The COVID-19 pandemic has wreaked havoc on the world, causing previously unimaginable human suffering and economic harm. At of the time of this writing, the pandemic is still unfolding, with governments, societies and corporations trying to assess its full impact and plan for what comes next.
It goes without saying that it would have been better if the COVID-19 event had never occurred. But… for corporate and cybersecurity leaders, who are tasked with making pragmatic decisions based on the facts on the ground, is it possible that there are valuable lessons to be learned – particularly when it comes to our cybersecurity postures, which have been tested as never before?
To get a perspective, we spoke with Trustwave Senior Vice President of Managed Security Services Chris Schueler.
Q. In corporate cybersecurity, have you seeing any encouraging trends emerge from the way organizations have responded to the COVID-19 pandemic?
Chris: I think COVID-19 has brought the need for a strong remote working program to the forefront, which is something that every corporate cybersecurity program should have. It helps traveling employees stay productive and offers employees work-from-home flexibility. So, the work-from-home surge that we’ve had has forced companies, who may not have previously faced the need for it, to take remote working seriously.
Secondly, for companies that did have remote working programs, but perhaps took it lightly, this has served as a valuable forcing function. Companies that suddenly became 100% dependent on remote working had to take a hard look at their program to assess whether it was robust and secure enough.
On the positive side, this event has helped create the right focus for CISOs. Especially since there’s a good chance the immediate future will result in the need for more remote working, not less. And many organizations are actually reporting increases in productivity and reductions in costs with their teams working from home.
Q. Have you heard corporate leaders talking about the cost benefits of remote working?
Chris: Yes. A number of clients have told me that CFO’s are pushing to solidify work-from-home plans, because they would like to build the savings into their cost models. There could be significant benefits from reducing costs for facilities, commuting costs… even just paying for perks like food or drinks for the office. COVID-19 has really opened eyes to the fact that remote working is not only feasible, but perhaps desirable, thanks to tools like video conferencing that help keep employee engagement high.
Q. What kind of challenges have you heard corporate leader talk about?
Chris: The challenges to working from home is that you have a more insecure working environment. In most corporate environments, you have a lot of barricades, detection mechanisms and preventative measures that create a safer, cleaner work environment. When you’re working from home, everything is completely exposed. Your kid’s laptop, your spouse’s laptop… all of them become potential targets, because they can become infected.
Also, internet of things (IOT) devices have become potential adversaries, and we all know how easy they are to hack. So now, the exposure that corporations are faced with have increased tenfold, since they’re at the mercy of home user environments, over which they have less control. And we’ve actually seen adversaries starting to take advantage of these opportunities.
Q. How have you seen organizations streamlining their security to meet the COVID challenge?
Chris: Security hygiene is the first step: password hygiene, rotating passwords and having multifactor authentication can help prevent many of the attacks come in. Also, having visibility down to the endpoints is crucial – since your work-from-home network is nearly an open one, even with VPNs, you have to assume that it’s insecure. So, the question is how do you secure the endpoint – and I’ve seen a huge uptake in endpoint security as well as remediation.
I think we’re in a multi-phase response in terms of how CISOs are responding to this challenge. I think phase one was continuity of operations… just keeping the business going. Now, we’re starting to think about the risks, and how to manage them.
Q. What are some best practices for a CISO to consider?
Chris: Start with the basics like taking a look at your hygiene practices, updating your password policy and enabling multifactor authentication. Then tighten up your email security, since this is a time when lots of attacks will be coming through that vector. Also, consider locking down URL categorization even further – since that’s something that can help stop attack vectors from hitting work-from-home laptops.
Also, leverage the technology investment that you already have in place. The short-term business outlook is uncertain because of COVID-19, and there are a lot of unknowns, so maximizing the investment you’ve already made to further control your environments, and minimize risks, will be key.
Q. Do you have recommendations for how organizations can maximize their technology investments?
Chris: Prioritize your risks based on the impact to your business, with the ultimate goal that the business stays operational. As part of that prioritization, map out your existing technology investments and align them to those risks, with the goal of finding ways to tweak and fine tune those investments to address the new risks. Some organizations won’t have the internal expertise to identify what some of those risks are, and they might need providers that can step in and help put solutions in place.
Q. What is your advice for a less mature organization when it comes to security – where should they start?
Chris: Learning to crawl before you try to run is always prudent, but the COVID-19 pandemic has kind of turned that on its head. So, while basic monitoring and protection basic preventative techniques are wise, how can organizations get to the “walk” part of the maturity cycle a little faster? Products like an EDR technology with a service wrapped around it can be a force multiplier – you can get better detection, response and remediation without making a significant investment in staff.
Q. Looking forward to an eventual return to “normal”, what do you think will be the most lasting positive impact of COVID-19?
Chris: I think for many organizations it will be worldly awareness – knowing what’s going on in the world. What goes around comes around, and I think COVID-19 has shown that, not only to IT people, but to humanity in general. Threats that are relevant to your industry in Australia, for example, are probably going to be relevant in the United States of America as well. Global awareness will change how many businesses behave for years going forward.
More specifically, I think things like pandemic planning and business continuity planning… those things were perhaps not taken as seriously as they should have been, and I think this event has taught many businesses to take a hard look at those plans.
Learn how to secure your remote workforce, protect against aggressive cyber threats and strengthen your security operations with threat detection and response resources from Trustwave.