With Covid-19 raging on and work from home orders in place now and into the foreseeable future, an organisation’s security posture continues to be challenged. This is due to several factors:
- Employees are using their home Wi-Fi connections to the public internet to enter the corporate network.
- Employees may be using personal devices in addition to company-owned devices to complete work-related tasks.
- The network must accommodate more collaboration and resource-intensive voice and video traffic than it had before the pandemic.
- IT resources are stretched, as admins must be responsible for managing a growing roster of users, endpoints, services, and applications.
- Cybercriminals have stepped up the scale and sophistication of their attacks to exploit weaknesses in the network.
Indeed, the corporate network is more vulnerable than ever. To defend the enterprise against cyberthreats, the first step is understanding the organisation’s current security posture, by gaining complete visibility of all users, devices, applications, and networks in use by the enterprise, along with all of their associated security settings.
More Devices, More Apps
Whether or not an organisation has a BYOD (Bring Your Own Device) policy in place, many employees working from home will still be using non-corporate owned devices for work, most likely a personal laptop to access a web-based app. Other devices in the home office include a Wi-Fi router and perhaps even a printer/scanner. A router’s software, known as firmware, does not automatically update with security patches, presenting itself as a vulnerability to the corporate network.
Further, employees and teams may be relying on more SaaS-delivered apps than ever before to carry out work—and share company data. According to the Wall Street Journal, the average number of software apps deployed by large companies is 129, with 10% of all companies having over 200 apps in use. As such, cloud app security is more important than ever, and measures can be taken to ensure that only authorised users have access. This can be achieved by restricting access via a firewall or web content filter; for those with authorised access, security can be further strengthened with MFA (multi-factor authentication).
The Challenges of Cybersecurity in the time of covid-19
The proliferation of new endpoints, home routers, and app usage has increased the attack surface and has challenged IT teams to keep up with the growing threat landscape.
A Simplified Cybersecurity Experience for the world facing Covid-19
However, while employees may understand the need for increased security measures, their ability to complete their work must also not be affected or compromised in any way. To do this, many enterprises simply keep adding security point products to their security architecture hoping that one or more may work.
For instance, a layered security or “defence in depth” strategy, in which multiple security products, some of which may overlap, is utilised to strengthen the overall security posture. Tests on latency or lag must be performed to see if they affect the organisation’s critical applications.
Automated network security measures may be hard at work in the background, too, though they do need oversight by security professionals. Network automation, network access control, or behaviour analytics solutions use algorithms to detect behaviours and automatically make adjustments (i.e., restricting access) as needed, but false positives do occur.
More than ever before, organisations of all sizes need to adopt a different mindset towards remote work, mobility, and a new set of tools and services. The purpose of this would be for the business to sustain growth while protecting the brand name, while also minimising financial and reputational damage and enhancing secure collaboration via more simplified business management.
READ MORE about how your enterprise can stay more secure in the times during and after the pandemic.