Attributed to Sean Duca, Vice President and Chief Security Officer, Asia Pacific and Japan, Palo Alto Networks
What had been privileges pre-COVID, however, have now become necessities. No one could have anticipated the scale at which remote work has expanded and the impact on supply chains, corporate cultures, morale and productivity.
Now that 2020 has come to a close, what are some of the important lessons we learned? How can these lessons help us to do a better job in the critical area of cybersecurity? Here are four areas to keep in mind as we enter 2021:
- Visibility: Now that many more people are working from home, and will likely continue working from home, we have to extend the visibility of the enterprise network. Our employees are likely using the same network as their families, which creates additional points of entry for attackers. We have to think of the home as the new network, with a broader perimeter than before.
- The New Workplace: People have always gone to work. But now, work needs to be delivered to people. They could be using any device, any network, any location. What used to be bring-your-own device is evolving to bring-your-own choice. Wherever workers are working is the new normal, so we need a more uniformed and structured way to do security. This will require the acceleration of automation, machine learning, artificial intelligence, cloud delivery and other trends that have been in the works for years.
- Building and Sustaining Cybersecurity Awareness: As we made the rapid transition to work-from-home, the attackers didn’t pause to give us time to make adjustments. Far from it. They became more aggressive than ever and used COVID-19 to weaponise their attacks. We need to double down on building cyber awareness, ongoing training and regular fire drills. Nobody planned for a pandemic, but we know enough now to plan for potential cyberattacks.
- Cloud Delivery, Software-Defined: One of the big challenges at the outset of COVID and the sudden shift to work-from-home, was delivering security at scale. The defining factors in where and how we work will likely change as a result of the pandemic, probably forever. You will see commercial office space abandoned, entire campuses barren of people. But the people will be working, and they will need secure remote access at all times. We have to look at cybersecurity modernisation as a vital investment in our organisations, as important as any other business function.
Legacy approaches to cybersecurity won’t work in a world changing as rapidly as it is now. COVID has been an instigator and accelerator of change, and organisations need to be able to adapt quickly as a core business capability. One of the lessons of COVID is to be prepared for anything. Another is that modern challenges require modern solutions.
In cybersecurity, modernisation means cloud-delivery, software-defined models, Zero Trust, cloud-based data loss protection, autonomous SOC, AI, machine learning, shared threat intelligence, and a platform model that eliminates unnecessary point products.
Business leaders would be wise to be conversant with these critical trends so they can ask the right questions of their cybersecurity teams and make sure their investments are maximally effective, for now and into the future.