Well, I am a cybersecurity engineer, so my reply will obviously be a bit biased, but what I have noticed is that a lot of companies started taking cybersecurity in account. Especially after the pandemic. Remote work brought some new issues such as a rise in role-based access management and privilege access management as in the past we were just able to go into the office, connect to the company’s network and access all the necessary data.
From the software security point of view, companies are paying much more attention to it. But it relates more to the “Solarwinds Hack” in 2020 than to a pandemic itself. Companies started adopting a proactive approach instead of reactive one. This proactive approach goes hand in hand with the sudden rise of application security and trying to incorporate security into the previously used DevOps model (now known as a DevSecOps).
Developers as well as testers play the key role in the contributing to the company’s transition towards DevSecOps mindset. Nobody expects devs and testers to be security experts, but they should have the basic awareness as well know how to operate the security tools that were weaved into their CI/CD. It can be as simple as processing warnings from the SAST tool and fixing the security warnings. Testers can run a DAST or IAST tool while doing their regular testing to check for the potential issues. And in case of any doubts, they can reach out to their AppSec / Prod Sec team for more guidance.
Overall I believe that people are more aware of the potential security issues which is great.
I don’t know if it’s due to the remote shift or not, but I feel like in the past 5-7 years we’ve seen a gradual shift in the standard for security. Most people weren’t familiar with 2FA even 5 years ago, but at this point non-technical people are becoming use to the idea and/or practice. Combined with other security measures (minimum password length and complexity, fingerprint verification, etc.) the overall standard for protection has simply gotten better.
Obviously, there’s plenty to be done underneath the hood, so to speak, when it comes to cybersecurity, but I feel like one of the biggest improvements in protecting companies and their data comes in the form of increasing public awareness and improving protection at the user & employee level. You can always add stronger protection at a deeper level, but you’ve already done a lot of the legwork when you cover security at the surface.