By Alain Sanchez, EMEA CISO and Senior Evangelist at Fortinet
Every new year brings new possibilities. Businesses take the time to evaluate strategies for staying successful, new ways to meet customer expectations, and – most importantly – opportunities to enhance their security.
It’s easy to define 2020 as “The Year the IT Landscape Changed,” but that only tells half the story. The shift to largely remote business environments meant adding new applications to the IT stack, securing new endpoints, and shifting legacy technologies to the cloud when possible. Often, this meant delaying new product lines or services. 2021, however, looks to be “The Year of IT Security Maturity.” Now that companies are returning to a new normal, they can refocus their cybersecurity strategies to align with new business objectives and hybrid workforce models.
Organizations with employees who mostly worked in corporate offices tended to rely on firewalls to protect against cyber threats. But amid the widespread shift to remote work, many organizations invested in VPNs to mitigate the same risks. In these cases, security teams dealt with a nearly “all or nothing” approach. A hybrid workforce impacts this approach in three significant ways.
Most organizations are now fairly well-versed in the needs of a remote workforce. But with some employees moving back to office environments, even while others work from home, these same companies will need to focus on maturing their cybersecurity protections accordingly. Where 2020 was a rebuilding year, 2021 is a growth year.
The hybrid work model brings together traditional controls and remote work security protections in new ways. First, organizations must consider the different types of users that they will need to keep secure.
Building out a robust cybersecurity plan for a hybrid workforce starts by identifying user types and establishing controls that protect the systems, networks, software, and data they need for their jobs.
As part of a hybrid workplace cybersecurity strategy, organizations should also think about ways to better enforce authorization and authentication policies. For example, multi-factor authentication makes it more difficult for a cybercriminal to compromise user accounts and passwords in a credential theft attack.
With employees accessing cloud resources from traditional or home offices, corporate networks must be flexible and fast. A slow network reduces productivity and frustrates employees. To mitigate potential issues, organizations must deploy a solution that provides high-performance bandwidth and better secures the IT stack. SD-WAN offers the answer to both of these problems in the following ways:
The hybrid workforce relies on cloud resources that, in turn, depend on connectivity. As part of maturing their cybersecurity posture, organizations must think about going beyond traditional network controls. This involves thinking about their networks as the “new” office where employees collaborate, no matter where they are physically located. An SD-WAN solution helps apply the same types of security to these virtual offices as what security guards do for physical office locations.
Employees are an organization’s most significant security asset. With the right training, these individuals can more effectively spot social engineering attacks, thereby reducing the likelihood of a ransomware attack. Creating a culture of security starts with awareness and builds on the knowledge of end-users so they can apply the information to new situations. A practical solution meets employees where they are in their security journey, then reinforces their skills.
Creating a culture of security is a commitment. However, cybercriminals won’t stop looking to exploit human nature after the pandemic. Employee awareness may be the single most important investment organizations make as they mature their cybersecurity posture in 2021. While companies can’t always control what their employees do, they can give them the tools they need to make secure decisions.
Companies that embrace change are the ones most likely to remain financially stable. Creating a culture of security and establishing a new, updated cybersecurity strategy is critical for organizations with hybrid workforce models. This means implementing the tools needed to help advance business and security objectives, from multi-factor authentication to SD-WAN. In turn, these solutions will also enable businesses to be more productive.
The workforce will likely never look the same as it did before COVID-19, but by building cybersecurity into their business goals, organizations can better keep pace with the ever-changing “new normal.”