3 cyber security lessons learned from the pandemic

Protecting a company with only remotely working employees and their devices at this scale and speed has never been done before. Now, we do it every day. Learn from the 3 cyber security lessons we learned from the pandemic.Cybersecurity professionals are always ready to adapt. Our role is focused on potential risk and the ability to respond instantly to new threats and events that could put our organizations and their people at risk. There is always a need for a tremendous amount of preparation and planning, with a clear process and playbook to execute or a foundational capability to fall back on in any scenario.But in March 2020, the world faced a scenario beyond anything we had seen before. Enterprises were forced to move from reasonably well-defined enterprise infrastructures within office buildings to a wide range of remote individual users connecting from countless access points around the world. From a cybersecurity standpoint, the technology already existed; remote employees have existed for years, as have the cybersecurity measures to keep them protected. The challenge was to deliver this protection at unprecedented scale and speed while maintaining cybersecurity best practices.One year after the pandemic, there are many lessons we have learned. Here are the top 3 cyber security lessons that have had the greatest impact on the new normal of cybersecurity:

1. In a crisis, cyber resilience is a business-critical factor.

The pandemic ignited an explosion of digital transformation. Instant pivots to remote operations meant driving technology investments in cloud, connectivity, automation and innovation that might have taken months or years to implement in normal times. As the world began to rely on these new digital capabilities, new risks and challenges were introduced. Organizations that were well equipped to extend visibility and control to this new way of working found themselves in a much better position than those that were struggling to completely redesign their security capabilities. Those that had built a skilled and proactive security team, backed by robust processes and supported by effective technology, were able to adapt and overcome the situation. Organizations that locked themselves into a rigid operating model, were overly reliant on vendor platforms or lacked a defined set of processes to support their new reality, struggled to keep pace.In a Capgemini study conducted in partnership with Forrester in late 2020, 75% of all organizations surveyed said they are increasing their cybersecurity budgets due to COVID-19, and 68% are specifically investing in cyber resilience. Many of these companies are within industries that were heavily impacted by the pandemic, including manufacturing, automotive, life sciences, energy and utilities.

2. Define the new perimeter

Since the pandemic began, we have seen an increased emphasis and shift toward zero trust and security access service edge (SASE) principles. With robust identity and access management capabilities, information about services and APIs, and visibility into remote endpoint devices, security teams can position themselves for fast and effective responses, even within this unique virtual environment. Access to sensitive and confidential data is the new perimeter of an organization's cybersecurity posture. Managing that access tightly through the right security technology capabilities and processes, with clear visibility into who has access to what information, through what avenues, and how/when they access it, has become a top priority, and will remain so for the foreseeable future.

3. Awareness and education have never been more important.

COVID-19 has changed the cyber landscape now and likely in the future, with an evolving set of risks and challenges. With so many employees now outside the office walls, internal risks are one of the areas receiving the most attention. Not only is it harder for a security team to keep a close eye on intentional threats, but well-intentioned employees far from the corporate office may circumvent controls or best practices just to do their jobs. To combat this, organizations must activate thorough, relatable and frequent touch points to drive cyber awareness among their employees. Showing team members how adversaries operate, helping them recognize and understand the risks, and training them to be the first line of defense to stop these intruders at the first opportunity can go a long way toward reducing incidental and unintended impact. While cyber awareness and education may have been overlooked by some in years past, they are at the forefront of every program's strategy in the new normal of cybersecurity.

How to move forward

Businesses have undergone tremendous change since March 2020. Fortunately, the core principles and fundamentals of cybersecurity remain the same: cohesively bring people, processes and technology together to drive effective operations and mitigate risk. Organizations must make the necessary investments to defend themselves and put plans in place to prepare for any future disruptions. As we look back over the past year, it is important to recognize the new ways in which our roles and functions have evolved. Going forward, we can use these changes to our advantage in protecting our businesses, both physical offices and the global and extended footprints of remote team members.Learn about our solutions to protect your company: browser isolation, web app isolation and the digital vault.Read more about this: Source