A Changing World Requires a Changing View of Security
In the last few months, IT teams have delivered more solutions to remote working problems than ever before. What’s more, they have delivered them at tremendous pace, proving that when push comes to shove, you can make a sizable business decision and deliver it if you really need to.
As a consequence, digital transformation plans have accelerated and, according to AppDynamics, around three quarters of businesses are reportedly delivering transformation in weeks rather than the timetabled months and years they had planned. Had it not been for Covid-19, none of it would have happened.
A Proven Ability to Deliver
This needs to be applauded because for many IT functions, their ability to deliver has required working under intense pressure and scrutiny, delivering tasks and transformations they’ve never been asked to before, or certainly didn’t expect to deliver so soon.
The resulting solutions may not always have been perfect, but in the main they have succeeded in sustaining remote working and access to applications and kept transactions flowing. IT professionals have innovated on the fly to make the most of the infrastructure they had, or adopted new approaches learning on the fly. We’ve seen it across every industry we work in from finance and telco to gambling and retail.
However, such a reactive mode is not a state any one person or business wants to stay in for long. Being catapulted into the future has revealed cracks in terms of the infrastructure IT specialists have had to play with, and the extent of their skills.
This will pose new challenges for companies that want to move beyond the crisis and into a phase of planning. So much has to be decided first, such as will you keep the central city offices, or stick with the 15,000 home offices you now have? Big choices, financially and culturally.
Digital Transformation is Unstoppable
But no matter what you do, one thing is clear: digital transformation will continue. The solutions that have been implemented in haste will be refined, and then used as a springboard for more controlled strategic change. It’s progress.
But progress has to be managed and secured. All the time companies move more of their business into the cloud they open up risk. Firstly, they will be managing a greater load, which needs to be balanced, and secondly, they create bigger attack surfaces ripe for cyber-attacks.
It’s easy to think hackers’ activity will centre around sophisticated and highly orchestrated attacks. True enough these will and are happening, but hackers actually don’t need to try very hard to cause chaos. They know only too well the pressure infrastructure is under at the moment and will take their chance to exploit it. They can flood a network where load balancing is precarious, or they can find vulnerabilities to exploit.
Security is Paramount
Indeed, remote working and using VPNs is a gift to hackers. At the start of 2020, VPN security was being rapidly withdrawn by companies as multiple vulnerabilities, spanning Pulse Secure, Fortinet, Palo Alto Networks, and Citrix, were exploited by malicious actors and nation states alike. Companies had to respond either by patching or withdrawing.
But the problem has been resurrected in the last few months, as companies fought to roll-out home working at pace and on a larger scale. It’s really important then, that every company pays attention to this weak link. Patch, patch and patch again has to be the mantra.
Distributed Denial of Service attacks are high up on the list of threats right now. They always have been but every CISO has to be on high alert for attacks as the pandemic continues. Moving security hygiene further up the to do list has to be paramount or all the effort to innovate and progress will be wasted.
It really won’t take much to be breached. A DDoS attack can create large volumes of ‘garbage’ traffic to saturate the pipe and attack the intricacies of the VPN protocol. A flow as little as 1Mbps can knock a VPN service offline. No business will want to risk a breach that interferes with trading, nor can they afford any data exposure.
It’s therefore really important to look back at what has been achieved and fine tune the processes and solutions in play and adapt the associated risk models. Some companies won’t be able to think about this right now such is the urgency to keep the business operating. But they must return to it, or employ the skills to do an audit, before moving on to the more strategic implementations they’ve proven they are capable of delivering. It would be foolish to roll out anymore transformation with emphasis on access and usability yet neglect security.
The companies that ride this storm will be the ones that have the right technology, implementations, and skills in place. They will be the ones that deliver new operational models and innovate in ways their competition can’t.
Out maneuvering the virus, likely recessions and weakened consumer confidence will depend on it and with this will be an inherent need for trust and a demonstration that security is not just taken seriously but is fundamental.
Note: A version of this article first appeared in Capacity Magazine.