The COVID-19 pandemic, which led businesses to close offices and forced employees to work remotely, put corporate security and cybersecurity to one of their most rigorous tests ever.
There’s no escaping the fact that the COVID-19 pandemic has been a disruptive business force. However, many security leaders and teams have reported positive outcomes, such as increased collaboration and teamwork across departments and key stakeholders who were previously siloed, improved communication across the enterprise, and a boost in business status. Many firms, at the very least, have more robust, upgraded operational and business continuity plans, processes, and actions as a result of the lessons learned. These are a few lessons that can help companies to become more resilient in the future.
Like many security teams, leaders, and agencies switched to leading, managing, or assisting COVID-19 response activities, civil unrest response, and more, the pandemic underlined the value of flexibility as a security leader. Health screenings, temperature checks, mask enforcement, and social distancing were tasked to teams that were previously focused on access control and physical presence. It’s never been more crucial to be able to swivel and remain flexible.
Since the COVID-19 pandemic began, security professionals have witnessed, perhaps more than any other job role, how the threat landscape has expanded and evolved in a variety of ways: increased cyber-attacks and network vulnerabilities, surges in disinformation campaigns, an increase in people leaving the workforce or switching careers, industries, or professions, and much more. In many situations, security teams were tasked with taking on extra or different responsibilities.
Administrate security remotely
Rather than having a physical presence at offices and other sites, businesses must be prepared to safeguard things remotely. They may need to be ready to shift data and services from local servers to cloud service providers quickly in order to make them simpler to access, manage, protect, and monitor. Additionally, organizations need to ensure that all client devices, such as laptops, smartphones, and tablets, can be remotely managed, controlled, and monitored by authorized security administrators as needed.
Enterprises must increase the amount of time and money they spend on protecting and managing all remote access options. Any compromise of these solutions might have disastrous consequences because they will be used by the majority, if not all, of the company’s employees.
Also Read: The State of Enterprise Security in 2022
Considerations for the supply chain should also be incorporated into the plan. For example, how can firms buy, provide, and distribute more hardware-based cryptographic tokens for remote access during a lockdown? The same may be said for any additional resources that their cybersecurity team would require.
It’s necessary not just to develop a post-pandemic cybersecurity plan, but also to harmonize it with other elements of the organization and, most importantly, to practice putting it into action.
Weak security exists on the edge
The realm of Operational Technology (OT), which is in charge of overseeing the performance of physical processes and the machinery that carries them out, wasn’t built with the intention of being patched on a regular basis. They weren’t made with the intention of being related to anything. To be able to deter with an OT site, an attacker would have needed physical access.
That is no longer the case. The installation of gadgets that are part of the Internet of Things (IoT) has connected OT and large industrial facilities to the internet. That’s a recipe for disaster: many IoT devices, like any other internet-connected device, have shown to be relatively easy to hack. Once an attacker has gained access to a device, they have unrestricted access to networks. As a result, CISOs must update the tried-and-true security trifecta of confidentiality, integrity, and availability to incorporate safety as well.