How COVID-19 Changed Cybersecurity
We’ll soon be moving into our third year of dealing with COVID-19, and businesses are settling into what could be a new normal of hybrid work. As the end of 2022 approaches, it’s a good time to take a closer look at just how the pandemic impacted cybersecurity and the lessons we’ve learned.
Endpoint security became a focal point for cybersecurity teams when companies closed their offices and told their employees to work from home. Where once IT and security teams had some visibility into the endpoints used for business purposes, COVID-19 turned endpoint security into a total free-for-all.
Pete Constantine, SVP of product management at Tanium, sat down with me at the recent Converge 22 conference, held in Austin, Texas, to discuss endpoint security, pandemic changes and whether or not we are in a new normal.
Security Boulevard: How did COVID-19 change the way you think about cybersecurity for endpoints, both in the short term and for the long game?
Pete Constantine: COVID-19 was an accelerator to a trend that was already occurring. Users in general were becoming more distributed and were spending less time in the office every year. When COVID-19 came along, it was a drastic shift. You had to presume your users and their devices were no longer operating within the four walls of your organization and your applications, tools, management couldn’t just work within your office. All of the things used to run your business now had to work from anywhere. Legacy approaches of VPN and connecting went away. You couldn’t scale them quickly enough.
This accelerated the move of business-critical applications to the cloud. The user was at home and remote and the applications were cloud hosted. The biggest change was on the endpoint. You’d usually go to the office for management and updates for endpoints, but that was now gone. Our customers already had a cloud-hosted system where they could manage their endpoints, but many organizations only had endpoint management tools that worked onsite in the office. Those organizations had to make a quick adjustment to how they managed and secured their endpoints.
SB: Now, as we move into a post-COVID-19 world, has the approach to cybersecurity shifted again? If so, in what ways?
PC: I think it just continued on the track it was on. The changes that we made are going to continue. They aren’t going to revert to their pre-pandemic state. People aren’t going back to the office the way we expected, however. This means that the attack surface we created—with the changes made so that everything is accessible anywhere at any time—is very large and will be perpetually so. We have to be able to assess anywhere/anytime at scale. We need to know what’s going on with devices. Things are going to continue to be very distributed and we have to continue to improve how we manage that broad attack surface.
SB: What are you seeing as the biggest threats? Do you think the pandemic has impacted the threats you’re seeing?
PC: What we don’t know is the biggest threat. There’s a lack of visibility, a lack of knowledge about what devices are in use for business. Do we have complete and accurate inventory? Have we remediated vulnerabilities? Are systems updated and running our chosen security software? My biggest concern is visibility. If we’re not accounting for 100% of devices, it’s just a matter of time before an attack happens.
The fact that these devices are everywhere makes it much harder to know if individual users were properly provisioned with their new device. There’s a lot of haziness to where these devices are and who is using them and that lack of visibility is really challenging. The unknown is the biggest threat.
SB: Do you think that COVID-19 has created a new normal for cybersecurity professionals?
PC: The world was already heading in a distributed, work-from-anywhere direction, and the pandemic accelerated it. It was the speed at which we did it that created challenges. I don’t like the term “new normal” because that makes you think something is bad. This is just normal. I’m not going back to an office. We’re going to continue working from hot spots and remotely. Yes, some companies are demanding their employees come back to the office, but I don’t see that actually happening. I think a huge percentage of the world is going to remain remote, and that’s going to continue to be the way cybersecurity professionals have to plan to operate.
SB: Hopefully we won’t see another pandemic, but what lessons have you learned should a situation come up that forces an unexpected shift in the workforce? How would you deal with something that forced you to redefine cybersecurity approaches?
PC: One thing I hope we learned is that this isn’t just about disaster recovery because there’s an outage at a facility. The risks we have to our businesses are broader. It’s the people, the processes, the locations. There’s a need to have plans, to have an assessment of what we’ll do if there’s another pandemic that allows us to continue to run our business, service our customers and keep our employees safe. I believe we learned–and only time will tell if we really did–we have to take a much broader view of risk. We have to plan for the unknown and learn to respond very quickly.
