Earlier this year, companies faced massive disruption in their workflows as the UK went into lockdown. Suddenly, everything that had been ‘normal' - from the daily commute to eating out - was off the cards, and everybody had to adapt to a more remote way of life. For some departments, the change was relatively simple - just grab a laptop and go - but for others, there are a host of challenges in the new normal.
Security is a specialised and important job. These teams are tasked with protecting organisations from external and internal threats of all types, and the job is difficult and stressful at the best of times. The last six months have not been the best of times.
Computing research shows a sharp rise in cyber incidents since lockdown began, with nearly half of IT leaders (47 per cent) reporting an increase. The perimeter of nearly every organisation has widened far beyond head office, to wherever employees happen to be based, but many organisations hadn't planned for that scenario - and even those that had hadn't anticipated it on such a large scale.
Home is where the risk is
Three-quarters of organisations say that more than half of staff are working from home, and more than four in five (86 per cent) expect the trend to continue after lockdown. Thus, the easy-to-implement, short-term solutions organisations used to manage security at the start of lockdown will need to be re-evaluated to ensure they are suitable for long-term use.
The vast majority of organisations are already using strict password policies, VPNs and multi-factor authentication to protect their remote workforce; but with remote work set to become the new normal - especially as the prospect of a second lockdown looms - investment in more involved tools is set to rise.
Asked about tools or measures to protect their remote staff over the next 12 months, almost a third of IT leaders (30 per cent) said they would look at cloud-based security tools, which are a great help with the digital, dispersed perimeters modern organisations have to protect.
Cloud-based security tools allow IT teams - who face the difficult task of securing the new infrastructure - to monitor and protect devices off-domain. Think of it in the same way as SaaS: solutions that don't require any extra on-premises hardware or software, and are always up to date with the newest patches and definitions. Yes, you're handing over a lot of your security to an external company, but in reality, these firms have more expertise and resources than any firm whose core competencies are not in security.
Sharing the load
In the same question, we asked about security automation: currently only used by one-fifth of organisations (21 per cent). However, expect to see a sharp rise over the next 12 months, with more than a quarter (26 per cent) of respondents expressing an interest in the area.
Automated security tools use pre-set definitions to detect and respond to threats without human intervention. More advanced tools incorporate machine learning to learn from threats already encountered. Their main strength is in freeing security teams up from handling routing tasks like false positives, allowing them to focus on more detailed, specialist work.
Cloud-based and automated security often go hand-in-hand, so these tools can benefit from real-time threat definitions.
Security sprawl has created complexity for security management, opening organisations up to significant risk. Most security innovations over the past decade have focused on identifying and reacting to individual attacks; little work has focused on hardening infrastructure itself, or using the infrastructure to better protect an organisation.
The way forward is an intrinsic security approach that combines detecting and responding to threats, in addition to hardening infrastructure.