As the rapid transition to remote working as a result of lockdown measures has proven, necessity really is the mother of invention.
Practically overnight, businesses that might otherwise have dragged their feet over digital transformation were forced to reinvent the ways in which they work and communicate – and that involved a newfound dependence on cloud-based applications.
“The pandemic put new fuel into the cloud adoption engine. Resistance to change evaporated overnight and now all business applications are in the cloud,” Nico Fischbach, CTO at cybersecurity firm Forcepoint, told TechRadar Pro.
“It’s funny – macro events are much more forceful than any board of directors…and now [due to the pandemic] the Internet has become your corporate environment.”
However, while the acceleration of technology trends can be considered one of the very few positives to come out of the pandemic, the pace with which businesses were forced to innovate inevitably carries a level of risk.
Remote working security
Under the new remote working regime, enterprise security perimeters expanded by magnitudes almost instantaneously, posing an unprecedented challenge for cybersecurity teams.
The introduction of new endpoints to the corporate network – as a result of bring your own device (BYOD) initiatives – the use of unauthorized communications tools and an influx of phishing attacks are all headaches that have grown more acute since the pandemic began.
“It’s not just bring your own device (BYOD), it’s now bring your own shared device,” Fischbach points out. “Employees are working with company data on devices also used by their children and partners – and that device is likely to be completely unmanaged.”
Further, understanding precisely where business data is held and how it is being used by employees has become far more difficult. Liberated from the watchful eye of the IT department, staff are inclined to take shortcuts (such as transferring data via USB devices or sending information using personal email accounts) that could jeopardise the security of sensitive data.
Pivoting to new modes of operation, according to Fischbach, could prove a significant challenge for security teams, who were for the most part totally blindsided by the transition to remote working.
“For the last decade [security teams] have only been looking at a pyramid of security and everything inside was trusted – their task was only to build more walls around it. Now, the way you have to be wired is very different.”
“It takes a mindset change, understanding and experience to readjust and visualise how the flows of communication and data have changed. Whether teams are equipped to do that remains to be seen.”
And if these issues weren’t enough to deprive security teams of well-earned sleep, Fischbach also believes the most resourceful cybercriminals may have used this period of turbulence to sow the seeds of future attacks.
“The more organised bad guys – think nation state or well-funded groups – could be using the noise created by the scramble to change network architecture to compromise environments without detection,” he said.
“[These hackers] could fly under the radar and create a pivot point inside organisations that they can use at a later date. I’m pretty sure this has happened.”