In March when businesses enforced a work-from-home policy because of the pandemic, many probably thought the move would last a few weeks or so. Well, here we are, in the heat of the summer or depth of winter, depending on your hemisphere, and some businesses are still working remotely, while others have made the return to the office. Regardless of where you are working from today, businesses are moving from a reaction to the pandemic to looking to the future and how to support a workforce that is forever changed.
When the sudden shift to remote work took place, cybersecurity teams were in a reactive mode, laser-focused on dealing with tactical activities to keep businesses operational and safe. Tactically, cybersecurity teams were concerned with VPN licenses – did they have enough under the enterprise license agreement (ELA) or did they even have VPN licenses? Did employees have access to cloud storage or was local storage the norm and now that local storage was on an employee’s dining room table, if employees did not have a laptop to use for remote work would they be connected to the corporate network on the family tablet that was used for video streaming and pre-school lessons? These were problems most cybersecurity professionals probably never imagined.
With the initial chaos of providing business continuity over, we wanted to check the pulse of cybersecurity professionals to see what they were most concerned with as we move to a time of return and recovery. Our suspicion was that cybersecurity professionals have moved through the crisis curve, from purely reacting to the crisis to understanding the business and technology impacts.
We ran a LinkedIn poll from August 5 – 12, 2020, asking “What's the biggest security concern within your organization with employees working remotely?”
Our answer choices:
- Phishing scams
- VPN connectivity at scale
- Ransomware
- Prioritization of security investments
293 cybersecurity professionals responded:
- Phishing scams – 24%
- VPN connectivity at scale – 37%
- Ransomware – 11%
- Prioritization of security investments – 28%
The results are in line with how organizations move through the crisis curve from react and respond to understanding the business and technology impacts.
Our poll shows that VPN connectivity at scale is still a concern, however, as ELAs are refined and hardware constraints are removed, VPN concerns should subside.
The more interesting number is that 28% of our poll respondents identified “prioritization of security investments” as a top concern. This tells us that investment in cybersecurity is a top issue and concern for organizations.
As we move through the crisis curve to understand business and technology impacts, understanding how cybersecurity is viewed in an organization and how investments in technology should be made are critical.
This interest in prioritization of security investments shows that businesses understand the critical nature of cybersecurity to business continuity, adaptability, and resilience. Moving through the crisis curve typically puts some amount of scrutiny on spending, however, we are seeing that spending on security, while still being managed, is a priority.
While 2020 will historically be remembered as the COVID pandemic year, it will also be remembered as the year cybersecurity went from being a technology problem to a business issue. From here forward, digital transformation initiatives will be led with a security-first mindset. After all, helping to protect the business is our primary goal.