Interview with Joseph Carson, Chief Security Scientist at Thycotic: Changes in Cybersecurity

What is really driving cybersecurity buying decisions?

 

Prior to the pandemic, the world of remote working was second behind office working and many organisations were drastically ill-equipped to not only enable a full workforce to work remotely, but also keep them secure. This huge uptick in cloud adoption has led to cybersecurity being viewed as an enabler for organisations to do their usual business activity in a secure manner.

It is evident from our research that an increasing number of CISOs believe that security is a topic of discussion during board meetings and has led to a higher investment as a result. In fact, around three in five respondents said they will receive an increased security budget in their next financial year as a direct result of COVID.

The new routine of remote work, resulted in many new security challenges however, and made previous security issues much more pressing. For example, being able to manage access to privileged accounts and data has found itself to be a foundation of cybersecurity. Using the principle of least privilege, where users should only have access to the relevant assets to do their job, organisations have protected their most sensitive data through Privilege Access Management (PAM). This whole premise is based on a “never trust, always verify” approach to anything inside or outside the network looking to gain access.

 

Have attitudes towards cybersecurity changed over the pandemic period?

 

Through the course of the pandemic, remote working has captured greater CISO and even board attention leading to, in some cases, higher investments for cybersecurity budgets that enables secure remote access. Our research found 77% of respondents have experienced Boardroom investment in new security projects either in response to a cyber incident (49%) or through fear of audit failure (28%). Comparing previous years with 2020, CISO’s and the executive boards appear to be more aligned on cybersecurity budgets.

The challenges set out by the pandemic have made security issues more pressing and resulted in changing some company attitudes, however, it is an issue that many companies have continued to overlook and under prepare for. Numerous security teams continue to disregard prevalent threats making proactive security an often up-hill struggle. Over a third of respondents to our research said they have proposed investments which have been turned down because of the ‘minimal risk’ threat notion. In summation, attitudes are varying with surges in cyber security investment for some companies and a reluctance for others.