What are the post-pandemic security concerns for IT pros?
COVID-19 has had a huge impact on businesses across every industry, and while the urgent need to adapt in early 2020 may have been replaced with greater stability, residual effects remain. In fact, IT policies implemented to deal with the impact of the pandemic are among the leading macro trends currently influencing enterprise IT risk.
The recent SolarWinds IT Trends Report 2021 found that more than a year of unprecedented upheaval has ultimately served as a catalyst for a wider exploration of the enterprise IT risks currently affecting organizations. External security threats and the risk introduced by a remote and distributed workforce are the most notable, along with cost-cutting and consolidation, but there are plenty of ways IT pros can help their companies deal with the challenges ahead.
Dealing with security breaches
According to the SolarWinds survey, security breaches are seen as the biggest external factor influencing an organization’s risk exposure. 46% of the tech pro respondents cited external security threats, such as cyberattacks, as the top macro trend influencing their organizations’ risk exposure. So, what can we do to mitigate such threats?
For starters, IT pros need to do everything they can to avoid the apathy and complacency that are sure-fire ways to increase an organization’s exposure to risk. It’s far too easy to think about security as an add-on that somebody else needs to handle. This can be especially true for IT pros who have been at the same company for a long time or worked at businesses with discrete security teams.
Security falls within every IT pro’s responsibility—most of the risks we face are caused by human behavior, and IT pros are very much a part of an extended security team.
IT teams need to examine current processes from the outside in and deploy solutions capable of providing complete visibility into all systems to identify areas of risk and opportunity. Even small changes can make a big difference, such as implementing faster upgrades and patches, or using password managers, and MFA (multi-factor authentication) solutions can easily help strengthen the overall security of a company.
The risk of remote working
External security breaches have coincided with an increase in supporting a remote and hybrid workforce, and 35% of respondents in the SolarWinds IT Trends Report explained the accelerated shift to remote working was the number one aspect of current IT environments considered to increase an organization’s risk exposure.
The impact of the COVID-19 pandemic has amplified the hybrid IT reality, introducing fragmented policy, configuration, and visibility, increasing the reach of risk from on-premise data centers to the public cloud, IoT, and beyond.
While the shift to remote working was cited as a leading factor in heightened risk exposure for businesses over the past year, and presented a huge challenge during 2020, we’ve thankfully reached the point where many tech pros are confident with remote work policies.
There are still plenty of things IT pros can do to reduce the level of risk exposure, however. It’s critical to move from simply accepting the current exposure to a mindset in which any level of risk exposure is unacceptable.
Cyberattacks will likely always be a threat, and security compromises will happen, and this makes it even more important for IT pros to implement detection, monitoring, alerts, and responses along the kill chain, and implementing systems to measure their effectiveness.
Other factors contributing to increased risk exposure
Other factors that contributed to an increase in an organization’s risk exposure also included a lack of skilled IT staff due to cost-cutting, consolidation, and/or outdated skill sets in employee base (34%).
This is where IT pros may need to step outside their comfort zones, presenting proof points and justifications to senior management to implement more effective policies and technologies at scale.
To win approval and buy-in, recommendations should include facts and figures where possible, pinpointing the impact on customer trust if the organization chooses to ignore any recommendations. It’s also important to highlight other areas of the business that could be affected by security breaches—how much downtime would the business face if there’s an unforeseen issue, for example? What’s the financial impact on the company, and how does it compare to the cost of investment in a more effective IT security strategy?
Once again, this may seem like it’s outside of an IT pro’s typical roles and responsibilities, but strategic conversations between IT departments and senior business leaders that can lead to investment where it matters most is imperative to helping cut an organization’s risk exposure.
Together, such solutions can help your organization be more prepared to defend against any level of risk exposure, using technology to manage, mitigate, and resolve issues related to risk in 2021 and beyond.