This article is part of a series hosted by Security Roundtable and powered by Palo Alto Networks that provides ideas for dealing with the ongoing cybersecurity challenges during the coronavirus (COVID-19) pandemic.
The COVID-19 pandemic is changing our world every day, its personal and economic toll immeasurable. As business leaders we have an imperative to save jobs where possible, create new ways of working and support our people.
Many of the changes now taking place will likely remain for the longer term. When the crisis is over, what will our world look like? How will businesses be transformed? Will remote work take over?
I see five trends that are harbingers for the future of work. Now is the time to start planning for a new normal—for how we hire, manage, communicate, collaborate, protect and secure our businesses and workforces.
No. 1: Employees will be increasingly comfortable working remotely.
This new normal will bring dramatic increases in hybrid environments for working in offices and at homes, particularly for knowledge workers. We are already getting glimpses into what that will look like. It requires acclimatizing remote workers to using the right tools for collaboration, efficiently maximizing productivity and finding new ways to manage work and family life.
For organizations, metrics are needed to understand how your remote workforce is actually operating. At our company, for example, we’re seeing a 12% increase in the amount of time workers spend on email, as well as more meetings, but shorter ones—indications that email and video are replacing the office drop-by.
We also see increases in cybersecurity risk that all companies must address, including documented spikes in Zoom bombing, ransomware attacks, targeted phishing and more.
Employees are more frequently using the same device for work and personal use. This creates a bigger and more varied attack surface. In addition, these same devices are often used by multiple members of the family. So, it’s important to develop as strong a security posture for bring-your-own-devices (BYOD) as you do for company-owned devices.
No. 2: Traditional business continuity planning won’t work anymore.
For many companies, business continuity plans will need updating. Right now, some companies are comfortable with getting workloads and applications back up and fully running 24 to 72 hours after a major disaster.
Post-pandemic, with people working remotely and supply chains in transition, that amount of downtime would be crippling. Organizations will instead need an evergreen business continuity plan that enables minimal to no disruption under a wide range of scenarios.
This means more considerations for capabilities that will help businesses get up and running quickly and with no data loss, such as having multiple active cloud data centers in multiple regions, so that if one goes down or is unavailable, the other one takes over in real time. Also distributed and scaled-out applications, thin edge networks and resilient systems, all of which can reduce the risk of downtime.
Other key considerations include enabling employees to work from anywhere; greater geographic diversity in the supply chain; remote customer service and support, and remote IT support as the rule, not the exception.
No. 3: Security operations will need a new model.
With more people working remotely and the continued growth of the Internet of Things, hackers will have many more points of entry to attack your business. There will also be more risks of breaches due to employee negligence or ignorance.
This much larger attack surface is a serious challenge. With Network Operations Center and Security Operations Center personnel working remotely, you’ll need a plan.
Traditional NOCs and SOCs are dead. Next-generation NOCs and SOCs will require a centralized view of incidents, higher degrees of automation with lower false positive rates, security-focused case management and, finally, real-time collaboration among analysts working from their homes all over the world.
A new remote SOC model should be based on cutting-edge tools; is highly automated; is powered by machine-learning algorithms for massive intelligence; and enables coordinated and highly efficient responses to behavioral anomalies in infrastructure, applications and data.
No. 4: Cloud deployments will accelerate.
It may be hard to imagine that cloud usage can grow faster than it has over the past few years, but this pandemic has sped up the need to put even more of our work into the cloud and depend more heavily on cloud services for cybersecurity.
The reality is that applications, workloads and security protections in the cloud are much easier to scale, disseminate and manage than more traditional on-premises solutions.
IT and security teams can manage 100% remotely in the cloud and distribute tools, updates, patches and other vital technology innovations across the entire organization when they are ready and when they are needed.
Any organization that has not yet adopted a cloud-enabled or cloud-first cybersecurity platform would be wise to move in that direction immediately.
No. 5: Remote workforce productivity will be different.
It’s not just about enabling people to work from home; it’s about making sure that they are productive and secure. Asynchronous learning will become pervasive and if done right will reduce unproductive meetings. We should embrace and develop online-first training for employees or new hires.
For IT and security teams, it means increasing focus on leveraging signals from data to learn what is working versus what is not, and quickly iterating on tools and technologies that customers and employees are comfortable using.
It also means constant communication about proper security precautions and best practices in cybersecurity hygiene. We cannot expect our workers to engage in safe practices if they don’t know what they are. It is our responsibility to make sure they are informed and provide training and enforcement of security policies.
Looking Into the Future
At a time like this, empathetic leadership cannot be overemphasized. In our case, employees are telling us they feel more connected to management than ever before, a result of regular communications and more virtual, town hall–like meetings.
As business leaders, take the time and effort to understand the impact the crisis will have on people’s lives and the ways in which they can be successful at work.
While the future is impossible to predict, your organization will benefit from adapting to all these changes. Future-of-work expert Gary Bolles talks about a “Great Reset” that will fundamentally redefine almost everything we think about work, including protecting jobs and workers.
Those organizations that welcome this reset and encourage their workers to be successful in this new environment—in short, organizations that recognize the world has changed forever—will be more capable of adapting, especially in contrast to organizations that just try to go back to what used to be normal.
There will be a new normal. It has already begun.
Naveen Zutshi is Chief Information Officer at Palo Alto Networks.
Go here to read all the articles in this series on dealing with the ongoing cybersecurity challenges during the coronavirus (COVID-19) pandemic.