2021 has been an eventful year for cybersecurity! We started seeing a considerable uptake in security expertise as part of the board of large corporations, increasing security awareness among the population at large, security expertise being built by companies not known for technology (e.g., noodle makers), and security attacks making it on the front-page of major newspapers. 25 years back, security was not even a back-bencher in education systems globally, even in top universities. Back then, “hacking” was a friendly fun thing among those who wanted to try new stuff or improve existing solutions.
The unfortunate reason behind cybersecurity’s prominence in 2021 is the number of security attacks, the depth to which these attacks have impacted society, and the extent of damage caused. As mentioned in our 2020 article, the issues remain a lack holistic security, failure to enforce baseline security, and even today ignorance of the fact that security is a business driver.
Our recommendations from experiences in 2021 thus remain as before:
- Holistic security: Security should be part of complete lifecycle of any product or service or network, complete business aspects need to be considered when designing security and security for all layers at each step must be taken care of. Security by design, zero trust, etc. are important when developing new solutions, but holistic security also means supporting existing solutions and deployments to improve to the same level.
- Baseline security: This covers the minimal security aspect that is very often forgotten and covers aspects such as vulnerability assessment, hardening, secure patch management, asset management, identity and (privileged) access management.
- Security awareness: Although slowly increasing, the importance of security should be of topmost importance to companies, governments and everyone in society. We should not require everyone to be a security expert, but the importance of security to daily life needs to be understood by all. For those in business management positions and governments around the world, security awareness should be a top priority in order to facilitate general security literacy.
At Cybersecurity Magazine we wish all our readers the best for 2022!