As the year comes to a close (and, for many of us, 2020 is a year we want to close the book on…fast) it’s a good time to reflect back on the lessons learned and set a plan to improve in the future.
Let’s look at cybersecurity specifically. What should we look out for in 2021 after all that has happened?
We answered the following two questions in our latest webinar, which you can view on-demand here.
- What do industry experts think the biggest learning of the year has been?
- What do they think should be top-of-mind for security leaders next year?
Tessian’s VP of Information Security, Trevor Luker, led a fireside chat with two industry experts, Jesse Starks, CTO at Breckinridge Capital Advisors, and Lena Smart, CISO at MongoDB, to capture their thoughts on the matter.
Curious on what insights they shared? Read our notes below for key takeaways and quotes from the panelists.
Or, if you want to learn more about our guest speakers and their companies, skip down to the bottom of the page. And, if you want to be the first to know about future virtual events, subscribe to your newsletter.
3 takeaways from 2020
1. Hackers take advantage of key calendar moments and times of general uncertainty. We saw this happen throughout 2020, with phishing scams around COVID-19, the 2020 census, stimulus checks, and even the US presidential election. Next up: retail scams in time for the holidays.
2. Hope for the best, prepare for the worst. Both panelists pivoted quickly and easily during the transition from office to home because they already had well-thought-out contingency plans in place. When was the last time you updated your emergency action plan?
To learn more about Jesse and Lena’s contingency plans and what you should consider when making one, watch the full webinar.
“I think the lesson learned was the importance of routinely testing a worst case scenario in case it does become your full-time scenario so that all your tech works smoothly.”
3. Hackers have power in numbers. Today, organizations are being hit by increasingly advanced threats. That’s because an entire industry has been created out of phishing and social engineering, and adversaries operate in groups. They’re experts at their craft. That means security leaders have to level-up their inbound protection.
3 insights for 2021
1. Every employee should be a security champion. Why? Because your cybersecurity is only as strong as your most vulnerable or at-risk employee. After all, it’s people who control your most sensitive systems and data. But, employees can actually be your biggest defense against threats. That’s why education, policies, and security tools are all important.
“I personally think employees are the strongest link when it comes to security, not the weakest link. If we continue to train them and make them more aware then they will be the strongest defense against a breach.”
2. Expect more data protection regulations in the future. The cost of a breach (including fines for non-compliance) is definitely a concern for security and business leaders. But it’s actually the lost customer trust and damaged reputation that’s top-of-mind. Our panelists tips? Put security controls in place to ensure compliance and make sure you have a process in place for reporting incidents if they do happen.
If you want to learn more about compliance standards like GDPR, CCPA, and HIPPA why good cybersecurity is good for business, download our CEO’s Guide to Data Protection and Compliance.
3. Email security is a long-game strategy. Email is open by default, which means it’s the attack vector of choice for hackers. Looking forward to 2021, security leaders have to have a plan for inbound, advanced impersonation attacks.
“You can hit 100s of people via email and if that email is attached to the system you want to compromise, then email is going to be your biggest bang for your buck as an attacker. I think that’s where we’ll continue to be focusing as a community - is all the ways that email can cause trouble.”
Bonus Insight from Jesse:
“You can use technology to close all your gaps, but once you have that, then how can people outside manipulate your organization? Your people – the highest success rate for an attacker. People are always joining organizations, changing teams, changing roles, and learning. The technology changes, but it’s often fixed. The Human Layer is always moving so it makes it very challenging to secure and that’s why it’s so important.”
For more tips and personal anecdotes, watch the full video now.
Jesse Starks, CISSP, is the Chief Technology Officer at Breckinridge Capital Advisors.
Jesse is Breckinridge’s Chief Technology Officer, and is also a member of the firm’s Risk Committee, Information Security Committee, and Business Continuity Committee. In his role, Jesse directs the strategic integration of technology across the firm.
He has over 17 years of experience designing and managing large-scale distributed systems.
Lena Smart is the Chief Information Security Officer at MongoDB.
Lena joined MongoDB with more than 20 years of cybersecurity experience. Before joining, she led cybersecurity at large organizations like Tradeweb, New York Power Authority, and InfraGard. She is also a founding partner of Cybersecurity at MIT Sloan – formerly the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity – which helps security leaders in academia and the private sector collaborate and tackle the most challenging security issues.
About Breckinridge Capital Advisors
Breckinridge Capital Advisors is a Boston-based, independently owned investment advisor specializing in investment grade fixed income portfolio management.
Working through a network of investment consultants and advisors, they serve a wide variety of clients ranging from high net worth individuals to large institutions. Breckinridge’s assets under management totaled more than #42 billion as of September 30, 2020
Reflecting their commitment to ESG and sustainability, Breckinridge is a Massachusetts Benefit Corporation and a certified B Corp. They believe these designations help them in their goals to create positive, long-term impact for their clients, employees and the communities in which they live, work and invest.
MongoDB is the leading modern, general purpose database platform, designed to unleash the power of software and data for developers and the applications they build.
Headquartered in New York, MongoDB has more than 20,200 customers in over 100 countries. The MongoDB database platform has been downloaded over 125 million times and there have been more than one million MongoDB University registrations.