Applying 2020 Cyber Security Lessons Learned In 2021
Add bookmark
Lessons learned don’t benefit you if you don’t apply the insight you’ve gained. 2020 was quite a doozy of a year. Cast in a positive light, the year brought with it the opportunity to make glacial shifts in mindset, processes, tactics and strategies on the turn of a dime.
Customer-centric thinking? Now apparent to all. Optimizing internal processes? Better (but continuous as always). Future of work? Now approaching ‘the final mile.’ Personalizing a sentiment from Alabama Shakes to the feeling from global corporate enterprise after 2020, “I ain’t the same, no more. You’ll find I have changed from before. No, you ain’t gonna find me. ‘Cause I ain’t who I used to be.”
The changes made in 2020 were in part 2-3 year long-term strategic plans that were completed in a matter of 2-3 weeks. We asked the Cyber Security Hub community what were the specific 2020 lessons learned in defending the enterprise. Direct feedback showcases lessons learned such as Don’t Assume. Re-baseline Cyber Security. Harness The Exponential Prem. And Act Beyond Enablement.
Beyond Enablement For Big Shared Wins
“We had a lot of focus this year with our operations team to promote business enablement, and quit working in silos. More than ever, the business and our customers are looking back to IT to say, ‘You guys have to help us make this work.’ I think we all did well. But what we've learned is it goes a whole lot better when we're all working together. And we might've been sitting 20 feet apart from each other and not talking- but in this virtual environment, Zoom improved accountability because people had to be sitting, really looking at each other and talking. So it was that ‘group think’ that got us the big shared wins.”
Some end the thought after noting that cyber security has to be more focused on business enablement. But it’s been said that hell is paved with good intentions. That might be a bit much- but the point is that having intention to do doesn’t mean ‘it’ got done. 2020 has helped evolve human-to-human contact to achieve productivity never imagined spurred by the use of new tools. And those new tools enable intentions to evolve into outcomes.
Exponential-prem
“Having an operationalized virtual war room has allowed for collaborative global incident response. All the gaps identified this year showcase that we can’t rely on physical proximity.”
Going from cloud migration to cloud evolution has allowed for us to approach a cloud-first mindset. The limitations of physical tools have been laid bare in 2020. But it’s not just the tools that will be cloud-first moving forward. It’s the people. 2019: Set a meeting in the calendar for next week, fly from your location to my location and we’ll meet in the conference room. 2021: Join me right now on an end-to-end encrypted video conference.
Access To A Cyber Security Mindset
“The biggest lesson is resiliency around anytime, anywhere, anyplace access to systems in a secure mechanism. Everyone's starting to realize the impact a cyber event can have on your organization. The pandemic really hammered home what could happen if there was a major cyber breach. Productivity, staff and the whole wellbeing aspect of it. Inclusive in that are around how we take our staff along for that ride. We found that while staff probably conceptually now understands what a cyber breach means. Systems go down, what do you do? You can't contact anyone- email is gone, messaging systems, collaboration systems are gone. So it replicated that isolation as well.”
Without a major incident cyber security executives were able to benefit from a gargantuan shift in organizational mindset. The board to the CEO to the frontline staff went through an ‘attack’ and now understand that ‘things happen’ and how to personally mitigate the effect of those things for both themselves and the enterprise.
Re-Baseline Cyber Security
“What we saw in 2020 was something which sort of hit us completely out of the blue. Nobody had thought that this would happen. It's important to look at our assumptions once again. Look at our business continuity plans, make sure re-look at the assumptions, look at a different baseline altogether because our baseline from the previous experience was different. 2020 has given us a completely different experience. So re-baseline your business continuity plans, look at what else would come and hit you. Think big, think different, think out of the box and try to plan accordingly.”
As it was once said, “Fool me once, shame on you. Fool me twice, won’t get fooled again.” We got hit in the face and knocked to the ground. In cyber security, it happens every day. But now everyone knows what it feels like. And so as the CISO role morphs into a business-focused executive- and the business understands cyber security in a new and different way- set new baselines. The plan going from 2020 to 2021 must be the big league version of the little league plan going from 2019 to 2020.
You know what they say happens when you assume?
“2020 has shown us the need to be able to react quickly, even in quite surprising circumstances. Assumptions we might've drawn about how we worked or how we delivered may need to be ripped up and redone. Throw the assumptions out the window. And that's not a bad mindset to have.”
Planes fly into buildings. Economies crater. Pandemics spread globally. The past two decades have taught us that anything is possible. 2020 simply gave us another point on that line. Don’t Assume. Re-baseline Cyber Security. Harness The Exponential Prem. And Act Beyond Enablement.