Otherwise known as the year after everything shutdown was another year of improvise, adapt and overcome. Pinpoint continued to find new ways to help our clients who themselves were having to adapt to a changing work and threat landscape. Three reoccurring themes stuck out this past year. Remote Work, Vulnerability Management and Regulation.
The previous year in 2020 companies made the forced transition to workers away corporate offices with their traditional centralized security controls to a distributed work from home model. For a small subset of companies who already had remote work polices in place the transition was not even noticeable and it was business as usual. For those companies who had resisted remote work there was a sea change with a forced transition. Last year saw a reinforcement of remote work as the new normal and in person central offices as the minority. Although companies continue to try and reset back to the previous normal we continue to see at least hybrid models dominating. From a security perspective this reinforces distributed security capabilities and controls. Few companies have the luxury of investing in that new shiny security appliance. Instead they have to focus on security as a service that helps to secure your workers where they work and secure you data where it lives.
As an aside, 2020 and 2021 saw Starlink launch its beta and become more widely available. Pinpoint Security was able to sign up and acquire a beta unit in 2021. In fact this post was written and published using internet from Starlink. Availability of reliable high-speed internet regardless of location only reinforces a remote work paradigm. This shift in worker habits will continue to drive work innovation and force cyber security to keep up.
Last year was anything but boring. This next trend might put you to sleep if it weren’t something that continues to cost companies money, time and resources. Vulnerability management stymies companies and be the root cause of breaches across the globe. Businesses who get vulnerability management right continue to differentiate themselves from their competitors and just operate as normal in the midst of crisis after crisis. Between the Hafnium attacks on Microsoft Exchange Server in the early part of 2021 and the Log4j vulnerability to end the year it was pretty quiet. Except we also had the Colonial Pipeline and Kaseya breaches. Colonial got a lot of press and rightly so as so much of America depends on readily available gasoline, but the Kaseya breach had a much wider direct impact on companies. Vulnerabilities and breaches of suppliers and vendors will continue to have an oversized impact on companies as we increase our specialization and dependencies on others.
This past year saw President Biden issue executive order 14028 to improve the nations cybersecurity explicitly referencing Exchange, Colonial Pipeline and 2020’s Solarwinds breach. The president followed that up with a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. All of this means that businesses should expect government under the current administration to play a more active role in dictating what businesses operating in critical infrastructure areas should do to protect themselves.
These three trends from 2021 mean that 2022 will continue to be an exciting year in cybersecurity.