As companies extend commitments to remote workforces, cybersecurity teams need to address new risks while helping create business value in the next normal.
As the COVID-19 pandemic swept across the world, most organizations made a quick transition to a remote workforce and a more intense focus on serving customers through digital channels. This created a rapid surge in demand for digital capabilities, products, and services. Cybersecurity teams, for their part, were largely successful in taking on a dual mission of supporting business continuity and protecting the enterprise and its customers.
The digital response to the COVID-19 crisis has also created new security vulnerabilities. Attackers seek to exploit the gaps opened when telecommuting employees use insecure devices and networks. Threat actors also use known attack techniques to exploit people’s COVID-19-related fears. For example, Google tallied more than 18 million malware and phishing emails related to the novel coronavirus on its service each day in April. It also reported identifying more than a dozen government-backed groups using COVID-19 themes for these attempts.
The COVID-19 pandemic and the efforts to contain it have had serious economic and business consequences. These are affecting core dimensions of the business environment, from digital strategies to operational and enterprise risk appetite. Supply-chain configuration and business interactions with regulators are likewise being reshaped, as are the ways we think about the very nature of work. A McKinsey survey of digital sentiment revealed that most employees who are now telecommuting do not expect to return to the workplace soon. Seventy percent of those responding believe that the ability to continue telecommuting will factor into their next job choice.2 Customers express similar sentiments: 75 percent of respondents using digital channels as a result of the COVID-19 crisis say that they will continue to do so.
Chief information-security officers (CISOs) and cybersecurity teams will need to approach the next horizon of business with a dual mindset. They must first address the new risks arising from the shift to a remote digital working environment, securing the required technology. They will also need to anticipate the next normal—how their workforce, customers, supply chain, channel partners, and sector peers will work together—so that they may appropriately engage and embed security by design. The new context of changing customer and employee behavior and a constantly shifting threat landscape must also be considered.
The pandemic response has underscored the vital role that security plays in enabling remote operations, both during and after a crisis. As companies reimagine their processes and redesign architecture amid the COVID-19 response, cybersecurity teams are being perceived anew. They must no longer be seen as a barrier to growth but rather become recognized as strategic partners in technology and business decision making.