October is Cybersecurity Awareness Month. This year seems to have drastically changed the cybersecurity world now that many people are working remotely. IT teams are stretched thin to support remote needs, there are issues that arise with connectivity/bandwidth, and employees are using personal devices to access work files. Because CPA firms were forced to rapidly move to remote work, security may have taken a back seat to maintain operations.
As we celebrate Cybersecurity Awareness Month and head toward 2021, here are some cybersecurity trends Cetrom has noticed:
Trend 1 - The cybersecurity skills gap
The supply and demand for cybersecurity professionals is off balance. Based on a research study by ESG and ISSA, there are multiple factors which contribute to the skills gap. In the study, 68% of professionals interviewed felt their career paths weren’t well defined. Additionally, 52% of respondents felt hands-on experience was more important than certifications. However, joining the industry requires cybersecurity experience in the first place. Organizations have a role to play in this as well. Of respondents, 36% felt their organization could provide a bit more training while 29% felt their organization could provide significantly more training. And finally, it takes time to become proficient in cybersecurity. 39% of respondents believed it takes about 3-5 years to become proficient in the industry, 22% believe it takes 2-3 years and 18% believe it takes more than 5 years. In other words, cybersecurity professionals face numerous hurdles to become proficient in the industry. Thus, the gap between supply and demand for cybersecurity professionals only increases as time goes on.
Trend 2 - The use of artificial intelligence
Artificial intelligence (AI) is where machines learn to act on their own. The advancement in AI is greatly thanks to machine learning (ML). Machine learning takes data, such as images, clicks, words and numbers, and runs it through algorithms. Those algorithms are then used to detect patterns that are then used to feed deep learning. Deep learning finds the patterns and then amplifies them. These advancements have led to breakthroughs such as facial recognition and can in turn be used in the world of cybersecurity.
AI collects data that helps detect threats quicker. Based on analyzed behavior, AI can detect patterns and abnormalities. AI will also influence the traditional way companies protect themselves from cybersecurity attacks. Before, a company may implement many levels of security measures, such as firewalls, to control and monitor network traffic, anti-virus software to scan for malicious files, and regular file backups. But with AI, companies will be able to monitor and respond to security incidents, use firewalls with machine-learning to detect patterns, and understand the origin of cyberattacks.
Trend 3 - BYOD and Mobile Security
There was a time when employees only used company-issued devices. But with the proliferation of smart devices and onset of the pandemic, almost everyone comes to work with an internet-connected device. Bring your own device (BYOD) poses risks when employees are accessing work-related files on their personal devices rather than company-issued devices. It puts your organization at greater risk of data loss/theft, data breaches, network intrusions and employee distraction based on negligent practices. According to Trend Micro, 50% of companies that allowed BYOD were breached via employee-owned devices.
Organizations can take steps to increase the security of personal device usage by defining a BYOD Policy. A BYOD Policy defines topics such as acceptable application/asset usage, minimum required security, company rights for altering the device, and company-provided components like device authentication. In a BYOD policy, consider including guidelines on topics such as password provisions, proper maintenance/updates and data wipe procedures. Digital Guardian provides an in depth look at what a BYOD policy should look like.
Trend 4 - Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is the process that enhances security by requiring two pieces of evidence to log into an account. For example, logging into a website might require both a password and a code sent to your phone. According to the National Institute of Standards and Technology, there are three categories of credentials: something you know (such as a password), something you own (such as a phone), and something you are (such as a fingerprint). MFA requires two of these categories in order to enhance security. It introduces an extra level of security by creating another hurdle which hackers must jump over to access your account. Thus, a hacker would have to steal both your password and device. These days, it’s hard not to notice when your phone has gone missing.
Trend 5 - Cloud storage and protection
The cloud allows you to store your files on the internet rather than on your hard drive. In this way, you don’t lose access to your documents and data if a hacker gets hold of your laptop or personal device hard drive. Files stored on the cloud are also usually encrypted. There are several measures cloud service providers put in place to further protect your data. If you’re interested in migrating your infrastructure to the cloud, Cetrom uses AI technology and offers cybersecurity training to keep your employees and data safe.