A lot of firms from across the world were all geared up and ready to indulge in spending more on their cybersecurity needs and securing their business networks. Threat detection, Data, and Network security and cloud application security were all ready to be invested in. And then, COVID-19 happened.
Everything changed overnight. Priorities, strategies, and tasks have all been turned upside down.
The following were the effects seen on the security landscape post the outbreak of the COVID-19.
- Larger projects have been postponed – A lot of larger organizations had plans to revamp the security structure of their organization. This could include everything from re-engineering security data pipeline, security across the enterprise and a lot more. Since the majority of the workforce is working remotely, all of these projects have been shelved, indefinitely.
- Fighting a battle to secure remote users – The mandate that every organization must have received was to get the teams up and running and then address the security issues. Even though CISO’s have been preparing for such a situation for years, the pandemic has forced security teams to work uphill to catch up. This means on the spot risk assessments, control adjustments, and a lot of work in collaboration with the IT and Networking teams.
- Scouring for quick wins – The CISO’s are trying their best to patch new holes as fast as they can. In some selected scenarios, this means they are starting right from square one as they quickly ramp up product research, purchasing cycles, testing, piloting, and deployment. Despite the constant workflow, CISO’s are looking for tools that can easily be installed and configured to ameliorate new risks.
While budgets need to be redefined in the wake of this pandemic, some of the emergency reinforcements include the following-
Endpoint Security Controls – Blocking malware while providing network access are the two foremost priorities. This, in turn, equates to a VPN client and Antivirus software, especially for employees who work on a system that is also shared by their family and friends. While some are also looking at asset and operational management tools which would help them turn their employee’s personal computers into their corporate assets on a short-term basis.
Mobile Device security –This was on the to-do list of every prominent organization’s to-do list. How that all the employees’ whether high priority or low are working remotely this becomes a high priority issue to address.
Network security – In order to deal with the current scenario where the majority of the workforce is working from home, CISO’s have resorted to VPNs to deal with this shift. The growth of VPN use is accompanied by the need to use more firewalls and other gateway appliances. Another quick win would be the use of more secure DNS services.
Multi-Factor Authentication – As high-value employees have migrated out of their secure workspaces, organizations that have succeeded with multifactor authentication are expanding their efforts with the same. The end goal is to bolster security first and then fine-tune their existing policies.
Below are some other observations
- The co-operation between the IT and networking teams is unprecedented with loads of things happening simultaneously.
- Since CISO’s are only working with a lot of trusted partners to get things done quickly, start-ups will be affected.
- End users are being monitored as asked by the CISO’s as they are working in tandem with the HR in providing a crash course. Those in possession of a synthetic phishing tool, have increased their activity here as well.
- There are no quick fixes when it comes to data security and hence end-user monitoring becomes more important.
- Before the pandemic hit the world, not many organization has their endpoint security configured for maximum protection settings due to the fear of disrupting the users with false positives or reduced performances. Some have modified their existing policies and have set their endpoint protection tool to maximum settings.
- By asking for help from trusted vendors CISO’s are now discovering product capabilities and free features that they were unaware of in the past.
To read more, please check eScan Blog