The COVID-19 pandemic drove the formation of a “new normal” that saw organizations shift the majority of, if not their entire, workforce to a remote work model. While moving employees to a telework model typically involves long-term IT planning and preparation, this situation simply did not allow for anything less than the rapid adoption of new strategies. In fact, between March and April of this year, the number of employed Americans working from home doubled to 62%.
By Jonathan Nguyen-Duy, Vice President, Global Field CISO Team at Fortinet
At the same time, cybercriminals have taken every opportunity to take advantage of the new security gaps arising from a wide variety of issues, such as new work locations and more devices. From creating emails that appear to come from the World Health Organization (WHO) to sending fake messages alleging payment issues that need to be resolved, threat actors are feeling extremely confident about their ability to exploit networks.
Adapting to Full-Time Remote Work Models
Worldwide, business continuity has been top of mind as the pandemic continues to impact all facets of life. Fortinet’s 2020 Remote Workforce Cybersecurity Report investigated how global enterprises handled this rapid shift to telework, as well as their plans for supporting and securing remote work environments moving forward.
Comprising those involved in the purchase or planning decision-making for cybersecurity, networking, financial planning, remote working, facilities, and human resources, the data we gathered in this study provided key insight into just how prepared organizations were for this pandemic, both in terms of general technology and cybersecurity.
By understanding how other organizations reacted, CISOs can establish a well-informed plan for cybersecurity budgeting and selecting secure telework solutions. Among responses from participants, who spanned 17 different countries and nearly all industries and public sectors, the following trends came to light.
Enterprises Will Invest More in Secure Telework Moving Forward
The Fortinet study also found that approximately 60% of enterprises plan to spend more than $250,000 in secure telework investments over the next 24 months as a direct result of the pandemic. While these investments were not initially planned for, securing remote work has quickly become a top priority for organizations.
Areas that respondents plan to upgrade include VPN (55%) and network access control (55%), among others. In terms of new investments, respondents noted multi-factor authentication (30%), secure telephony/unified communications (27%), and software-defined wide-area networking (SD-WAN) for both enterprise facilities (26%) and employees’ homes (26%) as top priorities.
As they seek to secure their remote workforce, CISOs should take care to understand the tools that they already have in their arsenal so they can ensure a wise investment, whether it be upgrades or new technologies. When adopting new solutions, they must consider a wide array of threats their employees could face while working from home, whether it be a phishing email or a vulnerable website.
Telework May Remain a Permanent Fixture for Many Organizations
Since the start of the pandemic, approximately two-thirds of firms have transitioned more than half of their workforces to telework. And for many, this strategy will stay in place for the foreseeable future. According to a recent study by Harvard University and the University of Illinois, more than a third of firms that had employees switch to remote work believe it will remain in effect (in some form) even after the COVID-19 crisis ends. For some companies, that may be full-time, while others may implement policies such as having employees work two or three days in the office and the rest at home. For CISOs, this insight should help inform long-term strategies for securing remote work, as traditional methods for keeping in-office devices and networks protected no longer fully apply. To ensure business continuity and secure operations, CISOs must now assume that telework is a standard part of their operations.
Breaches and Breach Attempts are Increasing Across Organizations
Considering the rapid rate at which cybercriminals have developed new attacks, it comes as no surprise that 60% of survey respondents noted an increase in attempts to breach their networks.
As CISOs establish plans for both their current and future remote workforces, they must keep in mind the constant potential for breaches. In addition to investing in the right technologies, these leaders must also prioritize cybersecurity awareness among their employees through training opportunities and regular updates about phishing emails, malware, and other threats that have increased in recent months.
CISOs Can Secure Remote Work with the Right Technology
The insights gathered through this study should help lay the groundwork for CISOs as they look to support new remote work strategies. When working on expanding secure remote access, organizations should consider the following technologies:
- Multifactor authentication: While critical, VPNs do not address the inherent security issues associated with username/password logins on a variety of applications or databases. By requiring their employees to use multifactor authentication to access critical information and applications, CISOs can manage the risks of that weak or compromised passwords.
- Network Access Control: By deploying an advanced network access control product, CISOs can ensure that all users are authenticated, and devices are inspected as they connect to the network – enabling validation and monitoring of all requests for network access. In addition to providing visibility across all connections to the network, these solutions also ensure constant network monitoring to help mitigate suspicious events.
- Endpoint Detection and Response: Securing endpoints is more important than ever because most home networks are highly vulnerable. Endpoint detection and response (EDR) tools can help secure remote user devices without hindering productivity. They proactively reduce the attack surface, prevent infection by malware, detect and block malicious activity right on the spot, and automate procedures for response and remediation.
While not many could have expected the global impact of the COVID-19 pandemic, leaders, including CISOs, are still responsible for maintaining operations and safeguarding information, all the while delivering business outcomes and enhanced user experiences. By taking the time to prepare for a long-term, or even permanent, shift to telework, organizations can ensure overall resiliency and security.
About the Author
Jonathan Nguyen-Duy is vice president, global field CISO team at Fortinet. He has a unique global government and commercial experience with a deep understanding of threats, technology, compliance, and business issues. Nguyen-Duy holds a BA in International Economics and an MBA in IT Marketing and International Business from the George Washington University.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.