December 29, 2022

2022 – The Year that Executives Realized their Security Wasn’t Good Enough

The blog could be titled that you’re gonna be hacked it’s just a matter of time.

But it’s really about executives finally realizing that given all the effort they put forth, enterprise security is still not good enough at a majority of enterprises.

This blog discusses some of the issues regarding security and how executive teams need to plan for the future.

Awareness of the Issue at the Executive Level is a Starting Point

The good news is that 2022 was the year that CEOs and CFOs realize that they can’t escape security.

Chief Digital Officers are now increasingly having the IT department roll up to them.

However in many situations, it is not just about the security tools it is about security practices and education that has been lacking.

Password Management and Shifting to Multi-Factor Verification

Since we’re talking about security, it’s important to discuss both passwords and user verifications.

This also known as identity and access management.

The old two factor of indication authentication is no longer good enough.

The shift to multi-factor and authentication apps is the current state of the art.

Well many enterprises are on this track, what is surprising is so many have failed to even do basic two factor authentication.

Especially for critical operations, such as servers they might be running their mission critical ERP, accounting or billing application.

No Excuses for Access Management Controls

There really is no excuse from anyone within the enterprise about not having the basic password manager tools as well as access management verification.

No matter what enterprise, multi factor authentication needs to be in place.

And we wrote about this years ago when Salesforce was one of the first cloud-based services to require two factor authentication.

Google and Microsoft lagged Salesforce by several years and forcing people to use to factor authentication.

Jump ahead to the end of 2022 and we see Salesforce now forcing enterprise to shift to multi factor authentication, along with Microsoft.

For executives, we strongly advise or stringent vacations such as using a physical encryption key.

Note as the founder and CEO of Aragon, I have been using an encryption key for multi-factor verification for several years.

Enterprise Backup is Now a Security Best Practice

With a very bad hack occurred of a utility company in 2021, I wrote a blog on July 4 that said simply ”back up everything’.

Since I wrote that blog we’ve had many conversations with enterprise clients. Many firms do have back up of mission critical application data.

However, the issue endpoint back up remains on addressed by many enterprises.

Today you can purchase cloud back up for PCs and Macs for less than five dollars a month.

What is this an IT leader should not be fooled into taking that Google Drive, OneDrive or Dropbox can be used for back up.

We were talking about mirroring a hard drive of a PC or a Mac with incremental back ups so that our full recovery can be made if the machine is hacked.

The tools mentioned above can be used for content back up but that’s not the same as recovering a PC that has been locked by a hacker.

Bottom Line

The bottom line is that when a business is interrupted due to a ransom ware attack, everyone wakes up and pays attention.

Our best advice to enterprises is do not wait for that to happen. Be proactive.

For 2023, set a goal to have one new security fast practice per quarter that can’t be fully implemented. Reward business units for security best practices.

Remember that security it’s not just an online issue. Physical security needs to be addressed as well.

This blog is a part of the Digital Workplace blog series by Aragon Research’s CEO,

Jim Lundy.

Blog 1: Introducing The Digital Workplace Weekly Blog Series

2022 – The Year that Executives Realized their Security Wasn’t Good Enough