Until very recently, cybersecurity has benefitted from year-on-year budget growth. These regular increases have enabled the security team to make investments that ensure protection against attacks and adherence to regulatory compliance.
For some verticals, this is seen as a cost of doing digital business. Meanwhile, for others – retail and finance, for example – the ability to demonstrate how seriously data protection and governance are viewed is a competitive advantage, in turn justifying further investment for business growth.
Budgets Will Change in 2021
When the pandemic struck, corporate cybersecurity teams had to move fast. In a matter of days, employees found themselves working from home and the security team needed to change from managing controlled office environments to enabling security remotely and ensuring that people remained reliably connected and productive. The need to for visibility was critical to protect against threats that were now outside of corporate security controls, hiding inside home Wi-Fi or on family downloads using personal computers and tablets.
This has resulted in IT security teams having to reduce budget against projects scheduled for 2021, with funds being re-allocated to pandemic-related business and workforce enablement. This is coming at a time when organizations have tightened corporate braces to account for lost business and to work on being in a strong financial position for 2021.
The net result of these changes makes it likely we will see security budgets reduced in 2021. Not necessarily pulled down to zero, but where recent growth has been more than 10 percent, it could dip as low as six percent in the coming year. Any project undertaken will need to show value fast. As such, the security team must think differently – look for ways to be more effective and deliver solutions that leverage existing infrastructure to improve overall security posture with minimal investment.
Better Protect Traffic on the Network
Remote working has changed how we do business in ways that can be hard to consider. Pre-pandemic, at least one end of any transaction would be carried out by someone in an office, protected by corporate security controls.
Take the example of renewing insurance: In 2019, you may have called the insurance company and spoken to a helpful call-center specialist who would have assisted in the transaction. Today, the specialist is working from their home, which may be a shared environment with family or roommates. How can we be sure that traffic in and out of their home WiFi is safe or that someone they live with is not accessing risky and malware-laden websites?
Remote working must not affect the security posture of the business. The security team still needs visibility, a reduction in alerts and early warning of threats – but now must manage across an increased attack surface.
Protection for Remote Workers
When considering enhanced protection for remote workers, many organizations are employing a one-size-fits-all approach. The challenge is that there’s either not enough security applied, which risks breach or data loss, or too much security, making it harder for employees to perform their role successfully.
The first step in protecting remote workers is to look at their roles and requirements and then consider the different security needs across tiers of access. In this way, it’s possible to provide protection based on need and not have to rely on a blanket approach. Consider these examples of how it might work:
• For some users, just a VPN with multi-factor or token authentication will be enough for them to gain secure access to email or corporate applications hosted on virtual desktop images.
• Users working with sensitive data or downloading documents need greater access. Providing them with managed Wi-Fi at home would not only allow access to corporate data as-if they were on the managed network, but also give greater visibility to the security team watching for alerts.
• A few users, such as developers and executive VIPs, need fully protected access to the network. In this case, a secure solution is required, which might include a firewall at home or virtual network support on their Wi-Fi. This is as close as a remote user can get to being directly connected to the corporate network while ensuring that home users cannot cause security issues and providing the security team with the best visibility.
Secure DNS Services
Cybercrime has skyrocketed since the start of this year. Common attacks have been on the rise, including phishing, ransomware and fake websites stealing personal data. This is a challenge for the security team, as employees working from home are sometimes more relaxed about the sites they access like personal emails opened on work devices.
A straightforward option is to use a secure DNS service. Many of us rely on DNS services provided by an ISP or service provider. This works well, but in today’s world is not ideal. Sites can be hijacked or a simple spelling mistake might cause a redirect to a fake site loaded with malware.
A secure DNS service such as Quad9 is simple to integrate into any environment, with configuration automatically delivered to endpoint devices as part of the corporate DHCP service. Secure DNS services use multiple threat-feeds to validate internet addresses, blocking and reporting high-risk sites while protecting user privacy.
Smaller Budget, Smarter Security
These solutions provide secure ways of managing remote users and the investments will still be beneficial as we slowly return to normal working in 2021.
Enhancing network security with a secure DNS reduces the risk from cyber-attacks by ensuring the reputation of internet traffic on the network. Providing different levels of remote worker security ensures suitable protection and, at the same time, helps the security team with enhanced visibility and simplified support when issues occur.
Reduced security budgets will carry challenges in 2021, but smarter thinking will alleviate pain points.