The pandemic has put a spotlight on cybersecurity issues as businesses have moved to a distributed workforce model. Many businesses found it difficult to move with agility to provide employees with the devices and network infrastructure needed to operate and communicate seamlessly when Covid-19 first hit.
In fact, according to NTT’s 2020 Intelligent Workplace Report--Shaping Employee Experiences for a World Transformed -- in many cases, employees have been left to use their personal devices and applications, increasing the risk of security vulnerabilities. Additionally, only 46.4% of global businesses surveyed for the same report claimed they increased their IT security capabilities to keep their organisation and employees secure.
The rise in nefarious threats during the pandemic is clearly outlined in NTT’s Global Threat Intelligence report as hackers seek to exploit the coronavirus-related panic. Attacks have included information-stealing malware built into a fake World Health Organization (WHO) information app, while phishing emails have offered in-demand items including face masks, hand sanitizer and Coronavirus tests. These were so bad that the World Health Organization (WHO) called it an “infodemic.”
Secure by design approach crucial for businesses to protect themselves
Unfortunately, just like the Covid-19 virus itself, cybercriminals and spies aren’t becoming fatigued by its impact on our personal and professional freedoms and prospects, as many of us are. Threat actors and organisations are opportunistic and both well-organised and funded enough to ramp up their nefarious activities despite the current worldwide crisis.
This has, in turn, spawned renewed acknowledgement of the importance of security being embedded in all aspects of organisations’ technology estates. Whether applications and workloads are running on-premises or in a public or private cloud and, irrespective of whether people are working from home, the office, or remotely, infrastructure needs to be inherently secure by design and entrenched into every aspect of a business’s environment. Security cannot be ‘bolted on’ as an afterthought because it impacts both the customer and employee experience.
Perhaps many organisations have not embedded security in their work environment because they see security as a hindrance and not a driver of digital enablement. A cultural mindset shift needs to happen. Security helps businesses to deliver transformational technology that enables the best user experience. And it is intrinsically linked to the protection of employee data.
Digital transformation with SASE
At NTT, we predict in our ‘Future Disrupted: 2021’ report that the concept of ‘secure access service edge’ (SASE), a term coined by Gartner, is going to be a mainstream trend in the next 12 months. SASE focuses on achieving the best end-user experience in an increasingly SaaS and software-defined network paradigm, securing APIs and capitalizing on ‘as-a-service’ scenarios such as firewall-as-a-service or CASB-as-a-service.
To start with SASE, businesses will need to truly assess what, and which assets, they need to protect, where distributed workloads are running, how their business consumes applications and ensure infrastructure is fit for purpose:
- Assess what, and which assets businesses need to protect: To start, businesses should look at data protection. They’ll need to pinpoint exactly what they absolutely have to protect and decipher what is ‘crown jewels’ data and information versus what’s not. Then they can return to the basics: good operations hygiene and due diligence
- Understand where various workloads are running: This will mean businesses should look at implementing appropriate firewalls and micro-segmentation
- Consider applications and how they’re being consumed: Importantly, businesses should ask themselves how these consumption trends tie back to the platform strategy and related end-user/customer and end-point protocols and how are they interacting with various workloads and applications
- ‘Dust-off’ existing network and application security strategies: Businesses should ensure that their security strategies are still fit-for-purpose. This will likely include making decisions about their path to SD-WAN adoption
Ultimately, businesses must ensure that cybersecurity protects internal operations and employee data, as well as its customers. Today, this means that simply buying ‘point’ security is no longer a viable approach – it needs to be baked into system design.
Businesses must increasingly focus on ensuring that cybersecurity is an enabler, not a hindrance, to digital transformation and use the right frameworks and partnerships within the ecosystem to do so. There is no more important time than now for the industry to come together to mount a powerful defence against an ever-mounting and ever-evolving cyber threat.
Matt Gyde is the president and chief executive officer, security division at NTT. The views in this article are his own.