We are online more than ever… if that was even possible. From work and school to birthday parties and happy hours. Every household is testing the limits of their bandwidth. But with all this additional time we spend online, have we stopped to think about the security of our devices and the tools we use every day? The answer, barring a numbered few, is likely no.
So we took a moment to ask our CISO Myke Lyons his thoughts on the cybersecurity impact of Covid-19.
Prior to coronavirus, how would you describe the global state of cybersecurity?
Earlier this year, the state of online security was in flux because companies have been rapidly moving to the cloud and to SaaS specifically. There has been a push to move faster and faster — and that requires a new way of thinking. In reality, there are no businesses that are not in the cloud. Organizations were asking for considerably more security requirements of their SaaS vendors than they themselves were required to do and it was moving at a slower pace.
How has that changed with the global pandemic?
In the past several weeks, there’s been a shift in urgency toward security — from something we have to do to this is something we have to do right now, whether we are ready for it or not. The digital economy is increasing massively and maybe not every organization is ready for that level of adoption.
From a security standpoint, there are vulnerabilities that aren’t always top of the list to address at a small scale, but as you grow they become serious issues. As companies scale up their digital presence, they will have to move faster than they planned for and the risk is that security is one step behind. It may be tempting to sacrifice security for usability in the short term, but it won’t be worth it in the long run when you step into a mess.
We also have to educate our staff much better because we are all under new emotional stresses and that causes people to react in ways they normally wouldn’t. We lost the “water cooler” security control.
What does it mean to you for an organization to be “secure” in an ideal world?
There’s an old adage, like, what’s a secure computer? Well, a secure computer is one that’s broken and buried six feet under the ground in a bunker… but that’s not 100% relevant here.
Security for an organization is contextual. A data technology company is going to have different security requirements than a finance company and different requirements than a government contractor. We all have our own priorities, but we need to start thinking that every company is a technology company. Even large retailers might employ people in stores to greet you and help you, but at the end of the day, they are a technology company and need the appropriate tools to keep all their data secure. Secure companies are where all the smart people they employ work together to collectively build and focus on securing the organization.
What is the biggest impact you see coming out of the global health crisis for security?
Most organizations adapted to these changes a lot faster than they thought they would or even could. But with that came some security compromises. We know there are better ways to manage and secure our employees and their systems.
Most people function a three or four-factor component (phone, computer, self and for some, a tablet.) These tools we need to do our jobs, create a unique digital identity for each individual which can be used to authenticate access to the company’s systems. This concept, called “zero trust,” essentially uses your digital profile to recognize that you are who you say you are. This is a big change we’re going to see coming and it will allow companies to authenticate their employees from anywhere and it’s security where once a day you’ll have to jump through that hoop that’s on fire, but that’s it and the rest of the day you’re “in” and you can do your job.
Do you feel people/organizations are taking security more seriously, now?
I don’t know if they are taking security more seriously, but now people are thinking about their day a little differently. Even as simple as Zoom requiring a password and having to take the extra step to share it, or even thinking about what’s behind you… literally. Everyone is more aware of what is going on around them.
It will be interesting to see, in the coming weeks and months, how we all respond to the new challenges in front of us. One thing that is clear is that cybersecurity is moving from the shadows to take a front seat in our daily lives.