As the pandemic drags on & on, remote work-forces stay remote, zero-trust & other lessons learned will remain important.
The reality is for many organisations, remote work will play a massive role in business through 2020 & beyond. So will increased cyber-criminal activity, as shown by a 131% increase in viruses, & around 600 new phishing attacks a day when the pandemic started.
Initially, a number of phishing attacks directly related to COVID-19 were seen (including ones purporting to be from the US Centers for Disease Control & Prevention). Later, these attacks centred on stimulus packages & unemployment insurance, before moving to subjects like vaccines & the stock market.
Now, attackers are using a variety of relevant subjects, everything from “staycations” to boat rentals & food deliveries. They are not just using email for these attempts, as online ads & mobile apps are just a couple of other tactics used.
Even if organisations have created more flexible remote-work policies to better accommodate the needs of their employees in the short term, these businesses must ensure that their teleworker strategies can support & secure remote connectivity long-term.
Due to the pandemic, CISOs initially faced the huge pressure of maintaining business continuity with almost 100% of the workforce moving to working from home, in just a couple of days. Many successful approaches for this are based on a careful analysis of existing capabilities, so that instead of adding new technologies, they used the potential of the solutions already in place.
The benefit of assessing in light of those business imperatives is that you ask the right questions about what processes, data & apps actually are critical to maintain the business.
This response to crisis created moments of insight & thus unified security practices across the branches (i.e., the core & cloud-based infrastructures). Many organisations simply did not know about some of the weak spots & bottlenecks in their infrastructures.
Most knew that phishing emails were dangerous, but they may not have expected corporate laptops be at risk if someone else in the same household clicked on a link, while chatting & playing online games.
To deal with these things when they became noticeable, some businesses made changes & additions to their environments in a manner & speed that made it impossible to understand the downstream effects.
Though it may have seemed initially challenging, at least from a technical standpoint, implementing a strong & secure remote-worker program was not necessarily as hard as many organisations thought. However, it did require the correct policies & openness to embrace change, in order to pull it all off effectively & under a tight deadline.
Some organisations took common VPN approaches, while other organisations are building robust and scalable cloud, SD-WAN & network access control (NAC) solutions.
Scaling-up solutions was made easier when businesses already had the correct infrastructure in place to begin with. With careful planning & the right technology partnerships, some organisations were able to execute on or expand their teleworker strategy.
In the future, remote work may be a bigger part of corporate strategies. The experience of the pandemic has made businesses realise that the reasons to retain, or possibly expand, their remote-work strategies quickly outnumbered the reasons against remote work becoming a standard part of an organisation’s business process going forward.
To an extent, remote work is here permanently. A Gartner survey of 317 CFOs & finance leaders in late March found that 74% will move at least 5% of their previously on-site workforce to permanently remote positions post-COVID 19. Almost 25% said they will shift at least 20% of their on-site employees to permanent remote positions.
Zero-trust network access will become increasingly important. There is now a major emphasis on this concept because companies are recognising that they have many VPN tunnels that need to understand & confirm who the users are, & also, they have users on all different types of devices that now have access to the corporate network.
Organisations will be looking at their security vendors & OEMs to implement the best functions of zero trust in a way that is both manageable & increases the organisation’s overall security posture. It is not unreasonable to think that organisations will take different zero-trust strategies for different parts of their business, such as cloud, remote & data centres.
The ability to understand & see everything on the network has become critical. With a few months of remote working, organisations are able to take a step back & evaluate whether they put every security measure needed in place so that their remote-work solutions are effective long-term.
As a result, many of them are bolstering their zero-trust capabilities, so they know exactly who & what is on their network well into the future as employees continue to work remotely.
Another result is that the need for more tightly integrated network & security functions will grow. Network infrastructure needs to support & enable other aspects of the business.
It must allow for dynamic change & new technology integrations & must have integrated & automated security functions to reduce complexity and increase efficiency.
This needs to extend from branch to edge, & from the data centre to the cloud, with a cohesive policy & centralised visibility & management throughout.
Now that businesses are rapidly acknowledging the cloud as an extension of the data centre, it becomes critical for network & security policies to seamlessly expand into these environments & maintain the same ease of deployment & security maturity, as their more traditional physical counterparts.
As the pandemic developed, it is becoming increasingly clear that remote work is not merely a temporary solution. We have seen a dramatic change in the last few months both in the business community’s ability to adapt, & in the cyber-criminal community as it follows trends to increase its attack cycles.
Network visibility & zero-trust capabilities become key enabling ongoing, secure remote work. In short, the pandemic has brought home the need for agility, both in business continuity & in-network infrastructure. It is hoped these lessons be heeded moving forward.