Cybersecurity is taking on a whole new level of urgency. With a huge percentage of employees shifting to remote working, managing this new world of work securely is proving extremely challenging. 

To kick off Cybersecurity Awareness Month 2020 in the US and Europe, we surveyed Avanade’s team of cybersecurity experts to identify the top 10 cybersecurity pitfalls facing our customers, before and in the months that followed the Covid-19 pandemic. 

1. Applying yesterday’s solution to today’s problem: Perimeter-based network security is no longer effective in today’s cloud and mobile world. Now, with our new “remote everything” reality, the evidence is clear. Security teams that still attempt to apply perimeter security – such as firewalls – to modern cloud and mobile environments will face added complexity and risk.
   
   
2. Putting off zero trust adoption: While there are no silver bullets in the cybersecurity world, zero trust is frequently praised as one of the most effective ways for organizations to protect assets across endpoints. But several obstacles are slowing its adoption in the enterprise. According to published reports, more than one in four businesses say they lack the skills and budget required to push forward with zero trust.
   
   
3. Being too adversarial: Cybersecurity teams are responsible for keeping the business and users safe – even if that means sometimes being perceived as “the department of no.” Unfortunately, if they are too adversarial and fail to work with users – as opposed to against them – security teams will foster silos and increase shadow IT.  
   
   
4. Best of breed or bust: The intent behind “best of breed” is a laudable one. Cybersecurity leaders want to ensure they are investing in the best tools on the market. The problem is that this approach leads to more complexity, costs and inefficiencies when compared to a more agile “best of platform” approach. With tightening budgets, limited resources and rising threats, security teams must prioritize simplicity and finding comprehensive platforms, such as Microsoft 365, with security baked in across a set of applications and workloads.
   
   
5. Forgetting to ‘set it and forget it’: Overburdened security teams sometimes fail to fully leverage the immense capabilities available to them through artificial intelligence (AI), automation and notifications. As a result, they diminish the “evergreen” value proposition of cloud applications, creating unnecessary work, risk and errors, working harder when they could be working smarter instead.
   
   
6. Taxing the end-user experience: Humans are often seen as the weakest link when it comes to security. But its important to avoid rigid security controls that break the user experience. Security teams must find the delicate balance between form and function and look to create solutions that are easier to use, as well as secure, such as single sign-on and biometric multifactor authentication.
   
   
7. Treating security like a chore: In the rush to accelerate to the cloud, especially in these tumultuous times, many businesses see security as an obstacle on the path to transformation – putting it off until a later date. This misconception leads to surprises and risks at every step of the digital journey, as opposed to a more comprehensive, integrated approach exemplified in “SecDevOps” or “secure by design” principles.
   
   
8. Not checking your blind spots: Just because you haven’t noticed a breach, doesn’t mean you haven’t been breached. In fact, if you aren’t continually auditing and assessing your environments, third-party integrations and partners, and even your ongoing compliance requirements, chances are you are missing something vital that’s in need of attention. 
   
   
9. Lacking a clear incident response plan: One of the most dangerous ingredients in a cyberattack is chaos. Businesses with no clear, codified incident response and remediation strategy are frequently caught off guard when struck with a phishing or ransomware attack. All of which leads to guess work, delays and exponentially more damages.
   
   
10. Unchecked sprawl: In the move to powerful, user-friendly solutions such as Microsoft Teams, IT leaders can get into trouble if they ignore governance. Often, when organizations spend their security budgets, governance policies are not always considered in detail, ensuring the right users, get the right access and controls, at the right time. Much of this can be automated from the start and can prevent numerous serious security and IT headaches.

Are you ready to avoid the pitfalls? 
Now more than ever it’s important to rethink your security strategy as you look to address a new world of security challenges. See how Avanade’s comprehensive solutions and services can help you overcome the pitfalls, visit our security page or download our guide to learn more.