COVID-19 has dissolved the four walls of enterprises and radically changed how businesses operate across the globe, forcing their employees to adapt to new working models. This journey to a ‘new normal’ has certainly not been an easy one.
IT teams scrambled to make changes overnight and extend their organisation’s digital assets, including applications and networks, to cater for a remote workforce. This immediate and unplanned shift disproportionately increased organisations’ attack surface, as the endpoints and data traffic flows moved beyond the secured fencing of the physical facility and IT infrastructure. And according to the WHO, there has already been a five-fold increase in cyberattacks during the pandemic.
“As cybercriminals leverage the disruption brought about by the pandemic, various government agencies have reported a multi-fold increase in cyber-attacks.”
The Ministry of Electronics and Information Technology (MeITY) recently revealed that India faced almost seven lakh cyberattacks between January and August this year. This figure is double the number of incidents reported in the year 2019.
Keeping these growing risks in mind, the Government of India has envisioned the National Cyber Security Strategy 2020, which will focus on all areas of cybersecurity through its three key pillars – secure, strengthen and synergise.
Furthermore, the Government of India has initiated the set-up of the National Cyber Coordination Centre (NCCC) to generate awareness on potential threats from the dark web and cyber security risks.
As such, it is imperative for enterprises to comprehend the need for enhanced security strategies. While the WFH model is here to stay, both involuntarily and as an accepted operational practice, CISOs are placing a robust cybersecurity model at the heart of all decision making, while redefining their security architecture to adjust with this new shift.
Adapting a risk-based framework
Though cybersecurity has been stirring conversations and several relevant advisories have been issued on how to adopt a secure WFH model, the need for global security is to support this large-scale, unplanned digitisation with more mature and sustainable operational models.
“To mitigate the risks from sophisticated cyberattacks, it is imperative that instead of an ad-hoc requirement driven approach, organisations adopt a comprehensive and practical risk-based framework, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework to define and execute their cybersecurity strategy.”
Such industry frameworks offer extensive guidance, based on existing standards, guidelines, and practices for organisations to better manage and reduce cybersecurity risk. They also foster the awareness on risk and cybersecurity management processes among both internal and external stakeholders. In the process, areas of improvement are identified for strengthening the existing processes and controls and implementing new ones.
The convergence of personal and official workspaces clearly illustrates the challenges faced by most CIOs and CISOs. While an industry framework can set the roadmap for reducing risk and reaching the desired security state, organisations need to adopt an agile security model that can help them implement the framework.
This model will also simplify workflow and support the business at every stage of security planning for their distributed workforce, while presenting a layered security model across the domains of cybersecurity. For instance, a Zero Trust Architecture based access offers employees precision access to the enterprise assets across the public cloud and hybrid data centres.
MSSPs are central to securely connecting the distributed workforce
“As work from home becomes business as usual and technology facilitates every single interaction in the business sphere, globally and locally, a Managed Security Service Provider (MSSP) will be critical for organisations to spin up their security strategy for the new normal.”
Integrated MSSPs, who draw on best practices from industry-leading frameworks, such as NIST Cybersecurity Framework and Zero-Trust Architecture, can help align an organisation’s security requirements to the framework’s core.
With businesses looking to future-proof themselves to effectively function in the post-COVID environment, MSSPs will become indispensable, especially when it comes to managing enterprise risk and implementing agile cybersecurity models.