COVID-19 has forced societies, governments, businesses and individuals to suddenly rethink long-held practices and processes. This includes fundamental aspects of our lives, such as how and where we work, teach, learn, live and interact.
It is hard to think of any other single event that has caused as much disruption in such a short moment of time. And the impact continues to reverberate and dislocate, with things moving so quickly that we can’t always predict or control events.
Our digital world has been front and centre in absorbing and mitigating the COVID-19 triggered shock waves. Connected digital technologies have helped organisations rapidly shift to work-from-home models and have been crucial in responses in healthcare, science, supply chain, education and virtually every aspect of life during these challenging times. Many of the changes will likely be with us for the foreseeable future and beyond, creating the much repeated – but accurate – cliché of a “new normal”.
We need to prepare for a long haul of working remotely and the security challenges that come with that. This is just the beginning. A survey from 451 Research indicates that two-thirds of organisations expect expanded work-from-home policies to remain in effect long term or permanently. The same research shows almost half of all companies expect to reduce their physical office space. Notably, financial institutions are at the forefront of a permanent or hybrid of home and office working, with Lloyds, Natwest and HSBC planning to allow more flexible working in the future, according to the BBC.
This new normal in how work is organised is precipitating a new normal in cybersecurity. Organisations will have to embrace new tools, processes and strategies — and be far more agile than ever before – because threat actors are opportunistic and early adopters in exploiting new vulnerabilities in human behaviour and technology.
With millions of people working from home, hackers are taking advantage of this pandemic to launch new cyber attacks. So what can be done?
Stress Testing Your Cyber Hygiene
Organisations are quickly trying to adapt IT to the new normal. For an average business, it means scaling up its existing network and endpoint security for a remote workforce that has grown from 30% to about 90%. This means adjusting policies in applications to be accessible remotely or to secure them with two-factor authentication.
At the same time, according to the latest Fortune 500 CEO survey, more than 75% of CEOs said COVID-19 will accelerate digital transformation and introduce new technologies. The impact on cybersecurity will be significant. More pressure on IT and development teams to deliver digitalisation will result in more bugs and vulnerabilities and a higher exposure to being compromised.
Cybersecurity professionals understand that cyber hygiene, such as patching, is essential to security. It’s like wearing a mask; it does not always feel and look good and is therefore often ignored or forgotten. With digital acceleration, it will get worse before it gets better. To counter that, we should take enough time to prepare for bigger and more frequent cyber incidents, and learn how to manage potential crises.
The Era of Security Platforms
Established organisations tend to approach cybersecurity in a siloed and event-driven way. As a result, we often see highly fragmented, almost Frankenstein-like technology environments: dozens of unintegrated security controls across network, endpoint and server environments.
One may argue that security information and event management systems (SIEMS) were the glue to provide the bridge between all the controls. But, let’s be honest. How much do they really help when it comes to business support of new applications or technologies? Or responding faster to incidents?
When onboarding a new technology (such as cloud), you have to do everything from detection to response from scratch: training your staff, integrating the tool, writing processes, etc.
Applying the highest level of defence everywhere by point products is the main inhibitor for automation, speed and agility – the three factors that count most when it comes to competition in a digital world. To achieve this, cybersecurity platforms adopt an approach that applies the following key principles:
- A wide portfolio of sensors and control capabilities across all technology environments
- Integrated detection and response capabilities
- Centralised, identity-focused policy framework
- Cloud delivery
The benefits of a platform are obvious: the time to secure technologies is dramatically faster, the response speed to incidents is lower and a platform is often half the cost in a fragmented environment.
However, adopting a platform model has always been a hard task to achieve when it comes to cybersecurity. Siloed-thinking, diffused technology budgets, lack of digital culture – there has always been an excuse why it would not work.
Why will it be different in a post-COVID world? The reason is simple. The digital acceleration is existential for most organisations and individuals. Platforms will become the “new normal”, considering their cost effectiveness as well as their agility to secure new technologies. Markets have already embraced this evolution of new categories of cloud-based platforms across network, cloud and security, or across security operations centres.
Remote Incident Response
Like the majority of colleagues who are being required to protect and support, IT and cybersecurity teams must also work remotely and support a wide range of users across many devices and locations.
For example, if a machine in an employee’s home is infected with malware, the “old normal” playbook would be to isolate it or to reinstall the operating system or to collect the hardware for forensics.
Today the question is: does an organisation have the capability to do this type of intervention remotely? Is remote access part of the corporate culture? Can IT teams identify potential threats and breaches through remote forensics? Even if it is a BYOD device? What about incident response and forensics in public clouds?
Most organisations are not set up for this from an operational, compliance and data privacy standpoint. However, that will have to change, requiring a shift in technology as well as corporate culture at a very radical pace.
So, be honest with yourself. The new normal is here to stay. It will have a strong impact on how we secure our data and assets in our increasingly digital world, which means there will be a new normal in cybersecurity as well.
By Sergej Epp, Chief Security Officer in Central Europe for Palo Alto Networks