As cybersecurity leaders are increasingly getting a handle on the first stage of the pandemic, CISOs are now shifting to anticipating how the business environment will be affected by new conditions. They are adapting to incorporate these expectations of the next normal into both current cybersecurity activities and long-term cyber-risk strategies. Organizations could emphasize the following cybersecurity initiatives:
1. Dynamic Security
Static, network-based security perimeters will no longer be sufficient. The security dynamic among users, assets, and resources must be the new focus. Define identity as a perimeter with scaled-up capabilities in identity and access management, privileged-access management, multifactor authentication (based on devices or biometrics), key management, and heuristics based on log-on behavior. For assets, consider a strategy using a software-defined perimeter and enhanced network segmentation (using logical micro-segmentation through next-generation firewalls). Protect end-point assets and utilize real-time anomaly detection with end-point-detection and -response systems. Protect data assets through enhanced block-mode data-loss-prevention tools and utilize a model of preapproved sites as a default for external access.
2. Cloud-Based Tools and Infrastructure
The need for greater agility and flexibility will accelerate the use of the cloud. Restrict localized data storage for the remote workforce and transform end-user infrastructure through increased adoption of virtual desktop and desktop as a service. Support the increasing shift to a multi-cloud environment and cloud-based services through access controls at points where policy is decided and enforced; implement a cloud-access-security broker.
3. ‘Contact Aware’ Workforce Privacy
Heightened security will require new agreements with employees. Factor in the implications of workforce privacy and employee consent to introduce contact-aware tools, such as contact tracing and temperature taking, in the workplace.
4. People Defense
Companies will need to extend their operational defenses as working from home becomes standard. Roll out insider-threat-detection programs and explicit policies for a safe remote workplace. These could include restricted remote printing and prohibited sharing of company devices with family members. In addition, companies could consider helping employees manage stress levels, offering support in the current circumstances. Protecting employees is not just a leadership imperative: it will also reduce vulnerabilities created by worker anxiety.
5. Remote Cybersecurity Operating Modeland Talent Strategy
The new ways of working will have implications across the enterprise. Rethink the cybersecurity operating model and continuity plans for physical-location-constrained operations, including automation opportunities. De-risk by design and further embed in application-development processes the principles and capabilities of DevSecOps – the linkage among development, security, and operations. Use the imperative of remote working as an opportunity to gain access to a broader pool of cybersecurity talent where there is an existing gap in local talent pools.
Secure The Customer Journey Through the Shift to Digital Business
Customers should be offered a secure and seamless digital experience – especially first-time users or those who are not tech savvy. As customers demand greater choice in their interactions with companies and expect greater digital availability, cybersecurity teams can add value by helping their institutions reimagine the secure customer journey. Several cybersecurity levers should be prioritized here:
1. Frictionless Customer-Security Experience
Advance capabilities on customer-identity and -access management, including the use of a single customer identity across all digital channels and of omnichannel authentication.
2. At Scale
Test cybersecurity controls (such as log-on controls, bot mitigation, network security, and firewalls) and monitoring to understand whether they can continue to perform at scale. Determine whether there is adequate redundancy in high-volume environments without adverse impact on user experience.
3. Privacy by Design
Treat customers as partners in security, involving them in an education and awareness campaign.
4. Advanced Analytics
Integrate security in fraud controls and vice versa. Feed security data (including log-on, device-binding, and jailbroken-device information) to heuristic risk-model engines that can improve authentication or stop a fraudulent transaction.
In the next normal, cybersecurity will be embedded into new processes and technologies as a strategic imperative rather than as an afterthought. It is therefore more important than ever that cybersecurity leaders understand the ongoing changes in how their business is creating value. With such understanding, these leaders can dynamically modify priorities to reflect new business requirements, opportunities, and constraints.
These tips are just a small part of the measures that it takes to ensure a solid cybersecurity plan for your entire organization. Optimizing your cybersecurity means years of savings down the line, not only in terms of time and money but also in terms of safety from emotional distress.
Make the smart move. ClinkIT Solutions can help you build a customized cybersecurity program and protect your tech infrastructure. Learn more about how ClinkIT Solutions can Secure, Optimize, and Synchronize (S.O.S.) your business cybersecurity through certified CISO (Chief Information Security Officer) services. Get started today.