Many security projects—no matter how important—fade away, either due to budget limitations, scarce resources or lack of prioritization. However, the sudden shift to remote work due to the COVID-19 pandemic has pushed many of these initiatives to the forefront, and they are now gaining traction that should outlast the pandemic.
This experience has opened up distinct opportunities for a new and more aggressive type of cyber attack that is interested in damaging or slowing business more so than the traditional goal of scamming money. Therefore, now is a much more critical time to harden the security of our systems.
- Migration to the cloud. Managing a company and remote employees is much easier and more secure from the cloud, as many organizations have had to learn sooner than intended. Any good reasoning to put off the migration has been eliminated.
- Securing the supply chain. Most IT/security teams worry about the security of supply chains, as they should. Hackers have long used third parties as the entry point into larger, data-rich companies, and with all the companies connected along the supply chain, the risk grows greater. Now is the time to strengthen requirements.
- Identity and access management. There has been an increase in the need to authenticate and verify employees working from home, to ensure they have access to the applications and systems they need to keep the business operating.
- Efficiency and consolidation. With the effects of the pandemic on the economy, we will see a focus on efficiencies. The gap between operation and security teams will quickly shrink as organizations remove the lack of efficiency that causes risk where an exposure has been identified, but can’t be fixed using the same tool. The consolidation of cybersecurity tools that can both identify the risk and mitigate it, such as FortifyData, will become critical.
- Patch management. The challenge of patch management is more difficult to do remotely even with the importance of doing so increasing. The pandemic has removed any justification for procrastinating. It is the time to come up with an improved and comprehensive patch management strategy.
- Security awareness and cyber hygiene. Unfortunately, many companies have failed on this aspect, reluctant to spend dollars on training employees and establishing good habits. Now that employees are working remotely, the importance of both is undeniable. Expect these to include access management and security awareness.
- Cyber threat monitoring. While many current cyber criminals are leveraging the pandemic, it is likely that some of the novel approaches hackers have attempted will stick around once the pandemic has passed. A greater percentage of the workforce may remain remote, so security will need to be more vigilant around threat monitoring and unauthorized access on networks.
The pandemic may be causing cyber security initiatives to rise to the top of the priority list, but the need to pursue these initiatives will remain long after. Organizations need to take this time to prioritize a meaningful investment in cyber security that will continue to protect them once the world shifts to the post-pandemic normal.