Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

3/22/2021
01:00 PM
Joe McMann
Joe McMann
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Top 3 Cybersecurity Lessons Learned From the Pandemic

Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.

Cybersecurity professionals are always prepared to adapt. Our function is centered around potential risk and the ability to instantly respond to new threats and events that could put our organizations and their people in harm's way. An enormous amount of preparation and planning always needs to be in place — with a clear process and playbook to execute or a fundamental capability to fall back on in any given scenario.

But in March 2020, the world faced a scenario beyond the scope of anything we'd seen before. Companies were forced to move from reasonably well-defined enterprise infrastructures inside office buildings to a wide range of individual remote users signing in from countless access points across the world. From a cybersecurity perspective, the technology was already in place; remote employees have existed for years, as have the cybersecurity measures to keep them protected. The challenge was delivering this protection at unprecedented scale and speed while still maintaining cybersecurity best practices.

Related Content:

Secure Laptops & the Enterprise of the Future

Special Report: How IT Security Organizations Are Attacking the Cybersecurity Problem

New From The Edge: How to Protect Vulnerable Seniors From Cybercrime

One year into the pandemic, there are many lessons we have learned. Here are the top three that made the greatest impact on the new normal of cybersecurity:

1. In a Crisis, Cyber Resilience Is an Essential Business Enabler
The pandemic ignited an explosion of digital transformation. Instant pivots to remote operations meant pushing forward with technology investments in cloud, connectivity, automation, and innovation that may have taken months or years to implement in normal times. As the world began relying on these new digital capabilities, new risks and challenges were introduced. Organizations that were well-equipped to extend visibility and control to this new way of working found themselves in a far better situation than those that were scrambling to completely reengineer their security capabilities. The ones that had built an empowered and proactive security team, backed by robust processes and supported by effective technology, were able to adapt and overcome. Organizations that were locked into a rigid operational model, overly reliant on vendor platforms or lacking a defined set of processes to support their new reality, struggled to keep pace.

In a Capgemini study conducted in partnership with Forrester in late 2020, 75% of all organizations surveyed said they are increasing their cybersecurity budgets because of COVID-19, and 68% are specifically investing in cyber resilience. Many of these companies are within industries that were heavily impacted by the pandemic, including manufacturing, automotive, life sciences, energy, and utilities.

2. Define the New Perimeter
Since the pandemic began, we have seen an increased emphasis and shift toward zero trust and security access service edge (SASE) principles. With strong identity and access management capabilities, insights into services and APIs, and visibility into remote endpoint devices, security teams can put themselves in position for rapid and effective responses — even within this unique virtual setting. Access to sensitive and confidential data is the new perimeter for an organization's cybersecurity posture. Managing that access closely through the proper security technology capabilities and processes, with clear visibility into who has access to which information, through which avenues, and how/when they access it, has become a top priority — and will continue to be for the foreseeable future.

3. Awareness and Education Have Never Been More Important
COVID-19 has changed the cyber landscape now and likely into the future — with an evolving set of risks and challenges. With so many employees now outside the office walls, insider risks are one of the areas seeing increased focus. Not only is it more challenging for a security team to closely monitor intentional threats, but well-meaning employees detached from the corporate office may circumvent controls or best practices just to get their job done. To combat this, organizations must activate thorough, relatable, and frequent touchpoints to boost cyber awareness among their employees. Showing team members how adversaries operate, helping them recognize and understand the risks, and empowering them to be the first line of defense that stops these intruders at the first chance can go a long way in reducing incidental and unintentional impact. While cyber awareness and education may have been overlooked by some in years past, they are at the forefront of every program's strategy in cybersecurity's new normal.

How to Move Forward
Businesses have undergone enormous change since March 2020. Fortunately, the core principles and fundamentals of cybersecurity remain the same — cohesively joining people, process, and technology to drive effective operations and mitigate risk. Organizations must make the necessary investments to defend and put plans in place to brace for any future disruptions. As we look back on the past year, it's important to recognize the new ways our roles and functions have evolved. Moving forward, we can use these changes to our advantage as we protect our companies — both the physical offices and the global, widespread footprints of remote team members.

Joe McMann leads Capgemini's global cybersecurity portfolio. In his role, Joe sets the organization's global cybersecurity service strategy and works with teams around the world to help Capgemini's clients achieve cyber resilience while protecting and defending their ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.