by Shibu Paul, VP- International Sales – Array Networks
The year 2020 changed the dynamics of the world, especially in terms of the work milieu. The focus of the tech leaders at the beginning of 2020 was diversified; their priorities were different. But with the onset of the pandemic things changed as the work culture was forced to undergo a radical transformation. Cybersecurity and a secure remote working environment became the primary focus for IT leaders and there is a reason for it too. According to a report by CyberPeace Foundation Indian vaccine makers and hospitals have been at the receiving end of threat actors since October. The report states that just between October 1 and November 25 the Indian healthcare sector recorded nearly 80 lakh attacks. Such attacks have even occurred in Florida, Georgia and New York. This is the continuation of the cyberattacks that began in 2020.
Initially, when IT companies started WFH what they did not expect was the intensified attack by threat actors, leading the C-Suite in re-strategizing their game plan. Adoption of cybersecurity and secure remote working took the center stage. In fact, according to a survey conducted, 70% of CIOs have expressed that long-term IT priorities have changed from the beginning of 2020. This is a validated move considering that the future of the workforce is remote working. Many tech giants have already declared that their employees will either permanently be allowed to work remotely or at least till the end of 2021. The Indian government in November 2020 announced that to provide flexibility and move away from the traditional work environment into the new era of work culture they decided to remove registration and compliance requirements allowing organizations to let their employees work from anywhere permanently.
As these changes are being witnessed, many tech leaders are prioritizing identity and access management over endpoint security. Endpoints are a growing challenge for organisations to protect, as users connect from their home Wi-Fi or use their personal devices to connect to corporate applications. Zero trust, HCI, security using AI/ML and serverless computing are gaining popularity. It’s just not that the traditional VPN technology is also coming back into relevance as the in-house network security is currently irrelevant. With companies expecting more than half of their workforce willing to work from home, CISOs are getting ready for a hybrid workplace. Working on cloud and DCs are now considered to be a safe bet.
The tough question for CISOs is how to reduce multiple security tools which are not only complex but also a reason for inviting risks due to human error, instead lookout for a simplified yet robust security mechanism.
Cybersecurity Ventures predicts that the number of humans on the internet will triple and reach 6 billion and by 2030 that number will rise to 7.5 billion. With the option of remote working increasing the number of people on the internet will also increase and so will the cybersecurity threats. To counter this, CISOs must cultivate a company-wide cyber-resilient culture. Besides, more attention needs to be paid to the identification of potential insider threats. For example, partners and employees of the organization, who also access the company website, have email communication that needs to be brought under the company’s security blanket as they are the first line of defence.
Companies should not just focus on implementing cybersecurity, but should also follow best remote working cybersecurity practices like:
- Data encryption and rigidly control access to encrypted data
- Deploying secure devices to remote employees
- Enhance VPN security, password strength and telephone/video conference protections
- Refresh phishing warnings and recheck Wi-Fi security
- Limit or block access to games and websites on devices used to access employer systems
- Prevent external device attachment
- Ask employees to avoid public hotspots
- Include multifactor authentication
- Track employees devices
- Prepare an incident response plan
- Organization-wide changes, processes and employee training must inform and bolster any company’s cybersecurity stance
The most important concept that organizations like SMEs and even large corporations need to understand is that cybersecurity is on-going. Merely transforming the systems to meet the current requirement without a futuristic plan will not only cause chaos and vulnerability in the near future but also will end up as a financial liability. Instead of focusing on just current and the next few months, they should focus on how to improve overall security which would be beneficial in the long run, especially when situations like a pandemic or any other sudden calamities strike because ‘to be prepared is half the victory’.