COVID-19 pandemic has changed cybersecurity utterly
There’s no doubt IT and by extension, cybersecurity has been utterly transformed in the wake of the COVID-19 pandemic. More people may soon be returning to the office. However, it’s also clear many more will be working from home more frequently than ever.
At the same time, some global regions are still in the midst of combatting the pandemic, while others are preparing for a possible second wave. It’s quite probable there may even be another wave of shutdowns in the U.S. as a resurgence of the pandemic forces many states to reevaluate their current containment strategies.
A survey of more than 270 cybersecurity professionals published this week by the host of the Black Hat Conference finds 80% of respondents said they believe the pandemic will lead to significant changes in cybersecurity operations. Only 15% said they believe cybersecurity operations and threat flow will return to normal once the COVID-19 pandemic subsides.
Nearly 95% of security professionals also said they believe the COVID-19 crisis increases the threat to enterprise systems and data, with 24% saying that increased threat is both critical and imminent. Reports just this week surfaced concerning how cybercriminals are, not surprisingly, targeting employees working from home.
More than 70% of the cybersecurity professionals surveyed by Black Hat said they are worried that quarantined workers might break policy and expose enterprise systems and data to new risks. Two-thirds (66%) also expressed concerns about the vulnerability of the systems and networks used by quarantined workers, while nearly as many (64%) fear a likely increase of attacks by adversaries taking advantage of the crisis.
Of course, employees are not the only ones trying to figure out how to work from home. Most cybersecurity teams are navigating the same challenges. It’s likely over time a much greater percentage of the tools cybersecurity professionals rely on to manage cybersecurity will be moving to the cloud as a result. After all, cloud-based applications are accessible from anywhere and are typically easier to employ than an on-premises application being accessed across a virtual private network (VPNs).
In fact, a global survey of 750 IT professionals conducted by the market research firm Vanson Bourne on behalf of Barracuda Networks finds many organizations are moving away from VPNs to embrace software-defined wide area networks (SD-WANs) that scale better to access distributed cloud applications. The survey finds 51% of respondents are either in the process of deploying or expecting to deploy one within the next 12 months. Just under a quarter (23%) have already deployed an SD-WAN.
In many ways, the current crisis is merely accelerating IT transitions that were well underway prior to the pandemic. The challenge is cybersecurity professionals are being required to dynamically define and implement cybersecurity policies as the IT environment transforms before their very eyes. By the time cybersecurity teams craft a policy or rule, the IT environment has expanded to include either yet another cloud service or unmanaged endpoint that previously never existed on the network.
There’s no doubt most cybersecurity teams have risen to the current cybersecurity challenges at hand. However, it may very well turn out that the real work is just beginning.