The [pandemic] accelerated and concentrated forces, such as the move to remote working and adoption of cloud services, that were already in motion
Steve Durbin, Managing Director of the ISF
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.
To call 2020 a rough year for enterprise cybersecurity teams would be something of an understatement.
The COVID-19 pandemic and the newly distributed workforce that it engendered upended security strategies and forced a rethink of approaches to securing remote workers and supply chains at many companies.
Security teams that had implemented controls for managing remote workers suddenly had to contend with a magnitudes-fold increase in the number of users they had to support this way. With more users accessing enterprise systems and data from their homes, attack surfaces increased dramatically. Enterprise security teams found themselves scrambling to implement new controls to manage threats due to their increased risk exposure.
Nonsecurity Events Can Have a Big Impact on Security
The COVID-19 pandemic is a striking example of how not all events that have a big impact on cybersecurity are security-related. The rapid and massive shift to remote work prompted by the pandemic forced all kinds of change on information security groups.
IT and security leaders had to refocus efforts around securing remote work practices, ensuring supply chains remain secure and rolling out tailored security awareness campaigns and training to combat the sudden flood of phishing scams related to COVID-19, says Steve Durbin, managing director of the Information Security Forum (ISF).
“The [pandemic] accelerated and concentrated forces, such as the move to remote working and adoption of cloud services, that were already in motion,” he says.
The pandemic shows why companies with a global footprint need to have a plan to deal with a global-scale crisis, says Oliver Tavakoli, CTO at Vectra.