If the COVID-19 pandemic has taught us anything so far, it is that we can never return to “normal.” Even once the pandemic ends, many of the ways we used to do things will forever be changed as we adapt to the new ways of doing things. It changes the way we think about everyday things, like hygiene, it changes how we shop, and it will definitely have an affect on how we do business going forward. The days of office workers needing to be in the office 5 days a week has shifted. With this change, it changes how CISOs need to think about their business’ cyber security strategy. Below are three ways enterprise cyber security could change in the future.
1. More Remote Workers = Change in Threat Landscape
COVID-19 forced a lot of businesses to either shut down, or have workers work remotely. According to a statistic from the Bureau of Labor Statistics, only 7% of the American workforce had the option to regularly work from home before the pandemic. This shift forced CISOs to quickly roll out VPN technology and remote collaboration tools. This also placed a lot of stress on workers who now had the task of setting up their devices with new technology at home without an IT member on site to help them.
Add to the above the possibility of workers connecting over unsecured wi-fi with devices that might be infected with malware. Or home IoT devices that could potentially be used as an attack vector. Plus, throw in some hackers who know stressed workers are sitting at home trying to read up on COVID-19, and you have a network ripe for the picking.
The challenge post COVID-19 will be to re-write security policies to consider remote workers that addresses IoT devices, using your own devices for work, and secured access. It will also need to address better cyber awareness training to ensure employees understand what types of emails or links could be a threat.
2. The Skill Sets CISOs are Looking for Will Change
The change to remote work will also means that CISOs will need to leverage a different skill set to deal with this change. CISOs will more than ever be looking to hire experienced staff who can act quickly without needing to be told what to do. With remote staff there is less need for on-site hands-on workers. Instead, having experience in remote forensics will be in high demand.There will be less demand for entry-level workers as CISOs look for more mid- to high-level workers who can make quick, wise decisions. CISOs will have tough decisions to make in regard to whether they can train someone within for these types of roles, hire, or partner with a cyber security provider to fill any gaps.
3. Disaster Recovery Planning is a Must
While no one could have predicted how bad COVID-19 would become, having a plan for disaster recovery and worst-case scenarios is still a must. If you didn’t have a plan before, you need to build one now. If you did have a plan, how will it change going forward? Do you have a plan for all staff working from home in the event of a disaster? Or maybe a hybrid plan where there are a few working in an office location with everyone else working remotely? COVID-19 has certainly tested corporate resiliency of most everyone working remotely. While it is working for the short term, will your organization be able to continue to work this way long term? It is important for organizations to have the right cloud-based services already in place and a virtual desktop infrastructure (VDI). A VDI is important because it will help ease congestion on the organization's grid. For most people, their PCs and home Internet connections are already strained under the increased demand for videoconferencing. This all becomes part of the disaster recovery plan. While no one knows what the next future disaster will be, being as prepared as possible for another post-COVID disaster is extremely important.
Has the COVID-19 pandemic made you feel worried about your organization’s cyber security? Do you worry about how to move on post COVID-19? Uzado is here to help, contact us to learn more about how we can help you with cyber security policies, staffing and disaster recovery planning.