Post-Covid Outlook for Cyber Security: New Normal … Looking a Lot Like the Old

Jean-Christophe Gaillard Jean-Christophe Gaillard
November 16, 2020 Future of Work

The COVID crisis has not changed the cyber security fundamentals: What will the new normal be like?

Two recent reports highlight the current cyber security paradox: While the COVID pandemic has turned business and society upside down, well-established cyber security practices – some known for decades – remain the best way to protect yourself.

It might not be the message the authors of those reports wanted to convey, but it remains the dominant impression.

The first one, from the World Economic Forum, published in May (“Cybersecurity Leadership Principles: Lessons learnt during the COVID-19 pandemic to prepare for the new normal” – WEF – 26 May 2020) is once again a superlative summary of good practices, which in the end hardly moves the needle. We commented along the same lines on one of their earlier reports last year.

Using buzzwords like “resilience” instead of “security” or “continuity” does not disguise the fact that 80% or more of the “lessons learnt” highlighted in the report (e.g. “focus on critical services”, “implement meaningful metrics” or “practice crisis management plans”) can be summarised in three words: Follow Good Practice… More than ever, doing the right thing around cyber security, seems to consist of doing now what you should have done ten years ago…

Obviously, if those are still valuable “lessons learnt” worth highlighting to world leaders, it implies they were not properly in place pre-COVID in spite of having been known as security good practices for decades, but the report stays well clear from discussing why…

The second report, from InfoSecurity Magazine, published in June (“State of Cybersecurity Report 2020” – InfoSecurity Magazine – 3 June 2020) offers – as expected – a more technical perspective but points in the same direction with regards to its key takeaways.

The key importance of human elements in cyber security or the fact that “the evolution of the cloud is driving innovation whilst also exposing organizations to new security and privacy challenges” are nothing new.

It is evident that the COVID pandemic has accented and accelerated those, but once again, the cloud was not born out of COVID and good practices in those areas should have been in place for decades.

As a matter of fact, our 2019 report on the “Language of Security” (built on the semantics analysis of the content of 17 annual “Global Information Security Surveys” from leading firm EY, spanning the period 2002-2018) shows without ambiguity cloud security considerations dominating the period 2010-2011-2012 before receding dramatically.

The shift of focus away from compliance is also something our 2019 report highlighted, but again this is a ten years old long-term trend starting around 2010 (and arguably one of the key findings of our research): The first decade of this century was the true “compliance” decade for cyber security; the last decade has been a “realisation” decade dominated by incidents and threats considerations, leading to the acceptance by many business leaders of a “when-not-if” paradigm around cyber-attacks.

The “when-not-if” paradigm creates completely new challenges for CISOs and CIOs: Old and well-established security basics still go a long way to ensure protection but the challenges are now firmly around execution, while roadblocks remain rooted in governance dysfunctions and short-termist business cultures.

The COVID crisis does not change any of that but it does aggravate short-termist business tendencies and will constrain budgetary resources dramatically in most industries.

If one thing is going to change (for some tech vendors at least), is that throwing money indiscriminately at the cyber security problems in the hope of making them disappear is going to stop: Spending and resources will have to be focused where they can have the most impact and that has to start with a sound appreciation of critical assets and their risk posture. But again, focusing on those “crown jewels” should be seen as one of the oldest and best-established good practices…

It looks like the “new normal” is definitely going to look a lot like the old.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Jean-Christophe Gaillard

    Tags
    Cyber SecurityFundamentalsPost-COVID
    Leave a Comment
    Next Post
    What Every Aspiring Data Scientist Needs To Know About Coding

    What Every Aspiring Data Scientist Needs To Know About Coding

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in Future of Work
    Future of Work
    Where Will, the Future of Work, Take Place? (Office, Remote, or Hybrid)

    Changes in machine learning and advances in automation have already changed work for many industries. Still, the COVID-19 pandemic and recent labor shortages forced many brands to rethink what the future of work will look like going forward. The U.S. Bureau of Labor Statistics recently reported a dropping unemployment rate of 4.2% during the fourth

    4 MINUTES READ Continue Reading »
    Future of Work
    7 Tech Companies Changing the Future of Work

    Much has been reported about the impact of the COVID-19 pandemic in the traditional workplace. The effects of the pandemic are expected to be long-lasting, making it challenging for companies across all industries to keep operations running smoothly. Globally, companies had to be agile and adapt to a new normal, in addition to dealing with

    5 MINUTES READ Continue Reading »
    AI & Machine Learning,Future of Work
    AI’s Role in the Future of Work

    Artificial intelligence is shaping the future of work around the world in virtually every field. The role AI will play in employment in the years ahead is dynamic and collaborative. Rather than eliminating jobs altogether, AI will augment the capabilities and resources of employees and businesses, allowing them to do more with less. In more

    5 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2023, Experfy Inc. All rights reserved.