party risk and perform proper assessments, not just internally, but across the entire business, partners and all. Both the general public and regulators have shown a drastic reduction in patience or forbearance in the event of a cybersecurity incident.

To ensure compliance, businesses need to be proactive and look ahead on the calendar to all the incoming regulations. In the face of wave after wave of regulations it’s better to implement a wide-reaching security strategy and build a solid foundation for future efforts, than to reactively apply band aids.

3. Monitoring and detecting emerging threats

Most businesses understand the need for real-time monitoring and scanning to uncover potential threats. Scanning for known vulnerabilities and moving to mitigate them is only part of the puzzle. It’s crucial to reduce the gap between a successful attack that results in a malicious payload being released  and the moment your security system detects it. But it often takes hours or longer to detect threats, especially when those threats are unfamiliar.

Emerging threats are constantly evolving and so our monitoring and detection techniques must evolve. Businesses need to develop better threat intelligence and they need to think about how to get the most from it. Automation and expertise must come together with a deep understanding of your company’s risk tolerance to reap the rewards of threat intelligence.

4. Phishing attacks and remote browser isolation

People are often easily manipulated, and cybercriminals take advantage of social engineering to gain access to networks every day. Phishing, and variants like smishing and vishing, are commonplace. Phishing attacks are now a bigger concern for security professionals than malware. Potential attacks are incredibly varied and sophisticated. Cybercriminals work together, selling access and tools and developing and sharing new strategies that work.

While security awareness training is advisable, it’s not enough to nullify the threat. Remote browser isolation, through virtualization and containerization technologies can be a great way of separating high-risk behaviors like web browsing from critical data and infrastructure. Most malware is downloaded by employees clicking the wrong link or visiting the wrong website. It may be impossible to stop all of them from doing that, but remote browser isolation can prevent those actions from causing major harm to your business. 

5. Cloud security

Businesses of all shapes and sizes are storing more and more data in the cloud. That’s largely because cloud services offer scalability and cost effectiveness, but it also means that company services and data can end up being spread across multiple locations. Most businesses have a hybrid cloud infrastructure that enables them to be agile and develop new services and products while hanging on to legacy applications that still offer business value.

The problem is that cloud adoption increases your potential attack surface and you are still responsible for the security of the data your third-party partners hold. There is considerable risk to be managed. Cloud services are attractive targets, so it’s essential that companies put more thought into applying best practices for cloud security.

Prepare to be continuously vigilant in the year ahead and rise to the new challenges that will emerge.