The pandemic has made it explicitly clear that cybersecurity is a topic that can no longer be ignored, whether this concerns home security or office security. Cyber-criminals have sought to take advantage of the chaotic migration to online environments to support working-from-home and remote learning for the education institutions. These threats won’t dissipate anytime soon, as more companies are looking to implement a flexible approach to returning to the office. CISOs should therefore expect a number of long-term impacts on security, especially considering a remote working environment is here to stay and no longer a trend set by COVID.
Remote working and cybersecurity challenges
Let’s take remote working as our first example. It brings an abundance of remote devices, all of which need to be patched and secured appropriately to avoid potential threats from hackers. This is challenging for those who aren’t connected to network infrastructure, but isn’t the only security consideration organisations have to take into account. Malware prevention and management is also essential to being cyber secure, especially as phishing attacks have spiked in the context of the virus.
But let’s return to network infrastructure for a moment. Employees need this connection to access company servers and stay up to date with the latest security policies. Most organisations use VPNs to connect employees with their infrastructure, so CISOs must ensure these connections are secure, and that controls are also implemented for cloud-based applications which don’t require VPN-based access to corporate resources.
This mass migration of infrastructure to the cloud (such as through Office 365) that many organisations have embarked on creates another challenge. That’s because many have failed to implement multifactor authentication – a vital, additional security layer that helps distance bad actors from infrastructure. We have seen several cyber incidents resulting from the use of weak passwords on SaaS solutions due to this exact oversight.
What can CISOs do to mitigate the risks?
CISOs should invest their time and IT budget into new security technologies that are designed to help overcome these issues, which are likely to pervade after the pandemic. Many not only protect systems, but also reduce the risk of unnecessary security side-effects, such as the possibility of latency on devices. SD-WAN, for example, has end-to-end encryption built in to ensure data security both in-flight and in the cloud, and accelerates access to business applications by connecting to multiple cloud estates with ultra-low latency.
Secure Access Service Edge (SASE), which has piqued the interest of cybersecurity experts, as well as Gartner, is another solution to common security problems. Various solutions on the market claim to be SASE, but many only address one of its key areas, such as network, account management or data, rather than providing a holistic solution. CISOs should therefore be mindful of only investing in SASE technologies that address all the core areas outlined by Gartner and that all appropriate security controls are implemented, as only then can they be sure their organisation’s systems are truly secure.
CISOs must look ahead and proactively map their organisation’s vulnerabilities, security goals and budget to accurately prepare for these long-term cybersecurity impacts. Doing so will be key to navigating future crises, whether it’s a global pandemic, or something closer to home.