Assessing the New Normal for Cybersecurity
As work from home continues, cyberthreats related to the new normal will remain even post-pandemic
“Pandemic” was the word of the year, with runners up including quarantine, coronavirus and asymptomatic. They make sense, of course, but two phrases that should also be included in that list are “remote worker” (or work from home, take your pick) and “new normal.”
In the cybersecurity world, everything revolved the remote worker as soon as the pandemic hit the country hard. How do you connect them securely? How do you keep them from making mistakes that could lead to cyberthreats? The challenge was real, and it will continue to vex cybersecurity teams for a long time because, well, this is our new normal.
In a survey of 600 IT security professionals, conducted by Check Point, 47% of respondents said security for employees working remotely will be the leading challenge going into 2021, while 61% said it is going to a top priority for the next two years. And exactly half said that there will be no return to pre-pandemic cybersecurity norms.
“For many, the rapid changes they made to their networks and security infrastructures in response to the pandemic will be permanent,” Mark Ostrowski, head of engineering at Check Point, said in a formal statement. “Dealing with the impact of the pandemic on business operations, and ensuring they can continue to operate as efficiently and as securely as possible will be the biggest ongoing challenge for most enterprises.”
Where the New Normal Is
Organizations saw a major shift in cybersecurity in 2020. “Ninety-five percent of respondents said their strategies had changed in the second half of the year, the biggest being enabling remote working at scale,” the report stated. “This was followed by security education for employees; improving network security and threat prevention; expanded endpoint and mobile security, and rapid adoption of cloud technologies.” And for the majority, the response to the pandemic required unplanned reinventions to their cybersecurity business model, leaving little room to work on projects initially planned for 2020.
The most major shift that this pandemic has created for organizations in terms of cybersecurity is a change in their networks, said Maya Levine, technical marketing engineer – cloud security at Check Point. Because workers are connecting remotely, there became a need for distributed networks that rely on cloud deployments. The result is completely revoking the old cybersecurity mindset of what constitutes the perimeter.
“Imagine a physical line representing your network—when your workers are within the physical office boundaries, they can connect to the network,” Levine said. “Now workers need the ability to connect from their own homes—sometimes with personal laptops (endpoints) or mobile devices. This really increases the attack scope for a threat actor that wants to infiltrate an organization.”
Addressing Security Pandemic and Beyond
It is important to note that this pandemic has permanently shifted the working culture toward remote work, Levine added. “Many major companies have announced they will be moving to hybrid or fully remote models permanently. So, the problems of securing a spread-out workforce will not disappear when this pandemic is over.”
The cybersecurity solution to address this new work normal is to enforce threat prevention at all points of the network: mobile devices, endpoint and IoT devices.
“Prevention, as compared to detection, is a cybersecurity approach of blocking anything that is malicious,” Levine explained. “The most common approach currently is threat detection, where a security administrator is notified of a potential incident and must manually investigate or take action to block it.”
Organizations need a solution that can detect known attacks as well as new ones and then take action automatically. “I’d like to emphasize that automating prevention will be critical,” Levine added, “as 78% of organizations say they have a cyber skills shortage and 76% are struggling to recruit new cybersecurity talent.”
And the skills gap is one of the few things that won’t change in the new normal.
