On our fifth installment of our Remote Work Readiness Series, Rapid7 taps security leaders to explore how to maintain business continuity in a changing security landscape. From vulnerability management to vendor reliability, join us for insight into best practices that accommodate crisis management—and which security trends are here to stay, beyond COVID-19.
Observing industry trends, rethinking business needs
When many first began working from home several months ago, the security landscape became all but unrecognizable overnight. While vulnerability management changed, core security objectives remained the same. The challenge for security teams became how to adapt to a remote work environment where everyone feels safe and secure.
Of the industries hardest hit, two clear standouts emerge: education and healthcare. Since kids couldn’t be in the classroom, working parents struggled to adjust to homeschooling. As colleges and universities shifted to online learning, professors were forced to adapt to Zoom courses. Given the present uncertainty about how (or whether) schools would reopen in the fall, security leaders expect digital ed tech is here to stay.
It’s obvious healthcare workers are especially stressed, and the industry itself is undergoing tremendous change. Recent months have seen a drastic rise in telehealth requests, as clinicians seek to reduce the potential exposure from home visits. Telemedicine poses security and legal challenges, and practitioners must find ways to remain HIPAA-compliant while continuing to provide quality care remotely. IT teams in healthcare are working to establish a secure flow of information so as to protect electronic medical records. This means finding capable, supportive vendors, and vetting personnel to ensure they can handle sensitive patient data.
Shifting security priorities: Communication, connectivity, and vulnerability management
Whatever your industry, communication remains integral to security functions. Team leaders note the importance of finding ways to communicate faster with companies—particularly when it comes to aligning strategic objectives with your organization. Top priorities have changed. Consider stepping up internal and external communications, as well as distributing pertinent educational content and resources through relevant channels. This may include teaching end users about security malpractice or conditional access policies.
Security teams no longer have control over where workers normally log in, and must attempt to protect home Wi-Fi networks. Initiatives focus around improving remote access, ensuring employees receive proper connectivity, sufficient bandwidth to support streaming services and webinars, and an overall seamless VPN experience.
The unprecedented change in everyday employee behavior impacts basic risk models. IT must remain nimble to respond to these shifts. Automating vulnerability management assists in strengthening a remote work posture while alleviating strain on human resources. Aim for a consistent playbook—ideally one that implements multi-factor authentication and encourages awareness of common threats, such as phishing emails.
Looking ahead: Perimeters, cloud migration, and vendor relationships
On the whole, cybersecurity practitioners anticipate COVID-19 will affect businesses for years. Even after business restrictions lift, we can expect to see more people working from home, as employers grow increasingly comfortable with managing remote teams. Historically, organizations devoted resources to securing their perimeter. Now, with corporate devices and personal devices sitting side-by-side, companies must go where employees go, doing what they can to keep home networks from becoming compromised.
Security insiders also expect reliance on SaaS and cloud based technologies will increase. This comes as no surprise to IT professionals, who have long supported cloud migration. How they think about the journey toward the cloud may not change, but with the rapid implementation of cloud services, it’s now pivotal for security teams to run programs and controls that support companies moving toward the cloud.
Finally, it’s worth noting that in recent months, security teams have come to lean on vendors with a problem-solving mentality. In periods of uncertainty, a quick and timely response lets you know there’s someone on the other side who cares. The best vendors understand that priorities have shifted and are eager to find accommodations going forward. Leaders advise that great customer service will continue to shine.
Listen to the full webcast
Thank you to our leaders for taking the time to chat with Tom, and share their latest cybersecurity findings. You can listen to the full webcast here, and join us for the next and final installment of our Remote Work Readiness Series, where we’ll discuss how to maintain your security posture as the world begins to reopen.