Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

The Impact of the Pandemic on Today’s Approach to Cybersecurity

Security practitioners must figure out how to enable a secure and resilient anywhere workforce to reduce risk

Security practitioners must figure out how to enable a secure and resilient anywhere workforce to reduce risk

While digitalization and cloud transformation were already part of most organization’s long-term strategy, the COVID-19 pandemic not only accelerated but permanently transformed the cybersecurity landscape by ushering in a new work from anywhere era.

To support the sudden shift to remote working, many companies had to adopt a “move first, plan later” approach and leave their network-centric security bubble behind that allowed IT teams to own and control most of the network. Ultimately, punching holes in existing security controls in the name of business continuity created vulnerabilities and exposed many organizations to increased risks. Cyber adversaries capitalized on the rapidly changing environment by intensifying their attacks and targeting the weakest link in the attack chain – the remote worker. This led to a 141 percent year-over-year increase in volume of data breached.

As it’s become clear that remote/hybrid work is here to stay, IT security practitioners must figure out how to enable a secure and resilient anywhere workforce to minimize their future risk exposure.

As organizations continue to navigate the uncertainties of the pandemic era, the one thing we know for certain is that we are not going back to the previous state. In fact, a recent WeWork study found that 96 percent of organizations are willing to offer employees a flexible work schedule, which is quite a significant shift from pre-pandemic levels. Companies are now embracing remote work since fears about the transition to work from anywhere were not realized. The opposite was true – organizations and individuals saw benefits that they’d be hard pressed to give up now that they have successfully adapted their new work cultures.

The Challenges Ahead

While improvements in productivity, employee satisfaction, recruitment, and cost savings make it unlikely that businesses will ever return to a fully campus-based work model, the work from anywhere era is putting a strain on many IT and security teams: 

The dilution of the traditional security perimeter requires a new approach to cybersecurity, whereby organizations must ensure the entire workforce has seamless connectivity and a seamless user experience, and at the same time implement consistent security policies no matter where employees are connecting from.

As employees shift between corporate and off-corporate networks, IT teams will be challenged with inconsistent visibility and control, which in turn impacts their ability to diagnose and remediate end user issues. Furthermore, the common “trust but verify” approach that was centered on the belief that organizations can inherently trust entities inside their perimeters, is no longer applicable in a work from anywhere environment and instead requires constant verification of all access requests to connect to the organization’s systems before granting access.

CISO Forum - Virtual Event

Another challenge for IT teams lies in assuring that users are guaranteed consistent and good quality experiences no matter where they are. Employees want their technology to work, and they don’t care what happens in the backend as long as they can reliably and consistently access the resources they need. 

Enabling a Secure, Resilient Anywhere Workforce 

As companies think through their long-term IT and security strategies in this new work from anywhere era, they need to consider the following focus areas:

• Always-On Visibility and Control – Organizations should deploy technology that allows for a higher level of visibility when users work from anywhere, ensuring a consistent experience regardless of location. Ultimately, you cannot remediate what you cannot see. Gaining uninterrupted visibility of all your employees’ endpoints, applications, data, and/or network connectivity – even if off your corporate network – is vital to establishing baselines and are needed to harden system configurations. 

• Resilient Endpoints – As the work from anywhere approach is putting a heavy emphasis on the availability and security of endpoints that are the main productivity tool and access point to corporate resources, organizations need to assure that the devices as well as all installed mission-critical applications are functioning at all times. Thus, making each endpoint resilient (and intelligent) is paramount to supporting and securing your anywhere workforce and goes far beyond the self-healing cybersecurity systems you might have read about. 

• Resilient Zero Trust Network Access – To enable a secure and productive work from anywhere environment, it is vital to extend the concept of resilience beyond the endpoint and include network connectivity and critical applications as they’re providing the necessary means for employees to get their job done. In this context, Zero Trust Network Access (ZTNA) is a vital foundation to establish a Secure Access Services Edge (SASE) paradigm, which requires the network to establish trust with an endpoint device that is constantly on the move and accessing a mix of corporate assets in the cloud, on-premises, or in a data center using a host of Wi-Fi and cellular networks that aren’t necessarily owned by the organization. 

• Consistent End User Experience – Besides IT manageability and core security aspects, organizations need to focus on the remote worker itself and assure they have the insights and visibility from endpoint to network edge impacting the user experience, including device issues (e.g., outdated OS systems, hard drive capacity), home office Wi-Fi and network issues, VPN tunnel performance issues, and problems with the applications itself (e.g., due to software decay, collision, or malicious activity), allowing IT to quickly identify the root cause and remediate the issues.

Overnight, remote work evolved from a rarely used ‘perk’ with separately managed security and compliance processes, to becoming the center of the working experience. In turn, organizations need to take a hard look at their long-term strategy to support this new work from anywhere era. Ultimately, they have to balance the need for security, visibility and control, as well as high availability with a positive end user experience. Emerging technologies that deal with endpoint resilience as well as secure and continuous network access are a good foundation when adapting to the new work environment.

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...