Strategies to Ensure Cybersecurity Aligns with 2021 Business Objectives

By Alain Sanchez, EMEA CISO and Senior Evangelist at Fortinet

Every new year brings new possibilities. Businesses take the time to evaluate strategies for staying successful, new ways to meet customer expectations, and – most importantly – opportunities to enhance their security.

It’s easy to define 2020 as “The Year the IT Landscape Changed,” but that only tells half the story. The shift to largely remote business environments meant adding new applications to the IT stack, securing new endpoints, and shifting legacy technologies to the cloud when possible. Often, this meant delaying new product lines or services. 2021, however, looks to be “The Year of IT Security Maturity.” Now that companies are returning to a new normal, they can refocus their cybersecurity strategies to align with new business objectives and hybrid workforce models.   

3 Challenges of the Hybrid Workforce

Organizations with employees who mostly worked in corporate offices tended to rely on firewalls to protect against cyber threats. But amid the widespread shift to remote work, many organizations invested in VPNs to mitigate the same risks. In these cases, security teams dealt with a nearly “all or nothing” approach. A hybrid workforce impacts this approach in three significant ways. 

1. The evolution of identity management: Identity has long been considered the perimeter that will protect corporate data from unauthorized users, whether they be cybercriminals or former employees. But considering the influx of new devices and Software-as-a-Service-based (SaaS) applications being accessed by users daily, this philosophy is no longer enough to protect critical information. As business models shift and workforces become more hybrid, security teams will need to implement strategies that can keep up. 
   
2. Constantly changing connectivity needs: While SaaS applications help workers connect with resources and collaborate, they can also slow down corporate networks. With a hybrid workforce, optimizing connectivity becomes even more difficult. When dealing with a mostly on-premises workforce, organizations can easily determine their bandwidth usage and plan accordingly. But with a hybrid workforce, these connectivity needs are continually changing as workers shift between in-office and remote environments. With this in mind, organizations must deploy solutions that optimize resources as effectively as possible while still ensuring security. 
   
3. Managing the human element: Regardless of whether organizations operate on an in-office, remote, or hybrid business model, their employees will always be the first and last lines of defense. According to Interpol, approximately two-thirds of member countries reported a significant increase in COVID-19 phishing scams. And with news of vaccines, many cybercriminals may look to double-down on these scams in 2021. With a hybrid workforce, organizations can no longer rely solely on corporate network security. Instead, they must find a way to prepare employees to play an active role in keeping data secure. 

Developing a Cybersecurity Strategy for 2021

Most organizations are now fairly well-versed in the needs of a remote workforce. But with some employees moving back to office environments, even while others work from home, these same companies will need to focus on maturing their cybersecurity protections accordingly. Where 2020 was a rebuilding year, 2021 is a growth year. 

Start with your people as the foundation for your security strategy

The hybrid work model brings together traditional controls and remote work security protections in new ways. First, organizations must consider the different types of users that they will need to keep secure. 

• General users: These individuals require secure connections to cloud resources so they can collaborate with their peers.
• Power users: These individuals require a secure wireless connection to access sensitive networks and data without placing the company at risk.
• Super users: These individuals require a secure network connection and enhanced identity verification since malicious actors often strive to use their elevated privileges as part of a credential theft attack.

Building out a robust cybersecurity plan for a hybrid workforce starts by identifying user types and establishing controls that protect the systems, networks, software, and data they need for their jobs. 

As part of a hybrid workplace cybersecurity strategy, organizations should also think about ways to better enforce authorization and authentication policies. For example, multi-factor authentication makes it more difficult for a cybercriminal to compromise user accounts and passwords in a credential theft attack. 

Upgrade your connectivity as part of a strategic cybersecurity plan

With employees accessing cloud resources from traditional or home offices, corporate networks must be flexible and fast. A slow network reduces productivity and frustrates employees. To mitigate potential issues, organizations must deploy a solution that provides high-performance bandwidth and better secures the IT stack. SD-WAN offers the answer to both of these problems in the following ways: 

• Prioritize business-critical traffic: Facilitating critical applications through SD-WAN offers reliable, high-performance connections that boost employee productivity.
• Secure connections: Secure SD-WAN builds security directly into the connection with firewalls and VPN functions, but they can also include additional features such as encryption, IPS, AV, and sandboxing. 
• Centralize orchestration: With a SD-WAN solution on their side, security teams can consolidate essential functions into a single location to save time and respond more rapidly to business demands.

The hybrid workforce relies on cloud resources that, in turn, depend on connectivity. As part of maturing their cybersecurity posture, organizations must think about going beyond traditional network controls. This involves thinking about their networks as the “new” office where employees collaborate, no matter where they are physically located. An SD-WAN solution helps apply the same types of security to these virtual offices as what security guards do for physical office locations. 

Create a culture of security by training your employees to be constantly vigilant

Employees are an organization’s most significant security asset. With the right training, these individuals can more effectively spot social engineering attacks, thereby reducing the likelihood of a ransomware attack. Creating a culture of security starts with awareness and builds on the knowledge of end-users so they can apply the information to new situations. A practical solution meets employees where they are in their security journey, then reinforces their skills. 

• Know the basics: All employees must understand key attack vectors so that they can recognize them in the real world.
• Communicate effectively: Organizations must continuously communicate with their employees and keep them updated so that security remains top of mind.
• Measure progress: Organizations must track employee progress as part of creating a culture of security. 

Creating a culture of security is a commitment. However, cybercriminals won’t stop looking to exploit human nature after the pandemic. Employee awareness may be the single most important investment organizations make as they mature their cybersecurity posture in 2021. While companies can’t always control what their employees do, they can give them the tools they need to make secure decisions. 

Facing New Challenges Head-On

Companies that embrace change are the ones most likely to remain financially stable. Creating a culture of security and establishing a new, updated cybersecurity strategy is critical for organizations with hybrid workforce models. This means implementing the tools needed to help advance business and security objectives, from multi-factor authentication to SD-WAN. In turn, these solutions will also enable businesses to be more productive.  The workforce will likely never look the same as it did before COVID-19, but by building cybersecurity into their business goals, organizations can better keep pace with the ever-changing “new normal.”