The top 5 cybersecurity priorities for 2020 are data security, cloud security, email security, security risk management, and security awareness and training, according to a new report.
The report, matter-of-factly entitled 2020 Security Priorities Report, was recently released by Info-Tech Research Group.
To produce its findings, the research and advice firm surveyed 460 IT professionals working in areas that include IT management, infrastructure and operations, applications and security. IT organizations of all sizes were represented, as were a wide range of industries.
1. Data security
In the Info-Tech survey, data security was ranked the top cybersec priority by 43% of respondents.
It’s no longer just about complying with regulations, Info-Tech says, but instead, about protecting the organization from future losses. Breaches are costly, both in terms of actual losses and damage to the organization’s reputation.
That’s not to say compliance is unimportant. On the contrary, the challenge is greater than ever, due to the emergence of new regulations, including GDPR in Europe and CCPA in California.
2. Cloud security
In the Info-Tech survey, cloud security was also ranked the top cybersec priority by 43% of respondents, tying it with data security.
No wonder: An estimated 80% of applications and workloads will be hosted in the cloud, according to research cited by Info-Tech.
Some security measures are actually easier to conduct in the cloud than in a data center. One example is capacity management to meet increasing demand.
Others are trickier. Identity and access management, for example, becomes an enormous headache with mobile users trying to gain access to their organizations’ cloud-based systems from multiple locations and multiple devices.
3. Email security
Is that incoming email message really from who it seems to be from? Or is it a phishing expedition aiming to get you to click on a malware link?
Challenges like that led over a third (35%) of the survey respondents to call email security a top challenge for 2020.
Other issues include encryption. It’s needed to protect sensitive messages from interception.
Training is a huge aspect of keeping email secure. Users needs to be educated on how to detect suspicious email messages and when not to click.
4. Security risk management
This term refers to an organization’s overall cybersecurity strategy. Security risk management includes considerations of specific threats, new protections, even the creation of a methodology for determining the relative risk profile of specific projects.
Security risk management matters. Nearly a third (32%) of survey respondents said it’s a top security priority.
Training is important here, too. You can set all the strategy you want, but if that strategy is not enforced by employees, it won’t work. Info-Tech says this training needs to be conducted from the top down, starting with the CEO, to ensure that risk management is accepted at all organizational levels.
5. Security awareness and training
Over a quarter (28%) of the survey respondents said this is a priority. Yet many organizations are falling short. Info-Tech cites a recent estimate: 75% of officers who are responsible for security awareness and training in fact spend less than half their time on these efforts.
A security program should also leverage tools from vendors, Info-Tech says. That way, an organization can collect valuable metrics that demonstrate the training program’s ROI. In other words, a convincing answer to “Why are we spending so much on cybersec training?”
In most cases, that will mean assigning a dedicated person to get the training program rolling. Ideally, cybersec training will start when an employee joins the organization, then continue throughout their tenure.
How about you and your customers? It’s February already — have you set your cybersecurity priorities for 2020 yet?