Navigating IT Security in a Post-Pandemic World – How Enterprise Networks Are the Future of Business

By Brian Yelm, general manager at Cerberus Sentinel

The past two years seem to have thrown most organizations into cultural and IT management difficulties. From teaching individuals how to balance work and life while working from home, to businesses that have been forced to adopt remote work strategies that allow for travel, relocation or simply hours and hours. home access, there are new standards. Despite the fact that many organizations are pushing for a return to the office, research indicates that there may be some resistance to this from employees who much prefer life without commuting. Perhaps the most important lesson to be learned from this cultural work shift is to challenge the preconceived idea that you need a fully operational physical office to do business.

Where does that leave internal network security teams? Tech vendors lined up in 2020, promising to have the next flashing box that would keep everyone safe. However, if we’ve learned anything over the past two years, it’s that cyberattacks happen whether you operate in a physical location, or some/all of your teams are remote, and whether or not you have that box flashing. . As seen in the latest HubSpot and WatchGuard compromises, even the flashing box can be compromised. As if there weren’t enough to worry about before, new threat groups emerge all the time, like Lapsus$, and they wreak havoc with targeted cyberattacks. The good news is that people seem to understand the threat landscape a little better.

Across all industry verticals, business and industry leaders revealed that the pandemic has led to an acceleration in cultural awareness around cybersecurity. This accelerating progress is due in many ways to the increased number of workers transitioning to a work-from-home (WFH) environment. The fact that more people are working remotely or adopting a hybrid working approach means that companies have the opportunity to cultivate a comprehensive cybersecurity culture to protect their employees and their networks from a range of growing attack vectors. Indeed, the need for proper cybersecurity protocols has been properly emphasized after decades of relative neglect in favor of more material concerns, which now seem less important in today’s work climate.

Protect and Prioritize the Network

This strange season seems to have propelled many businesses into the 21st century as, finally, more awareness is being given to the critical need for network security, including endpoints. Endpoint security is now more critical than ever. In the past, cybersecurity was notoriously difficult to quantify from a financial point of view, for lack of a serious indicator capable of measuring the return on investment (ROI). However, for the most part, those days are behind us, as the culture shifts towards this new way of interacting, where businesses rely even more on their networks – for 24-hour connectivity, reliability and security, anywhere in the world. the world. world.

It’s important to remember that cybersecurity is a culture, not a product. Part of this culture is the realization that business really depends on the network running smoothly, and that includes network monitoring. When you consider the importance of corporate networks and the interconnectivity they provide, you can see that losing control of your network to attackers will most certainly be the downfall of any organization that does not implement major mitigating controls that support this new connectivity, such as Zero Trust Networking, 24-hour monitoring and response, and seriously updated access control policies and procedures. Don’t let it be yours.

Network downtime leads to lost business and network shortages can cause your business to shut down completely. Nothing spells downtime and shortages faster than ransomware. This further underscores how essential protecting your network is: people and assets are important, but the network is essential. If you don’t have that, your employees and assets can’t play their part – therefore, you don’t have a business.

How cultivating a culture of cybersecurity is key to future business

As a short-term solution to this problem, many companies very quickly expanded their network in non-traditional ways to meet the need for flexible working capacity for a large percentage of their workforce. While this may be a temporary fix, it’s important to note that there are clear security implications when doing something quickly, especially when it comes to corporate network structure. Now is the time to go back and design smarter and more secure solutions, perhaps accelerating digital transformation initiatives and having security engineers review them. So, if your company deployed hasty network expansion to keep employees working from home safe, your security team now needs to continuously monitor all IT assets and get deeply involved in digital transformation to improve and upgrade themselves in such a way that they can maintain safety in all aspects.

Business leaders need to ask themselves these simple questions: Did you play well? Has anyone overseen security at all stages of development? Did you hire a third party to provide network security after the fact? Have you done your due diligence to prove that your network is not only functional, but secure from every angle? Is any part of your environment currently excluded from security testing? (If so, you probably have issues that haven’t been resolved yet.) Once these questions have been adequately answered, you should add them to your traditional IT disciplines of capacity planning, availability, and , vulnerability management and all other aspects this side of the network divide.

New Considerations:

Now we need to start thinking about the other side of the network: disaster recovery and incident response planning. Availability management is often overlooked in the rush to get things up and running. Nobody takes the time to think about what happens if my main business application is overloaded or crashes. These networks don’t even need to shut down completely. Instead, they could be subject to a denial of service (DDoS) attack. Suddenly, the platform you depend on can no longer support your services and processes.

Do you have a comprehensive business continuity plan or network backups in place should something happen to your core networks? Are your backups accessible via the network? (If so, that makes them easy for attackers to choose.) Who will help you in the event of an attack? The fact that the network is the new heart of your business has serious connotations that many institutions have yet to begin to fully consider. As with anything cyber, it’s important to identify and close gaps quickly, as cybercriminals are notoriously opportunistic and will seek every opportunity possible to come between you and your network.

These are all considerations that need to be discussed and implemented as we embrace this brave new world of doing business from our spare bedrooms. Establishing a comprehensive contingency plan to minimize downtime is an important step in cultivating a culture of cybersecurity-aware workers.

To discuss your Business Continuity and Disaster Recovery (BCDR) or Incident Response (IR) plans – or to speak with someone about getting an objective gap assessment, please [REQUEST A CONSULTATION HERE].

Comments are closed.