Ensuring adequate security in the face of a rapid increase in the quantity and sophistication of cyberattacks requires more effort and resources than most organizations are typically capable of providing for themselves.
Many businesses, organizations, and even governments are turning to private sector security vendors for help, because they offer pre-packaged cybersecurity solutions that are intended to make securing IT infrastructure easier. But in reality, vendors can introduce more complexity – 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolios; 12% have 46 or more.
That’s why making security frictionless is key to securing private sector assets and, as a result, protecting national security interests. It’s worth remembering that sophisticated cyberattacks are rarely directed at a single target – they attack interconnected data networks and supply chains, creating a viral effect throughout public and private sectors and across industries. Here’s how vendors can help make frictionless security a reality.
Bake it in and make it easy
It’s tempting for vendors to focus on shiny bells and whistles and an expanding list of security features. But more security tools and more security spending does not necessarily equal more protection – cybercrime is as lucrative as ever even as organizations spend more on cybersecurity every year. And what vendors often miss is that organizations are less likely to buy based on bells and whistles and more often on whether it is easy to buy, easy to deploy, and easy to use. Which makes sense: most security incidents are not super sophisticated; they target organizations with backdoors hiding in plain sight like stale accounts, weak passwords, email phishing, and unaccounted network-connected devices.
Security vendors need to prioritize offering a simple pricing model and procurement process, flexible and quick deployment options (that don’t take months to scale up), and a seamless UI that non-security experts will understand.
To make this a reality vendors need to bake security into everything: from the software to the hardware to the supply chain. This means that OEMs who haven’t traditionally focused on security should invest in built-in security features to supplement software and cloud solutions. And every product needs to be viewed as a security product, regardless of what that product does.
Security must become frictionless, even for non-technical employees
Although cybercrime affects everyone at an affected organization, a recent study found that 61% of employees fail a basic cybersecurity quiz. It’s no wonder that attackers are eager to exploit remote workers that often rely on a BYOD approach, use vulnerable home Wi-Fi networks, and that fall outside of the enterprise prevention, detection, and response measures that encompass permanent offices. Vendors need to consider that the frontline for cybersecurity may now be the homes of any their customers’ employees — not just the IT infrastructure that lives at HQ.
Security needs to be frictionless for everyone and should no longer be viewed as practices primarily used only by technical audiences. We’re moving toward a future where every employee will need to achieve security literacy and may even need to have a basic working knowledge of something like a SIEM or endpoint solution. Vendors can help bridge this gap today by considering how to make their solutions accessible and valuable to all.
Prepare for new threats and rethink old ones
The Biden administration’s plan to expand 5G nationwide would radically transform the lives of millions while emerging technologies like AI/ML and IoT represent exciting new possibilities for public and private industries. Technology providers are investing more into the edge to improve user experience and meet this coming demand, but this also advances a new wave of threats and complexity as organizations face the challenge of securing distributed environments.
As the number of IoT devices continues to skyrocket, so does the volume of data. As edge computing becomes necessary for every organization, security efforts will only increase in complexity. It will be on vendors to step up to the challenge of delivering solutions that make organizations feel like security can be frictionless regardless of volatile security concerns, such as enabling a smooth transition to a zero-trust architecture.
But new technologies aren’t the only security concerns. Cyber threats will continue to come in the age-old industry function of supply chains. With a global semiconductor shortage, supply chain issues have been top-of-mind. And with last month dedicated by CISA as National Supply Chain Integrity Month, there’s a growing recognition of supply chain security risks.
That’s because a company is only as secure as its weakest hardware or software link, even if the company itself has strong security practices. Organizations will look to build a more security-oriented procurement process that demands that their partners and vendors are equally as security-minded. By ensuring each touchpoint between user and network is as secure as possible, it reduces the friction with users who may otherwise seek to circumvent security measures. This means that vendors will need to ensure that they not only provide, but also abide, by the most stringent security standards.
With these steps in mind, vendors can help organizations turn frictionless security from wishful thinking into reality. While vigilance against cyberthreats will always be necessary, the more security is easy and embedded, the more organizations will be able to focus on fulfilling their missions without security headaches.