Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:00 PM
Joe McMann
Joe McMann
Connect Directly
E-Mail vvv

Top 3 Cybersecurity Lessons Learned From the Pandemic

Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.

Cybersecurity professionals are always prepared to adapt. Our function is centered around potential risk and the ability to instantly respond to new threats and events that could put our organizations and their people in harm's way. An enormous amount of preparation and planning always needs to be in place — with a clear process and playbook to execute or a fundamental capability to fall back on in any given scenario.

But in March 2020, the world faced a scenario beyond the scope of anything we'd seen before. Companies were forced to move from reasonably well-defined enterprise infrastructures inside office buildings to a wide range of individual remote users signing in from countless access points across the world. From a cybersecurity perspective, the technology was already in place; remote employees have existed for years, as have the cybersecurity measures to keep them protected. The challenge was delivering this protection at unprecedented scale and speed while still maintaining cybersecurity best practices.

Related Content:

Secure Laptops & the Enterprise of the Future

Special Report: How IT Security Organizations Are Attacking the Cybersecurity Problem

New From The Edge: How to Protect Vulnerable Seniors From Cybercrime

One year into the pandemic, there are many lessons we have learned. Here are the top three that made the greatest impact on the new normal of cybersecurity:

1. In a Crisis, Cyber Resilience Is an Essential Business Enabler
The pandemic ignited an explosion of digital transformation. Instant pivots to remote operations meant pushing forward with technology investments in cloud, connectivity, automation, and innovation that may have taken months or years to implement in normal times. As the world began relying on these new digital capabilities, new risks and challenges were introduced. Organizations that were well-equipped to extend visibility and control to this new way of working found themselves in a far better situation than those that were scrambling to completely reengineer their security capabilities. The ones that had built an empowered and proactive security team, backed by robust processes and supported by effective technology, were able to adapt and overcome. Organizations that were locked into a rigid operational model, overly reliant on vendor platforms or lacking a defined set of processes to support their new reality, struggled to keep pace.

In a Capgemini study conducted in partnership with Forrester in late 2020, 75% of all organizations surveyed said they are increasing their cybersecurity budgets because of COVID-19, and 68% are specifically investing in cyber resilience. Many of these companies are within industries that were heavily impacted by the pandemic, including manufacturing, automotive, life sciences, energy, and utilities.

2. Define the New Perimeter
Since the pandemic began, we have seen an increased emphasis and shift toward zero trust and security access service edge (SASE) principles. With strong identity and access management capabilities, insights into services and APIs, and visibility into remote endpoint devices, security teams can put themselves in position for rapid and effective responses — even within this unique virtual setting. Access to sensitive and confidential data is the new perimeter for an organization's cybersecurity posture. Managing that access closely through the proper security technology capabilities and processes, with clear visibility into who has access to which information, through which avenues, and how/when they access it, has become a top priority — and will continue to be for the foreseeable future.

3. Awareness and Education Have Never Been More Important
COVID-19 has changed the cyber landscape now and likely into the future — with an evolving set of risks and challenges. With so many employees now outside the office walls, insider risks are one of the areas seeing increased focus. Not only is it more challenging for a security team to closely monitor intentional threats, but well-meaning employees detached from the corporate office may circumvent controls or best practices just to get their job done. To combat this, organizations must activate thorough, relatable, and frequent touchpoints to boost cyber awareness among their employees. Showing team members how adversaries operate, helping them recognize and understand the risks, and empowering them to be the first line of defense that stops these intruders at the first chance can go a long way in reducing incidental and unintentional impact. While cyber awareness and education may have been overlooked by some in years past, they are at the forefront of every program's strategy in cybersecurity's new normal.

How to Move Forward
Businesses have undergone enormous change since March 2020. Fortunately, the core principles and fundamentals of cybersecurity remain the same — cohesively joining people, process, and technology to drive effective operations and mitigate risk. Organizations must make the necessary investments to defend and put plans in place to brace for any future disruptions. As we look back on the past year, it's important to recognize the new ways our roles and functions have evolved. Moving forward, we can use these changes to our advantage as we protect our companies — both the physical offices and the global, widespread footprints of remote team members.

Joe McMann leads Capgemini's global cybersecurity portfolio. In his role, Joe sets the organization's global cybersecurity service strategy and works with teams around the world to help Capgemini's clients achieve cyber resilience while protecting and defending their ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.