In the migration to home office, life merged once and for all with professional life and personal devices became widely used for work. Video conferencing tools became the primary meeting environment, both for those who already knew how to use them and those who were not so familiar. Reliance on remote connectivity services and corporate VPNs increased, and cloud services gained traction. Hackers redirected attention to these points and chose the vulnerabilities left by the path of the transition from office to digital as entrances to company systems. There was an intense spread of malicious links disguised as COVID-19 related information. And an increase in phishing and ransomware scams.

As we get this far, we see that the certainties are still not many. But one of the statements we can make is that the way organisations assess and respond to security risks will never be the same after what we experienced in the pandemic. And the transformations must be permanent.

The pandemic has changed digital security priorities. But changed how?

Remote working has generated a natural inclination in companies to allow employees to use their own devices to reduce costs and make remote working possible. Attackers adjust to this reality and will target personal devices, a way to bypass corporate defences. That's because, by default, personal devices tend to be less protected than corporate ones, as average users rarely apply additional measures to protect phones and computers from threats.

Executives are beginning to understand the size of the risk. So much so that international studies show 38% of organisations intend to spend more on threat response planning, while 30% say they will update and modernise business continuity plans.

The new challenges regarding the security of companies created by the pandemic, in addition to the old ones that have gained amplitude in this period, have caused many to evaluate new protection technologies. Solutions capable of dealing with growing and evolving threats.

We tend to understand that security is the basis for digital empathy

As billions of people formed the largest remote workforce in history, overnight, executives and entire teams learned much more than how to scale virtual private networks. We also understand that cybersecurity is about improving productivity and collaboration through inclusive end-user experiences.

This means that after the pandemic, it became a basic policy to extend security to more devices and provide secure remote access to resources, applications and data.

For many businesses, the journey begins in adopting a secure cloud. Or Multifactor Authentication (MFA). Zero Trust architecture has also been seen as a priority by enterprises, a model based on an identity verification process where only authenticated users and devices are allowed to access certain types of data and systems.

Another important trend is that the technology to protect is not being purchased, but contracted. Which means that a good portion of companies prefer to outsource security, hiring companies with highly skilled workforces and state-of-the-art technology in the cybersecurity market. There are studies showing that at least 22% of organisations will outsource cloud data monitoring and protection, and security assessment services such as penetration testing, risk assessments and audits. Areas where companies also expect to invest more are in access controls (27%) and application monitoring (25%).

Companies will need to improve the protection of sensitive and confidential data, raise security awareness for staff and partners, and develop the capability to continue operating after cyber attacks and data leaks. This cyber resilience is critical for business continuity. The impact of a security maturity move is long-lasting and brings benefits to every business that will be felt for years to come, no matter how difficult the circumstances.