As we cross the one-year anniversary of COVID-19’s first large-scale remote work experience, Ron Pelletier, founder and chief customer officer at Pondurance, shares his perspectives and candid insights on how a year of “remote everything†influenced operations worldwide and what the road ahead looks like for businesses across the globe. Â
We are all wondering what the future of offices and workforces will look like, focusing on the safety of our employees first and foremost. However, it seems more than likely that a remote workforce will remain mostly active for the foreseeable future.Â
I have been talking with fellow cybersecurity and risk leaders in recent weeks about the current pandemic and vaccine situation to share experiences and collaborate on defining top lessons-learned. Most recently, I moderated a discussion with a diverse group of security leaders.Â
These experts shared candid and insightful views of what they see unfolding. Their perspectives echoed a lot of what I predict we will see later in 2021. As cyber risk professionals, we keep a steady eye on immediate issues facing the business, and today, that is deciding how ongoing vaccinations could permit a wider resumption of going back to physical offices and picking back up old routines. At a human level, where we work influences our mental health, productivity, and company cultures. Yet, the places where we work determine much wider cyber risk consequences, too. With all this in mind, here are three consistent themes to consider.
First: Shifting Employee Roles Over the Last Year Affected Risk Tolerance More Than “Where†They Work
The pandemic necessitated new role shifts and technology pivots on-the-fly. If you started 2020 pulling together a business case for adopting cloud, videoconferencing, and document management software – you have probably already been up and running for months on these platforms at this point. Warehouse automation, contactless delivery, telehealth, and flexible supply chain initiatives went full-speed overnight. This changed employees’ roles in ways only now becoming fully apparent as new third-party services, and the means to share health data and other urgent changes, took hold. Regardless of where employees work, it’s these newer duties and dependencies that shape companies’ risk tolerance – whether leaders realize this or not.
To keep companies’ wheels turning when stores, branches and other sites were locked down, more department heads became IT “strategists†overnight. This prompted the nimble purchasing of app subscriptions, cloud capacity, and smart devices to preserve business and customer service, at a time when close, in-person contact was at the very least strongly discouraged, and in some locales, forbidden by law. While business-saving in many cases, these shifts introduced new “shadow IT†risks, as production data, network connections and embedded software ripe for exploitation accompanied these new IT investments.Â
As is often typical with emerging technologies, the more they become mainstream, the more likely they are to catch the attention of bad actors looking to score big in new territory. It is incumbent upon us as risk professionals to ensure that cybersecurity is contemplated from the start of the development and implementation life cycles rather than in subsequence, as is more often the case. Supply chain risk can multiply in an instant without due consideration — of which threats to data, business operations, and, most poignant these days, to people if the technology is used to facilitate any form of treatment.
Learn More: Why Cybersecurity Certifications Could Be Your Greatest Asset in 2021
Second: CISOs Gain a Rare Opportunity To Exact Greater Influence
It’s oft-cited and aptly phrased that technology plays more of a “supporting†role in business compared to sales, R&D, and other functions. This makes it historically difficult for C-Suites to elevate cyber risk beyond the “IT†context. But the biggest sleeper shift of the last 12 months is that technology’s role is more central today, and it can feel like it literally is your business. Of course, we still need experienced executives, supervisors and IT staff to frame and make decisions. Yet, there is no going back from the shift to more automation, cloud, IoT and mobile transformations. Look at the expanded inventory and transaction IT systems powering full-scale curbside grocery shopping pick-up or contactless food delivery. Entirely new vendors, apps and economies will sprout up to service these fields spurred out of necessity.
The onslaught of new technologies, however, did foster some positive change. Tele-health is a perfect example of this. Even well before the pandemic, the U.S. healthcare system was plagued with bottlenecks when it came to scheduling routine medical check-ups and consultations. Worse, feeling sick during flu season, for example, meant you had to sit in a waiting room with other coughing and sneezing patients. Telehealth’s advances allowed for physically safe engagement between patients and their doctors and facilitated the conveyance of diagnoses via interfaces such as Zoom or FaceTime. Onward, this interaction’s ubiquitous acceptance will let people continue getting convenient, efficient and accurate care they need. This should be the case even when COVID-19 is eventually tamped down to a much lower case level.
This all presents a rare opportunity for CISOs and other cyber risk pros to lobby for changes in how they work with their organization’s leaders, and articulate their views of their organization’s wider risks and opportunities. The “Chief†in “Chief Information Security Officer†has never been a more appropriate or necessary part of the title.
Learn More: How SMBs Can Stop Damaging Cyberattacks and Reduce Downtime
Third: The Hybrid Workplace is Here to Stay
Greater demand for office space and storefronts may return, though it is projected to be far less so than the pre-COVID-19 era. We will logically see a pent-up boom in dining, entertainment, hospitality and travel when the world’s virus cases and restrictions lift. Many businesses will resume recruiting talent with downtown workplaces. However, the pandemic broke the dam of perceptions and uncertainty some employers had about remote work and its feasibility. Debates about whether “We’ll never go back to offices!†or “It’s time to go back to commuting and conference rooms†create a workplace dichotomy in which the end result will likely drive a permanent hybrid approach.Â
From a cyber risk perspective, this should underscore that we can no longer rely on regaining the protections of perimeter cyber defenses within the corporate office. For some organizations, maintaining the appropriate corporate defenses was already a daunting prospect, and the rapid move to a more mobile, flexible workforce and supply chain-driven world suddenly exacerbated the problem. In retrospect, it is truly remarkable what companies have accomplished in a year’s time out of necessity; arguably several years’ worth of pilot projects, experimentation and full-scale rollouts. And now is the time to seize the opportunity to ride the wave, or be drowned by it. In seizing that opportunity, however, the ever-present risk to your endeavors are the ones and zeros that are your data, the systems that house them, and the people that interact with them. Â
“Going back to normal†is what we want to hear, but in cyber risk there is no “back†to anything: Everything is always about moving forward – evolution, adoption and change management. A lot of positive indicators and metrics need to play out to mark an end to this terrible pandemic. But the technologies and creative thinking that drove our economy’s resilience will pay further dividends by fostering new business models, shaking up old thinking, and giving security pros more input and influence over transformation. In short, cybersecurity has never been more of a critical success factor as it is today, and the opportunity to elevate its position in terms of fostering business resiliency has never been more compelling.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!