In today’s critical situation, organizations are getting prepared for business resilience and employee safety as a first step toward fighting against the coronavirus pandemic. Enterprises are supporting government initiatives and prioritizing the safety of their employees, who are now working from home on business-as-usual tasks, including IT infrastructure administration, monitoring, and compliance management. A remote workforce brings vital benefits to a business in terms of enhanced productivity, reduction in the spread of the virus at the workplace, and reduced operational costs, which can be utilized to invest in employee safety. The adoption of Software as a Service (SaaS)-based services has recently increased, with organizations buying licenses to enable remote working for employees yet without understanding the associated security risks introduced by unknown threat vectors.
A comprehensive and practical approach is required to mitigate the business risks from undiscovered cyberattacks. Another critical factor is a trusted partner who can provide unified end-to-end services to effectively manage new ways of working.
A tailored emergency advisory service is the need of the hour to compete against the cyber threats brought about by the pandemic. Organizations are enforcing remote working policies for employees, but that’s not enough to protect against modern threats emerging from the adoption of SaaS services and the relaxation of Bring Your Own Device (BYOD) policies. In the era of Internet of Things (IoT) connectivity and automation at scale, organizations must think beyond ad hoc workforce solutions such as remote access. A control framework should be mandated that’s not limited to a remote access solution, which would be focused on providing the resources and support for enabling supporting employees to work from home. An overall solution should focus on fortifying perimeter defense controls, reviewing and streamlining existing IT processes, enabling continuous attack surface visibility, and deploying required security controls that will protect from the abrupt leap of cyberattacks and an organization’s evolving digital environment.
As enterprises respond to the worldwide pandemic, changes in business processes driven by lockdowns are having dovetail effects on IT. As IT teams come to terms with increasing demands to enlarge enterprise perimeters and provision remote working, a number of cybersecurity challenges are emerging:
- The strange and evolving attack surface creates new unknown vulnerabilities.
- Inadequate IT resources can’t support the increasing demand for bandwidth, security controls, and operational staff.
- BYOD and remote workforce policies and processes are not updated.
- Unsafe authentication policies for a remote workforce can cause compromised identities.
- A lack of mandatory security controls is in place for protecting against ransomware and service disruptions.
- Cybersecurity hygiene, visibility, and monitoring processes haven’t been established.
- The unavailability of security controls creates vulnerabilities for critical infrastructures such as Operational Technology (OT) networks, Point of Sale (POS) systems, and cloud workloads.
- Unpatched legacy systems are running critical applications and open to cyberattacks.
- The prompt shift to using cloud applications is leading to vulnerabilities caused by employees accessing critical data from unmanaged devices.
Cybersecurity experts need to support enterprises during this journey by helping them identify new cyber threats and assess the gaps in their security controls. Typically, enterprises can take the following four steps to secure their infrastructures from the current and any future crises: