The coronavirus pandemic is and remains the biggest challenge on many levels for people’s health, for the global economy and also for the security of companies. It is essential for IT managers to adapt to the effects of the pandemic in order to develop an appropriate strategy for greater resilience.
The lack of security resources of IT organizations, the rapid shift to cloud computing, compliance requirements and the rapid rise of threats such as “Frauds” or “Ransomware attacks” remain the most important current security challenges of 2022.
The fact that the pandemic is acting like a burning glass on any digitalization measures previously taken is both a curse and a blessing. Accelerated digitalization of business processes and the expansion of cloud computing are now revealing weaknesses in the chosen technologies.
The COVID-19 pandemic has required corporate security teams to take a close look at the security and operational tools provided by cloud providers. It has been and continues to be necessary to review them, define policies and evaluate remote access tools.
It is already becoming apparent that there will be massive disruptions in the security ecosystem. This will have a major impact on the industry and also on the requirements and responsibilities of the Chief Information Security Officer (CISO).
Action 1: Remember – ZTNA will replace VPN
Corona highlights the weaknesses of traditional VPNs in terms of IT security risks. The alternative is called Zero Trust Network Access (ZTNA). This technology enables your company to close the flank of remote access to applications if desired, as ZTNA is able to deny access to software from the Internet. It makes the applications invisible, so to speak, as ZTNA only corresponds with the ZTNA service provider. This means that this door is closed to attackers – as they can no longer see it.
Action 2: Increase your resilience with XDR
Find out how your company can increase the so-called “Extended Detection and Response – XDR -“. This is a new trend that is a direct response to the crisis. XDR collects data from various security protocols and compares them with each other. XDR thus accelerates the detection of multiple threats and can combine them into one threat. This gives you a time advantage. You can react faster. At this point, an XDR solution can save you two thirds of the time otherwise required.
Action 3: Your data protection should be centralized
Until now, data protection has been handled as part of the compliance department, sometimes by HR or even office management. This is dangerous because it can no longer be divided into silos. All areas of the company are affected.
Therefore, integrate data protection more strongly into your company – and it must also be known to all parts of the company as an important point. Make it a central element that should also have a major influence on your future corporate strategy.
Action 4: CISOs need new skills
We are in the biggest home office experiment of all time – as a result, threats that are not classic IT issues are on the rise. Frauds or phishing – people’s vulnerabilities are being targeted. It is these incidents in particular that are prompting companies to rethink their security concepts. Organizations that focus primarily on the security of their IT will find it difficult to respond to the new threats.
Diese Entwicklung verändert den Beruf des CISOs (Chief Information Security Officer). Er muss seine Kompetenzen erweitern und etablierte Silos einreißen. Er muss die nötigen Verbindungen zwischen den traditionell separierten Bereichen IT, Sicherheit und dem Business schaffen.
Action 5: Remember – SASE is becoming increasingly important
Another trend has emerged since coronavirus: cloud-based security services are more in demand than ever. This makes sense, as never before have companies worked from so many (home) offices. The Secure Access Service Edge (SASE) technology used here does not require a physical security system in a data center and enables companies to better protect employees working from home or remote colleagues.
Action 6: Automate security processes to take the pressure off people
The job market is currently full of applications for experienced CISOs, CSOs, security project managers and information security officers. It is foreseeable that demand will exceed supply. Process automation solutions, on the other hand, are available.
These solutions are able to automate tasks based on predefined rules and templates, thus significantly reducing the workload of the few security employees available. Security risk management managers should promote the use of such solutions internally. The direction of travel must be to eliminate repetitive tasks in order to free up more time for the actual tasks to make the company and the people who work there more secure.
Action 7: Use modern software solutions
Corona makes it clear to companies which security requirements now need to be digitized. When selecting your software solutions, bear in mind that solutions with a dynamic data model offer many advantages. With solutions of this type, all requirements can be organized and managed on a uniform database (e.g. IT baseline protection, information security, business continuity or data protection management).
