From securing remote devices, to the need for multi-factor authentication, the pandemic has brought the value of cybersecurity to life. Countless cyber threats have emerged and grown as criminals have sought to take advantage of the chaos that ensued. Many won’t dissipate once the world returns to normal, and CISOs should expect a number of long-term impacts on security, especially given trends like remote working are here to stay.
Let’s take remote working as our first example. It brings an abundance of remote devices, all of which need to be patched and secured appropriately to avoid potential threats from hackers. This is challenging for those who aren’t connected to network infrastructure, but isn’t the only security consideration organisations have to take into account. Malware prevention and management is also essential to being cyber secure, especially as phishing attacks have spiked in the context of the virus.
But let’s return to network infrastructure for a moment. Employees need this connection to access company servers and stay up to date with the latest security policies. Most organisations use VPNs to connect employees with their infrastructure, so CISOs must ensure these connections are secure, and that controls are also implemented for cloud-based applications which don’t require VPN-based access to corporate resources.
This mass migration of infrastructure to the cloud (such as through Office 365) that many organisations have embarked on creates another challenge. That’s because many have failed to implement multifactor authentication – a vital, additional security layer that helps distance bad actors from infrastructure. We have seen several cyber incidents resulting from the use of weak passwords on SaaS solutions due to this exact oversight.
CISOs should invest their time and IT budget into new security technologies that are designed to help overcome these issues, which are likely to pervade after the pandemic. Many not only protect systems, but also reduce the risk of unnecessary security side-effects, such as the possibility of latency on devices. SD-WAN, for example, has end-to-end encryption built in to ensure data security both in-flight and in the cloud, and accelerates access to business applications by connecting to multiple cloud estates with ultra-low latency.
Secure Access Service Edge (SASE), which has piqued the interest of cybersecurity experts, as well as Gartner, is another solution to common security problems. Various solutions on the market claim to be SASE, but many only address one of its key areas, such as network, account management or data, rather than providing a holistic solution. CISOs should therefore be mindful of only investing in SASE technologies that address all the core areas outlined by Gartner and that all appropriate security controls are implemented, as only then can they be sure their organisation’s systems are truly secure.
CISOs must look ahead and proactively map their organisation’s vulnerabilities, security goals and budget to accurately prepare for these long-term cybersecurity impacts. Doing so will be key to navigating future crises, whether it’s a global pandemic, or something closer to home.
Head of Cyber Consultancy at Exponential-e
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.