For Businesses Digital Transformation Projects Have Accelerated
Palmore noted that while the COVID-19 pandemic has forced some businesses to close and others to migrate to remote work environments, it hasn’t stopped organizations’ need to collaborate or to pursue ambitious digital transformation projects. On the contrary, 85 percent of organizations have accelerated those efforts this year, according to research by McKinsey.
That’s created an additional need for security. Palmore cited an IDC survey in which half of the respondents said their spending priorities for security solutions have increased since the start of the pandemic; only 7 percent said security spending is less of a priority.
That growing attention to security has come about partly because of the increase in remote work, but the nature of cyber adversaries hasn't really changed, he said. For many years, the main worries have been advanced persistent threats, malicious nation-states, so-called “hacktivists” who are motivated a political cause, and insider threats.
At the same time, while public sector, healthcare and financial services organizations continue to be the most heavily affected by cybersecurity attacks, small businesses are now also being targeted by threat actors, according to the most recent Verizon Data Breach Investigations Report.
“The troubling thing that’s still present is that it’s taking an average of 180 days for organizations to discover that they have been breached,” meaning hackers can take their time stealing data and otherwise causing havoc, he said.
Five Steps for Improved Cybersecurity
To get on a more secure path, Palmore recommended businesses take five steps: conduct a future capabilities examination; align priorities with business goals; survey the existing tool set; identify partners who understand the organization’s vision; and regularly review these actions with the appropriate stakeholders.
Businesses should be asking how they will engage with their customers not just today, but also in the future. He noted that the education industry in particular has been “rocked” this year by the shift to distance learning because they didn’t see it coming, but businesses in every industry have had to adjust to changing circumstances
“Workers now have been forced into their home offices, but the need to collaborate hasn’t changed at all — in fact, it’s even greater now because of work from home,” he said. “You can’t conduct business in a vacuum.”
Palmore said businesses that are currently maintaining a hodgepodge of security solutions from different vendors should reconsider that approach. Standardizing on a single vendor’s security platform makes more sense because a platform approach offers better visibility into the organization’s security landscape with better data, usually at a lower cost, he said.
“Visibility is the challenge of every information security practitioner,” Palmore said. “And it’s a great challenge. What I would offer is that, because organizations have gotten so used to using different point products to solve different problems, it naturally creates gaps between those tools.”
Of course, standardizing with a single security technology provider requires businesses to select that partner very carefully. Palmore urged businesses to search for a partner that pays careful attention to the organization’s unique needs, rather than simply selling a product or platform.
“We need to be looking at this crisis as an opportunity to transform ourselves,” he said. “Now is the time to plan and implement strategies. The world hasn’t stopped for us. We don’t want to be looking back 12 or18 months from now saying, ‘We wish we had started planning then for what’s happening now.’”
Follow BizTech's full coverage of the event here. Insiders, register for the event here. Those who are CDW customers should include their account information when asked; others should full out that field as “N/A.”