Editor's note: This article is part of Behind the Firewall, a recurring column for cybersecurity executives to digest, discuss and debate. Next up: Would you sign a contract with a vendor that previously suffered a security incident? Email us here.
Cybercrime cost the enterprise more than $1 trillion in 2020, according to McAfee, and businesses are increasing security budgets to keep up.
The global cybersecurity market will exceed $60 billion in 2021, a 10% year-over-year increase, Canalys forecasts, boosted in part by the need to secure remote work. Web and email security will see the most growth, with a 12.5% increase.
Cybersecurity leaders invested heavily in securing the remote and hybrid workplace since the enterprise landscape changed in March 2020. Combating increases in malware, scattered endpoints and a range of operating systems, threat actors have expanded entry points to attack.
From VPNs to multifactor authentication tools, cyber leaders are using the uptick in security budgets to invest in protecting a remote and hybrid workforce. As long-term strategies for remote work solidify, here are the security investments that will stick around:
(The comments below have been lightly edited for length and clarity.)
Vanessa Pegueros, chief trust and security officer at OneLogin
"The top priorities we had included a cloud-based domain blocking tool, always-on VPN, new EDR tool, enhanced logging pulled into the SIEM and detections built to detect suspicious user activity."
Vanessa Pegueros
Chief trust and security officer at OneLogin
We had a roadmap laid out prior to COVID-19. As a result of COVID-19, we did shift the priority of some of our projects, however, we did not change the nature of our projects.
The top priorities we had included a cloud-based domain blocking tool, always-on VPN, new EDR tool (Endpoint Detection & Response), enhanced logging pulled into the SIEM (Security Incident and Event Management system) and detections built to detect suspicious user activity, e.g. Salesforce large file downloads.
James Robinson, deputy CISO at Netskope
"We implemented a new internal newsletter called the 'CISO Digest' to keep staff members informed and encouraged to report and take ownership of security on their respective teams.
James Robinson
Deputy CISO at Netskope
There are so many investments we've made in the past year to remain agile and secure in a rapidly transforming workplace, but I'll name a few key investments we've implemented that I'd highly recommend for others.
First, we've increased our cross-team engagement and outreach to ensure our teams can stay connected and engaged with the security organization. We implemented a new internal newsletter called the "CISO Digest" to keep staff members informed and encouraged to report and take ownership of security on their respective teams.
Second, we've prioritized "Purple Teaming," which means blending our offensive and defensive security practitioners to encourage the entire security organization to work together closely and maintain strong communication during remote work.
And third, it was vital to invest in VPN replacements such as Google IAP or Netskope NPA. These are cloud-delivered VPN alternatives that operate in a Zero Trust framework and provide more simplicity, control, and access than a traditional VPN.
Stel Valavanis, founder and CEO of onShore Security
"We stopped allowing split-tunneling via network policy in order to make sure we're logging all traffic for our now increased WFH user base."
Stel Valavanis
Founder and CEO of onShore Security
We stopped allowing split-tunneling via network policy in order to make sure we're logging all traffic for our now increased WFH user base. We also increased redundancy for certain systems that affected remote workers. And then modifications were made to our anti-phishing training that reflected the WFH increase.
onShore Security is a managed detection company. One thing we're seeing is that many organizations don't take the ability to detect into account when they're reviewing their security posture. For instance, they often employ split-tunneling for end-user VPN and even LAN-LAN or SD-WAN VPNs.
Obviously during COVID-19 there's a lot more VPN going on and if they split-tunnel, they make data invisible to their detection systems. Whether they're tunneling back to their core or using a hosted concentrator they need to fully empower their detection with the full network traffic. And all this access must employ multifactor authentication.