IEEE survey: a post-Covid cybersecurity roadmap for 2021

It has become something of a routine for the passing of the year to be marked by technology predictions. As interesting as it is to do a bit of crystal ball gazing, these trends often feel largely incremental, with most predictions littered with the latest buzzwords and marketing chatter. However, 2020 is a year like no other, and no doubt the experiences of technology advancement year will have far more fundamental implications for our use in 2021 and beyond. 

While it was driven by the most unwelcome of reasons, 2020 became a pivotal year in terms of technology usage and development. Our ability to ‘go online’ has somewhat been the savior for many business operations in the face of Covid-19. However, this swift transition was by no means a complete success.  Cybersecurity was one area that many organizations had neglected, and the pandemic brought many related loopholes and deficiencies to the surface, particularly in relation to associated policies and staff awareness.  Indeed, recent research suggests that many organizations were in fact ill prepared from this perspective and not equipped to make the sudden transition to online when it was needed. Whilst organizations may have permitted staff to get access from home and maybe even provided the tools by which to do so, many were by no means secure.

Reflecting upon this year, the IEEE announced the results from a recent global survey of Chief Information Officers (CIOs) and Chief Technology Officers (CTOs) and what they considered to be the top business priorities and concerns following the pandemic. The survey spanned five geographic regions, with responses from 350 CIOs and CTOs in Brazil, China, India, and the United Kingdom. While the full survey outlined a number of key themes, cybersecurity remained a top priority across all regions – beyond a range of immediate Covid-related issues – with 11 percent of respondents citing it as their biggest challenge. However, Covidcould be considered one of the main reasons that security still finds itself in focus this year.

Securing the remote workforce

Interestingly, the findings also reveal that organizations now consider themselves better prepared to respond to potentially catastrophic interruptions such as data breaches, with 53 percent feeling certain that their company is now better positioned to respond compared to a year ago. Alongside this, a further 39 percent felt at least a degree of confidence, believing that they are ‘probably’ better positioned, and only one percent felt that they were definitely worse off. Moreover, the vast majority (85 percent or more, regardless of region) felt that Covid-19 had helped to accelerate their preparedness – a potential positive we can take away from the rapid need for technology this year. There are, however, still notable areas of concern. Interestingly, the topmost issues are related to the mobile workforce, specifically, their use of their own devices, and the Internet of Things (IoT) – both of which highlight elements of our ongoing unpreparedness to secure technologies that are already in use. 

Looking at the primary concern around the mobile workforce (within which we can clearly include the home-based workers catalyzed by Covid), a key point to recognize is that businesses do not necessarily require anything fundamentally new. Securing the remote workforce requires a combination of suitable controls, policies, user awareness and education – all of which were relevant to home and mobile workers well before this year and Covid-19. The problem was that the global provision of them had seemed to follow a law of diminishing returns: organizations may well have provided the controls, but there was rather less likelihood of them having an accompanying policy, and even less likelihood of a policy being understood and followed by staff. As the survey indicates, this has been recognized by senior leaders with 37 percent expressing concern about their remote and mobile workforce. This perhaps indicates that businesses will be far more proactive in establishing cybersecurity next year and this is the point at which the tide can turn on this particular issue.

Lingering cause for concern

While the IEEE’s survey was not only about security throughout the pandemic, the topic still had a clear presence in responses to other questions. For example, one of the wider questions asked respondents what they considered would be the most important uses of blockchain technology in the coming year, and the top three uses from across the full group of respondents were all security related: securing machine-to-machine interactions in the IoT (59 percent), keeping health and medical records safe in the cloud (47 percent), and securely connecting parties within a specified ecosystem (46 percent). Cybersecurity is undoubtedly an issue at the forefront of everyone’s minds, but perhaps looking at things somewhat cynically, are we still placing our hopes on a technology-based solution? As with securing our remote workers, none of these issues are exclusively technical; we need the other parts of the puzzle to be in place as well.  The lack of a truly holistic perspective has been plaguing our cybersecurity efforts for years, and it would be foolhardy to predict that either 2021 or Covid will be the magic wand for that aspect.

So how have our attitudes been affected as we reach the end of the year, if not the end of the pandemic? On balance, it would seem that technology has emerged from 2020 as an undoubted winner – as it would be extremely hard to argue that we have been worse off this year because of it. In fact, it is highly likely the pandemic has accelerated our use of technology and its scale of adoption to such a great extent, that might otherwise have taken another 5-10 years to evolve naturally.

Having said all of this, there is still a lingering cause for concern. If we look at the IEEE survey’s broader findings, the respondents are suggesting that the most important technologies for 2021 are expected to be AI and machine learning, 5G and the IoT. As such, there is still a potential gap between our appetite versus our technological attention, and a question of whether we look to continue embracing the new, without having properly protected the old.

Professor Steven Furnell, IEEE Senior Member, University of Nottingham

Source link