A perspective on how enterprises transitioned workers with cybersecurity challenges, threatened infrastructure and business continuity.
By Mike Riemer, Pulse Secure, Global Chief Security Architect
The future of work has always been a subject of keen interest for the C-suite when strategically planning for capital investments. As technologies, such as VPNs and collaborative cloud applications, have made it possible for employees to work remotely in greater numbers, the idea of a more diverse and remote workforce has gained considerable popularity, even in such industries as manufacturing, where onsite workers have always been the norm. However, when COVID-19 hit, it pushed millions of Americans into make-shift home offices in March of 2020. The general feeling at first was this was a temporary trend that was, at best, going to be a huge struggle.
The fact is, while most organizations did struggle to rejigger their corporate network architecture and ramp up their security technologies to accommodate the vast WFH, many have seen positive trends from this shift, including increased productivity. Secondly, after a period of roughly 15 to 30 days, most organizations were able to leverage their security vendors and IT departments to provide the robust security and WFH tools to help their employees more securely work from home, according to a recent survey entitled 2020 Remote Work-From-Home Cybersecurity Report. Conducted by Cybersecurity Insiders and commissioned by Pulse Secure, the report surveyed 400+ security decision makers in May of 2020, to ascertain attitudes, challenges and benefits of working from home.
The upshot? 84% percent of businesses reported they will continue to increase work from home capabilities in the future. Here is why…
The First 15-30 Days:
When the COVID-19 edicts to shelter in place first took place in March 2020, many organizations scrambled to get their employees set up in home offices and, as such, a third of the survey respondents cited their businesses were “…ill prepared or not prepared” for remote working. However, 75% said they were able to transition to remote working facilities within 15 days, with (54%) citing they successfully expanded capacity to fully support the expanded workforce in seven days or less.
The most difficult challenge that organizations had to overcome was a general awareness of how to operate a large remote workforce — securely and without the threat of security breaches. As such, the study found that nearly 60% of IT decision makers were uncertain of the right way to plan for a mass WFH force, with most respondents expressing low user awareness training. Not surprisingly, 56% reported that insecure home and public WIFI were among the greatest challenges, followed by the fear of sensitive data being breeched.
The first two weeks in March also saw a rise in attack vectors – with cybercriminals taking advantage of the tumultuous pandemic situation. More than 70% of survey respondents reported an increase malware, with additional breaches such as phishing and unauthorized user device access plaguing their organizations. One of the major reasons for these attacks was that many employees were using personal devices, which caused a large increase in phishing and other cyber-attacks. Nearly three-quarters of organizations allowed access from personal, unmanaged devices to support work from home – a significant security risk.
Not surprisingly, respondents reported that they expected budgets for remote workforce 55% security to increase over the next 12 months.
Security and Zero Trust for a Large WFH Workforce:
Despite some initial problems in the first few weeks of the COVID-19 “shelter-in-place” orders, organizations were able to harness their IT teams and security vendors to get their remote employees in shape with the increased use of anti-virus and malware protection, firewalls and multifactor authentication. Organizations found they needed a more robust endpoint security strategy in place. This meant adopting more rigorous Zero Trust policies to provide better secure access for homebound employees. Zero Trust architecture requires users and devices to prove their identities — and trustworthiness — before accessing a network. Before the outbreak of coronavirus in January of 2020, another study reported that attitudes toward Zero Trust were improving, but just a few months later, organizations started looking to Zero Trust as a way to fortify their remote workers.
Migration to Cloud/Collaboration Apps
Two-thirds of organizations also saw that remote work environments had an impact on their compliance posture. As most industries today must comply with internal and regulatory compliance from GDPR, PCI and others, study respondents reported investing more in online tools such as Salesforce, HR IT tools and others that offered a greater emphasis on collaboration for their newly dispersed workforces. These tools offered a better balance of productivity and security that can help with compliance.
According to an upcoming Enterprise Management Associates “Application Delivery Infrastructure for Cloud-Forward Enterprises” report, 40% of organizations are increasing their application infrastructure to support increased WFH workloads. Additionally, 35% of organizations have invested in more automation, and have added more public cloud services to support COVID-19 WFH transition.
Secure access is about as much as productivity as it is about protection – without one, you cannot have the other. COVID-19 has been a forcing factor in forever changing the work landscape into a much larger remote workforce for multitude of industries – including manufacturing. What organizations are seeing now, more than ever, is that security policies need to be bolstered in order for employees to be able to work more safely and securely with endpoint, secure access and Zero Trust a part of their IT security strategies.