The COVID-19 pandemic has been a shock to our systems. It has forced societies, governments, businesses and individuals to abruptly rethink long-held practices and processes – including in basic areas such as how and where we work, teach, learn, live and interact.
In our lifetimes it is difficult to think of a singular event that has caused as much disruption as in such a compressed time. And the impact continues to evolve, with things moving so quickly that we can’t always predict or control events.
Our digital world has been front and center in absorbing and mitigating the shock waves. Connected digital technologies have enabled organizations to rapidly shift to work-from-home models and been crucial in shaping responses in healthcare, science, supply chain, education and virtually every aspect of life during these challenging times. Many of the changes will likely be with us for the foreseeable future and beyond, creating a new normal.
In different parts of the world, some workplaces have tried to reopen or want to reopen. But in this pandemic time, organizations have to navigate through uncertainties, while ensuring business continuity and safety.
A survey from Intel 451 Research indicates that two-thirds of organizations expect expanded work-from-home policies to remain in effect long term or permanently. The same research shows almost half of all companies expect to reduce their physical office space.
Let’s prepare for a long haul of working remotely and the security challenges that come with that. This is just the beginning. The new normal in work is precipitating a new normal in cybersecurity. Organizations will have to embrace new tools, processes and strategies — and be far more agile than ever before.
As always, threat actors are opportunistic and early adopters in exploiting new vulnerabilities in human behavior and technology. With millions of people working from home, hackers are taking advantage of this pandemic to launch new cyber attacks. So what can be done?
The Cyber Hygiene Stress Test
Organizations are quickly trying to adapt IT to the new normal. For an average business, it means scaling up its existing network and endpoint security for a remote workforce that has grown from 30% to about 90%. This means adjusting policies in applications to be accessible remotely or to secure them with two-factor authentication.
At the same time, according to the latest Fortune 500 CEO survey, more than 75% of CEOs said COVID-19 will accelerate digital transformation and introduce new technologies. The impact on cybersecurity will be profound. More pressure on IT and development teams to deliver digitalization will result in more bugs and vulnerabilities and a higher exposure to being compromised.
Cybersecurity professionals understand that cyber hygiene, such as patching, is essential to security. It’s like wearing a mask; it does not always feel and look good and is therefore often ignored or forgotten. With digital acceleration, it will get worse before it gets better. To counter that, we should take enough time to prepare for bigger and more frequent cyber incidents, and learn how to manage potential crises.
The Age of Platforms
Established organizations tend to approach cybersecurity in a siloed and event-driven way. As a result, we often see highly fragmented, almost Frankenstein-like technology environments: Dozens of unintegrated security controls across network, endpoint and server environments.
One may argue that security information and event management systems (SIEMS) were the glue to provide the bridge between all the controls. But, let’s be honest. How much do they really help when it comes to business support of new applications or technologies? Or responding faster to incidents?
When onboarding a new technology (such as cloud), you have to do everything from detection to response from scratch: training your staff, integrating the tool, writing processes, etc.
Applying the highest level of defense everywhere by point products is the main inhibitor for automation, speed and agility—the three factors that count most when it comes to competition in a digital world. To achieve this, cybersecurity platforms adopt an approach that follows the following key principles:
- A wide portfolio of sensors and control capabilities across all technology environments
- Integrated detection and response capabilities
- Centralized, identity-focused policy framework
- Cloud delivery
The benefits of a platform are obvious: The time to secure technologies is dramatically faster, the response speed to incidents is lower and the cost of a platform is often half the cost in a fragmented environment.
However, adopting a platform model has always been a hard task to achieve when it comes to cybersecurity. Silos-thinking, diffused technology budgets, lack of digital culture—there has always been an excuse why it would not work.
Why will it be different in a post-covid world? The reason is simple. The digital acceleration is existential for most organizations and individuals. Platforms will become the “new normal” considering their cost effectiveness as well as their agility to secure new technologies. Markets have already embraced this evolution of new categories of cloud-based platforms across network, cloud and security, or across security operations centers.
Remote Incident Response
Like all of us, IT and cybersecurity teams must also work remotely and support a wide range of users across many devices and locations.
For example, if a machine in an employee’s home is infected with malware, the “old normal” playbook would be to isolate it or to reinstall the operating system or to collect the hardware for forensics.
Today the question is: Does an organization have the capability to do this type of intervention remotely? Is remote access part of the corporate culture? Can IT teams identify potential threats and breaches through remote forensics? Even if it is a BYOD device? What about incident response and forensics in public clouds?
Most organizations are not set up for this from an operational, compliance and data privacy standpoint. However, that will have to change, requiring a shift in technology as well as corporate culture at a very radical pace.
Brace yourself: The new normal is here to stay. It will have a strong impact on how we secure our data and assets in our increasingly digital world, which means there will be a new normal in cybersecurity as well.
Sergej Epp is Chief Security Officer in Central Europe for Palo Alto Networks.