- Security TWENTY
- Women in Security
According to the UK official Office of National Statistics (ONS), before the recent coronavirus pandemic less than 30 per cent of the UK workforce worked occasionally from home – with just 5pc doing so predominantly. However, organisations are now operating with remote workforce models they have had to initiate with little warning. And, with restrictions across Europe easing, they are now having to consider what a post-pandemic future requires: socially-distanced workplaces, remote working, or investment in new technologies.
Conversations about what the workplace is going to look like are already taking place, but the reality is that we’re most likely going to see rolling lockdowns over the next 12 to 18 months to prevent the continuation of COVID-19.
Jay Ryerse, CISSP, VP of Cybersecurity Initiatives at ConnectWise, suggests: “Businesses need to ask themselves, how did they digitally transform their organisation to allow all or the majority of their employees to work from home? Did the rush to do so create any security vulnerabilities? So the conversations that need to take place are how can they slowly bring employees back into the workplace – not only without risking the spread of disease even further, but also in a way that is secure and safe on a digital front.
“It’s important to consider that not all employees will want to come back to the office full time. Also, with the requirements of social distancing likely to be long-lasting, many organisations will have to implement designated work-from-home and in-office days for different teams. This will clearly impact how organisations purchase IT infrastructure going forward, for example, buying more laptops instead of desktops. That also means they will need to train employees on using a VPN connection to ensure the business can control whether the data flow is secure without putting the organisation at further risk from using BYOD.
“What we’re dealing with here is fear of the unknown. Many employees live with their families, so they don’t want to be put at risk of catching the virus if they have somebody vulnerable at home, whether it’s an elderly parent or their kids. For those organisations that put infrastructure in place to allow their employees to work from home, they’ve most likely realised that the team can perform admirably in a remote workforce. This means organisations will need to strengthen their security as the majority or part of their organisation will want to continue working remote, and protecting their own company and customer data from cyber attacks and even hardware failure will be critical.”
Krishna Subramanian, COO at Komprise, agrees that while it’s encouraging that the lockdown in the UK is slowly starting to ease, it’s important for business leaders to recognise that this doesn’t mean their employees will all be back in the office any time soon – if ever. “We have moved into a very different ‘normal’ where remote working has become the standard, and this is likely to continue in some form even once the pandemic is over. Some companies such as Google and Facebook have already decided to let their employees work from home for the rest of this calendar year. For many businesses that are able to support employees working remotely, it is likely that this will become the new norm, rather than employees mainly being office-based. For example, a department or team may have one set day each week that they all come into the office to meet, and then the other four days are for remote working.
“This will be more challenging for some businesses and industries than others, but it will become clear as this pandemic continues which businesses have been able to manage the change well enough for it to become more permanent. Even still, there will be increased challenges for IT departments to support employees using IT equipment or accessing secure systems outside of the office. A data management solution is one method for improving the ability for employees to work efficiently from home, as it can help to keep all of the data stored by a business in order, and can help employees to retrieve this data more quickly, saving them time that can be better spent on tasks which require their expertise.”
IT leaders should be thinking about how to deliver the right service, securely and efficiently, as long as the lockdown endures, says Jeremy Atkins, UKI Sales Director – Enterprise & Public Sector at Commvault. “Not only this, but they should be thinking about how this situation has affected their long-term IT strategy, and how much they need to change it so it best aligns with the new normal.
“There are key questions the senior IT executive must ask themself. Do endpoints have adequate protection? Are you protecting the data in the cloud? Have you reviewed and updated your operational processes? Have you reviewed and updated your contingency plans?
“It is vitally important at this time for businesses to think about what they currently have on their IT agenda, and assess whether some projects can be put on hold. Now is the time to focus on what needs to be done in order to secure and enable the business, then build the new programme that will make life easier and more flexible in the future. Whilst the current situation may be temporary, it still leaves plenty of opportunity for disaster and attack both from external and internal sources. Along with the speed and scale of this change, we cannot exactly pinpoint where we will be in six, 12, 24 months, so it is best to be prepared for whatever the future may hold.”
The coronavirus pandemic has also offered cybercriminals opportunities to exploit victims’ uncertainties, sow seeds of false hope, and cause disarray. Andy Swift, Head of Offensive Security at Six Degrees, says: “I don’t expect this to change as we transition towards a post-pandemic world.
“Many organisations throughout the world are fighting to remain operational, and cybercriminals know this. They will continue to proactively target organisations that are struggling as a result of the coronavirus pandemic, as they recognise that budgets for IT and cyber security resources may well have been reduced – making them easier targets for phishing and ransomware attacks.
“Post-pandemic, I can see a lot of organisations realising the benefits of mobilising a remote workforce and transitioning to a more flexible, hybrid operational model. I expect to see a continued increase in the targeting of conferencing tools moving forward, both through continued phishing campaigns and exploits identified following more in-depth research in the area. My advice to anyone reading this is to keep cyber security high on your agenda throughout the coronavirus pandemic and beyond; doing so will minimise your exposure to data breach and enhance your ability to remain efficient and operational.”
Similarly, Alan Conboy, Office of the CTO at Scale Computing, suggests that businesses should focus on investment in technologies such as cyber security, to ensure they have a strong business continuity model. “Deploying a work-from-home strategy smoothly and securely, as well as the enormous spike in ransomware attacks during recent months, have been the root of anxiety among many business owners, governments, and schools. The focus for all organisations right now, and post-pandemic, must be business continuity: investing in systems that combine preventative measures and planned reactive measures to ensure that an organisation can continue doing business, despite potential threats, like those caused by the pandemic. In the IT world, this may include backup, disaster recovery (DR), easily deployed work-from-home solutions, and cybersecurity.
“While in the midst of the chaos it may seem irrelevant, or even a waste of time, to think longer term about business continuity. However, the potential for many organisations to keep a vast majority of their workforce working remotely, even as we begin to come out of the other side of COVID-19, in order to save on the cost of an office space, means it would be wise for organisations to consider investing in solutions and processes that are simple to implement, manage, and maintain remotely. Solutions that have built-in backup and DR, allow users to work remotely, safely, and securely, and provide protection from ransomware are becoming increasingly important in the new and uncertain times we are living through.”
As we begin to move through the pandemic and the most severe restrictions are lifted, organisations should prioritise reinvesting in their security teams, says Richard Cassidy, Senior Director Security Strategy at Exabeam.
“The ‘new normal’ we are beginning to craft will need a far greater focus on security and the already limited supply of security professionals tasked with ensuring this will need our full and comprehensive support – from ensuring they have the right tools, to approaching productivity, mental health, and collaboration and a more sophisticated way.
“For years now, we have lived in an age of alert overload, with security, risk, compliance, and response teams overwhelmed by the data points they receive. All too often in the news, we see the result of critical alerts and events slipping through the defensive net. As we plan for a new normal, we need to consider how we can better support our security teams and automate as much of the more time intensive and mundane tasks as possible. This will help security professionals better protect their organisations, and will help more junior analysts do more to support their team.”