Almost overnight, COVID-19 prompted workforces around the world to shift to entirely new ways of doing business. This change has forced organizations to adopt solutions that allow them to offer secure remote access to their employees, regardless of where they are working.
For large enterprises, who have long been moving considerable portions of their IT infrastructure and services to cloud environments, this challenge was not as debilitating. But, for the less cloud-savvy organizations, this shift required a quick and authoritative plan to reduce reliance on their corporate infrastructure. Coupled with the enormous increase in cybersecurity incidents since the pandemic began last March, organizations caught unprepared faced a costly and labor-intensive effort to quickly make services available to their remote employees.
This was the topic of a recent webinar, “Managing Cyber Risk in the Pandemic Era,” where Hugh Barrett, Telos VP of technical solutions, and Steve Horvath, Telos VP of strategy and cloud, were joined by John Nicely, Microsoft principal PM manager, to discuss the lasting cybersecurity impacts of the pandemic.
As discussed during the webinar, it is widely agreed that remote work is here to stay. Even after the pandemic becomes a distant memory, employees will want to maintain the freedom to work remotely, and enterprises will want to take advantage of cost savings resulting from lower capital expenditures. This paradigm shift has created the need for organizations to offer core IT services in a secure method to their remote employees. These services also need to have high availability and redundancy, which are two of the main benefits of utilizing cloud services.
Furthermore, cybersecurity training will need to adapt in order to educate employees on the associated cybersecurity risks of remote work, such as the handling of sensitive information, access control, and cyber incident reporting. At a corporate level, executives will need to discuss risk tolerance, and concede that a remote workforce will require the acceptance of more cybersecurity risk, which must be dealt with in a different manner.
These considerations have completely changed the cybersecurity mindset of many organizations, where cybersecurity is no longer only tied to risk, but also to business continuity. The management of IT infrastructure and services is transitioning to a ‘de-centralized’ approach, based on Zero Trust methodology. This can only be accomplished when organizations realize the value of next-generation VPNs, multi-factor authentication (MFA), and cloud based services. Also, as Hugh Barrett pointed out, “Good things always come out of bad situations,” and this is no different for the pandemic. Over the next few years we will indeed see a litany of new technologies released to bridge the issues posed by this shift to remote work.
Employers also will need to establish new methods to establish trust and verify the identity of their now remote workers. As a stepping stone in this process, companies need to conduct data analysis to evaluate the risk associated with data that will be accessed remotely. Data privacy controls and policies need to be established, and a governance structure for cybersecurity reporting becomes ever so important while employees are operating outside of the corporate network.
Ultimately, COVID has required employers and employees to think about cybersecurity risk differently. This new mindset is not only focused on cyber vulnerabilities, but also on business continuity. Core services need to be offered in a way that ensures availability and confidentiality, and cybersecurity training needs to evolve to focus on the unique risks posed by remote workers. Corporate data models also need to be re-evaluated and modified with the understanding that remote employees are now the front-line defense against cybersecurity attacks.
If you can relate to these issues I’ll end with a reassuring note – cybersecurity is truly forged in fire, and the challenges we face today will only further strengthen our approach to cybersecurity in the post-COVID world.