With the development of the epidemic, the company’s chief information security officer needs to anticipate the growing demand for safe and intelligent self-service for employees working from home.
Today, some chief information security officers say that the coronavirus outbreak is disrupting its cybersecurity program and changing its priority. Although no one knows when the impact of the coronavirus epidemic will end, a clear understanding of this new normal is needed. The following are industry experts’ predictions of 10 changes in cybersecurity in the post-epidemic era:
1. Work from home (WFH) becomes the default mode
This is an obvious assumption, but data can be provided to prove it. According to ESG research, 79% of IT executives said that after the end of the coronavirus outbreak, their organization will implement a more flexible work-at-home strategy. In addition, the work-from-home strategy seems to be working well: 78% of people working remotely from home say that working from home is more productive or productivity has not diminished. In terms of increasing productivity and saving real estate costs, corporate employees working from home are clearly a good choice, and are pushing for more changes in security investments and priorities.
2. The network security boundary will die
A forum called Jericho, founded by a number of financial service institutions 20 years ago, proposed the idea of removing network boundaries. Although most security experts agree with this idea, the security of network boundaries is still a challenge, so network boundaries still exist and change slowly over time. Coronavirus outbreaks may eventually break the network security boundary. To support a more decentralized IT infrastructure, security controls will be moved to network endpoints (users, devices, applications, data, etc.) in large numbers. The good news is that a cloud-based management platform will make the architecture easier to expand and operate than in the past. So what is the new boundary? Users, devices and data.
3. Strengthen cloud security
Due to the spread of the coronavirus epidemic, many enterprises have accelerated the migration of workloads to cloud platforms because it is easier to manage cloud computing infrastructure than operating on-premises data center servers, networks, and storage devices. To keep up with the pace of development, the chief information security officer must strengthen the recruitment, training and skill development of his cloud computing security team. Many people know that public cloud is the infrastructure for network security control, integration of SD-WAN and security services. For security analysis, the same is true for the rapid migration of data and analysis engines to cloud platforms. Finally, the security management platform is moving towards the cloudy direction. The chief information security officer will need new skills to migrate data and tools and manage cloud computing subscriptions.
4. Mainstreaming of Attack Surface Management (ASM)
As users and assets become more dispersed and remote, corporate chief information security officers will need better ways to collect, process, and analyze data for cyber risk management. Since most employees are not aware of the risks of connecting to the network and will regularly discover things such as previously unknown devices, misconfigured servers, default passwords, partner connections, etc., these things should happen soon. Attack surface management (ASM) will evolve from employee management to enterprise needs. Suppliers like BitSight, Bugcrowd, CyCognito, Randori and others will benefit from this transformation.
5. Redouble efforts in policy management
After distributing all content, the chief information security officer will need to work with business managers to determine who performs operations from where, and then strengthen their security policies with a refined and dynamic rule set. After determining the policy, they will also need the help of the chief information officer to build the infrastructure for policy implementation and monitoring. For security technology, this is a huge opportunity, and those who do not build an intuitive, flexible and scalable policy management engine will be eliminated.
6. Identity verification management has been completely reformed
Distributed security control and policy management must be based on modern identity management infrastructure, not a patchwork of security measures adopted in the past 20 years. To simplify this migration, identity verification will soon be migrated to the cloud platform. This is good news for JumpCloud, Okta and Ping, but I believe cloud computing service providers like AWS, Google, VMware and Microsoft will also play an important role here.
7. Strengthen large-scale cyber threat intelligence
The coronavirus epidemic is a global opportunity for cyber attackers, leading to a series of new cyber frauds and attacks. To respond to this trend, companies need to be able to implement, analyze, and find threats on an unprecedented scale. This will be a growth opportunity for threat intelligence platforms and investigation tools (such as Anomali, King&Union, Palo Alto Networks, RecordedFuture, ThreatConnect, and ThreatQuotient) in the high-end market. Smaller companies may study in-depth threat intelligence services from companies such as Cisco, FireEye, IBM, and Secureworks.
8. Application of artificial intelligence and machine learning technology
The security team will need to learn more assets, more connections, more mobility and more threats at the same time. The business management department will promote the establishment of a permanent work from home (WFH) policy, which is an inevitable trend, and no security team in the world can keep up with the new reality without getting help. At present, people are accelerating the adoption of artificial intelligence and machine learning technology, and need to keep up with the speed of development as soon as possible. This is a broad opportunity, and companies like Devo, Google (Chronicle), IBM, Microsoft, SAS, and Splunk will play an important role.
9. Conduct serious safety training
Looking ahead, I believe that most organization employees need to have a security awareness because their compensation incentives or penalties are related to performance. Business managers will also be responsible for the education of their employees and will be punished if their team’s ignorance leads to a security breach. On the supply side, suppliers will need to design more comprehensive courses for corporate employees to supplement basic compliance training.
10. Strengthen security and IT operation cooperation
Setting up secure endpoints, cloud computing workloads, or network infrastructure will require enhanced security. In addition, the implementation and monitoring of security policies will need to be coordinated everywhere. In the past, security and IT operations teams had different goals, indicators, and compensation structures. With all of this in mind, companies may evaluate these teams based on common projects rather than decentralized goals. For suppliers like ExtraHop, Netscout, ServiceNow, and Tanium who have technology and experience in both fields, this should be good news. If security vendors want to keep pace, they will need to improve their IT operations capabilities.