Defending an organisation of entirely remote workers and their computers had never been achieved before. We now do it on a daily basis. The role of a cybersecurity professional revolves around potential risk and the need to react quickly to new threats and events that could place our companies and their employees in danger. There must always be a great deal of preparation in place, with a straightforward method and playbook to follow or a fundamental capacity to fall back on in any scenario.
However, in March 2020, the planet was confronted with a situation unlike anything we’d ever seen before. Companies were forced to transition from relatively well-defined enterprise infrastructures within office buildings to a diverse set of individual remote users logging in from a plethora of access points around the world. While many businesses found themselves unprepared and unprotected, from a cybersecurity standpoint, the technology was already in place; remote workers, as well as the cybersecurity initiatives to keep them safe, have existed for years. The task was to provide this defense at an unparalleled scale and pace while still adhering to best practices in cybersecurity.
Many lessons have been learned while operating for over a year of the pandemic. Here are the top three during this period to keep organisations across the globe cyber safe:
It’s Never Been More Important to Be Educated
COVID-19 has altered the cyber environment, and will continue to do so in the future, posing new threats and challenges. With so many workers now working outside the workplace. insider threats are becoming more of an issue for organisations, with employees scattered across the globe.
Security teams had to address immediate organisational, procedural, and technological deficiencies related to the pandemic-induced response and the transition to remote working as workers started working from home in less secure environments and, with less secure personal equipment. Leaders have had to fill training gaps, conduct virtual all-hands meetings, and encourage employees to keep their computers up to date.
Not only is it more difficult for a security team to keep a close eye on deliberate attacks, but well-intentioned employees who are not based in the corporate office can bypass controls or best practices in order to complete their tasks. To combat this, businesses must implement comprehensive, relatable, and regular touchpoints to increase employee cyber awareness.
Showing team members how adversaries work, assisting them in recognising and understanding the threats, and motivating them to be the first line of defense in stopping intruders at the first opportunity will go a long way toward minimising accidental and incidental effect.
Access to Confidential Data is the New Perimeter
To keep operations running during the early stages of the pandemic response, several businesses were forced to face new threats, including lowered control levels. Companies evaluated these residual risks and tightened controls as employees and customers became accustomed to the changes. We’ve seen a greater focus and transition toward zero confidence and security access service edge (SASE) concepts since the pandemic started.
Security teams will place themselves for swift and efficient responses – including in this new virtual environment, with strong identity and access management skills, insights into services and APIs, and visibility into remote endpoint devices.
The new perimeter for an organisation’s cybersecurity posture is access to sensitive and confidential data. Managing the access carefully through appropriate security infrastructure technologies and processes, with good visibility into who has access to what information, through which channels, and how/when they access it, has become a top priority — and will remain so for the near future.
Cyber Resilience Is a Critical Business Enabler in a Crisis
Companies began standardising policies for remote work environments and exploring technology to reduce long-term risk as workers grew more comfortable working from home. The pandemic sparked a digital transformation frenzy. Instant pivots to remote operations meant moving forward with cloud, networking, automation, and innovation investments that would normally take months or years to introduce.
Chief information security officers (CISOs) and cybersecurity teams will need to adopt a dual mindset when approaching the next business horizon. They have firstly addressed the new risks posed by the transition to a remote digital working environment, as well as ensure that the necessary infrastructure is in place. As well as predicting how their employees, clients, supply chain, channel partners, and sector have responded to the new normal. The new context of changing customer and employee behavior and a rapidly evolving threat environment must also be understood.
Those who had developed an empowered and proactive security team, backed by solid processes and assisted by cutting-edge technology, were able to adapt and overcome. Organisations that were stuck in an inflexible operating model or lacked a specified set of processes to support their new reality failed to keep up.
In a study conducted by Capgemini in collaboration with Forrester in late 2020, 75% of all organisations surveyed said COVID-19 is causing them to increase their cybersecurity budgets, with 68% explicitly investing in cyber resilience.
Manufacturing, automobile, life sciences, electricity, and services are only a few of the sectors that were severely impacted by the pandemic.
How to Move Forward?
Since March 2020, businesses have changed dramatically. Fortunately, the fundamentals and core values of cybersecurity have not changed: bringing individuals, method, and technology together to drive successful operations and mitigate danger.
As cybersecurity leaders gain a better understanding of the pandemic, CISOs are turning their focus to predicting how new conditions will affect the business environment. They are adapting existing cybersecurity practices as well as long-term cyber risk plans to include these expectations of the new normal. Organisations must make the requisite investments to protect themselves and devise contingency plans in case of future disturbances. It’s important to note the new ways our roles and functions have changed as we reflect on the past year.
If you require further assistance feel free to reach out to our team for more information on this article. To sign up for a free trial of Salt Communications or to talk to a member of the Salt Communications team, please contact us on firstname.lastname@example.org.
About Salt Communications
Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt Communications is headquartered in Belfast, N. Ireland, for more information visit our website.