When 2020 began, many companies were engaged in or at least considering digital transformation. The COVID-19 pandemic and overnight shift to entire organizations working remotely from home as we struggle to contain the spread of the virus changed everything. Digital transformation went from aspirational to imperative—and from a methodical, long term strategy to an immediate implementation—in the blink of an eye. Highwire PR hosted a virtual panel discussion this week to talk about how tech companies responded to the pandemic, and what it means for the future of work as we know it.
Digital transformation was already well on its way to changing the way we work forever when COVID-19 burst onto the scene and accelerated the timeline. Endpoints have moved off centralized networks and people are now working on residential networks from their home offices, kitchen tables and living rooms — and the bad guys are taking advantage. The point of the panel discussion was to discuss emerging threats and cyber risks in the wake of the surge in remote workers, share critical strategies to mitigate these challenges, and look ahead to consider what the “new normal” looks like for the future of work.
Sam Whitmore of Sam Whitmore’s Media Survey moderated the discussion with a panel comprised of Mor Levi, VP of Global Security Services at Cybereason, Jadee Hanson, CIO of Code42, Dan Conrad, field strategist for One Identity, and Maha Pula, VP of Solutions Engineering at Akamai.
Sam started things by asking the panel how the COVID-19 pandemic has changed their view of the future of work. Dan said that, based on the reality within One Identity, he went into this with the idea that everyone was reasonably ready to do this. When he started engaging with customers, however, he quickly discovered that he was sadly mistaken.
Jadee said that Code 42 experienced some challenges, but that overall they consider themselves lucky with how they’ve been able to respond internally. The applications they rely on are almost entirely cloud-based, and all Code 42 employees are able to work remotely. That said, they are looking at challenges such as loss of network visibility, and a shift in how they envision and implement security and data protection.
The conversation shifted to the question of, “What are companies not thinking about that they should be thinking about?” Mor shared that she believes that companies are not yet taking seriously the impact of the things they’ve lost that they previously took for granted—things as basic as the office infrastructure. With users now connecting from personal home networks, it is theoretically much easier for attackers.
Maha explained that companies need to think more about what happens now. She noted that companies did what they had to do when the COVID-19 pandemic hit—locking down, sheltering in place, and working from home, and doing what needed to be done to try and operate as effectively and efficiently as they had previously. As the dust has begun to settle, though, these organizations need to consider what that looks like for the long term. How do you deliver equipment or troubleshoot issues for remote users? How do you address network bandwidth for home users?
The panel touched on the fact that this was initially more of a disaster response. It was viewed as a short-term shift, like responding to a hurricane. More than four months later, and with no indication that things will improve significantly in the United States any time soon, organizations have had to adjust their thinking and planning to consider this from the perspective of an indefinite situation. Many organizations have discovered that workers are as productive or more so with the current arrangement, and they are considering adopting this remote workforce strategy permanently.
The panelists agreed that there has been a rise in phishing, ransomware, and business email compromise attacks as attackers look for ways to exploit the chaos and vastly expanded attack surface. Organizations are looking for ways to extend visibility and endpoint protection across this new environment, but it is impractical and untenable to think that the company can secure and protect every employee’s home network. As a result, the panelists noted that there has been a significant shift in the focus of cybersecurity efforts—embracing the concept that the end user is the new perimeter, and moving to more data protection, behavioral analytics, and zero trust security concepts. Blocking and prevention have always been a bit Quixotic, but it is almost literally impossible in this new normal, so the better approach is to focus on detection and response.
Sam pointed out that it is unlikely things will ever “go back” to the way they were. The proverbial boats have been burned and the only way is forward. He posed the question of what organizations should be budgeting for in 2021 (and beyond). He asked, “If everyone could bump up their IT budget by 20% to solve these problems, what should they invest in?”
Dan said that he believes education is key—and that organizations need to do whatever they can to enable users. He suggested that they should invest in analytics to understand how people are working from home and identify what they need to be able to do their jobs better. He also said that existing processes and policies were not developed with this scenario in mind, and that companies should look more closely at whether processes and policies make sense or need to be updated.
Mor stressed that companies should spread their investment across the “holy triangle”—investing a little in people, processes, and technology. She also cautioned that the lack of clear separation between work and personal life and being constantly connected adds stress, and that companies need to pay attention to the mental and emotional welfare of employees to avoid burnout.
The COVID-19 pandemic is not a hurricane or earthquake. It is not a moment-in-time disaster that passes through and organizations can weather by adjusting how they operate for a week or two. It has been nearly five months and in many areas, things are getting worse rather than better. For organizations to function at all, they need to consider these questions and ensure their workers have the information and tools they need to get their jobs done from where they are.
The businesses that remain competitive—or even thrive—will be the ones that embrace the new normal and adapt. With the right strategy, it is possible to address and minimize the challenges of a fully remote workforce, while taking advantage of the unique opportunities and advantages it offers. It remains to be seen what the “new normal” will be, but I guarantee that the “old normal” is dead and it is not coming back.