With COVID-19 everybody went to remote work, and 2020 became a year with significant security risks at organizations' infrastructure, software, and hardware tools. I expect this trend to grow even more in 2021; it's going to affect not only organizations but also personal security while you at home.
Below you can find several facts that are might be essential and not evident for those who are non-experts in security. Please, keep those facts in mind in 2021:
It’s impossible to make unbreakable encryption, so security is about to focus on making the job of brute-force decryption too pricey to be cost-effective and achievable in the adequate timing.
The recommendation is to continually track updates in the world of encryption and hashing algorithms: your company and products should use the latest & greatest versions of security tools, security libraries, and configuration. For example, you should not use encryption algorithm 3DES and instead use at least AES/Rijndael, but even better is to use multi-layer encryption using signatures and/or RSA with public/private keys. It would not help if you still use hashing algorithms like MD5, SHA1, or SHA2. If that's the fact, then immediately jump to SHA256 or bcrypt/scrypt. Your entire infrastructure should rely on the latest versions of TLS, not TLS 1.0 or TLS 1.1.
Nobody cares about security until it hurts. So, white hat hackers are those who hurt you with relatively low cost.
The recommendation is that you pay the official companies that can provide you external security audit. It is much, much cheaper than to get down after an actual hacking attack.
In most cases, people are the weakest part of your security infrastructure.
The recommendation is to allocate some focus and time on teaching people, controlling their access to company resources, providing appropriate hardware and software. You and your colleagues should not use software that is not updating within the last year.
Security does not mean you should hide everything. Actually, using Open source solutions allows you to use highly secure and well-reviewed solutions instead of crappy custom made solutions. I would not say there are no stable proprietary solutions, but the facts they are hidden make it challenging to compare.
Regardless the type of licensing recommendation is to keep expertise in the software that you use. In other words, you should have staff who are experts in the selected tools, libraries, devices, etc.
Using latest version of Linux does not mean having full security turned on by default. You can use guides like this or this to make sure you are up to date with your operating system's latest security configuration.
In general, security is mostly about making yourself a difficult target. It’s like that joke where you go hiking with your friends and a bear attacks you. You do not need to be faster than the bear; you simply need to be faster than your slowest friend.
Picture taken from open source assets