Providing enterprise cybersecurity is challenging enough during normal times. And these aren’t normal times. As the COVID-19 pandemic transitions to “post-COVID-19 reality,” the hurdles for enterprises, their leaders, and teams only seem to grow higher. Workforces are dispersed. Old ways of doing business don’t apply. And what about all the bad actors out there? Do you honestly think that the global pandemic has somehow made them less malicious?
Here at Ensunet, we regularly interface with leaders at some of the world’s premiere enterprises; it’s one of the perks that’s come with providing IT support for more than $4 billion in post-merger integration, or PMI, activity. Yet even with all of the brainpower among our clients and internal subject-matter experts, we were delighted to sit down (virtually, of course) with Lalit Ahluwalia, CISSP, CIPP, PMP. Based in Dallas, he’s the Managing Director – North America Security Lead for Health & Public Sector for Accenture, and a globally-recognized expert and thought leader on cybersecurity.
We asked him about the security challenges that enterprises are facing, both COVID and post-COVID. His insights were enlightening.
Don’t worry. We took good notes. Here, then, are some of Lalit’s “around the corner” views on the road ahead.
Three categories of organizations
Hindsight is 20/20. Looking back, it’s now easy to see that the pandemic basically divided all enterprises into three broad categories:
- The ones with the easiest transition to remote/work-from-home/distributed workforces were those that had already made the move to a digital transformation; indeed, tech leaders were the best-prepared of the lot. Think of companies like Facebook, Google, and Microsoft. Do you really think it was hard for them to transition their people to work-from-home? The same applies for, say, consulting IT jobs; their business model already supports that. (Here at Ensunet, we heartily agree. The pandemic has barely slowed our support for our clients.)
- Those with the hardest—in some cases, insurmountable—challenges are those where the workforce’s presence, at the workplace, is simply required in order for the business to function. These “on-site” businesses include many of those that spurred government intervention and support programs; we’re talking about manufacturing, hospitality, and retail, for example. For those businesses, the people need to be on-site. Technology simply can’t bridge that gap.
- If you’re thinking ahead, you’ve probably guessed where Lalit was headed with this “categorization exercise.” The third category is neither high-tech nor on-site. They represent the massive gray area in between: what Lalit calls the “hybrid” organizations. They have a degree of technology already; they may or may not have protocols in place for distributed teams. Yet, suddenly, they need to make the transition—and securely. For knowledge workers in, say, healthcare or the public sector, how do you pull that off?
As you can guess, the rest of our conversation focused on these “hybrid” challenges.
The race to ramp up
If you’re one of these “hybrid” organizations, how quickly—how efficiently—can you make the transition to the new reality?
Think about where they’re coming from. They weren’t equipped to give access to their workers in a remote capacity. They’d never considered that scenario. And so they certainly never invested in it.
So when the pandemic hit, they had to ramp up fast. Think of workers-at-their-computers jobs, such as medical processing, government services for child-support or Department of Transportation projects. These are people who have always “lived” at the office.
For many organizations, the pandemic provided a much-needed wake-up call to make the move to the cloud. Old on-premises native data centers simply can’t handle the workload like cloud-based solutions such as AWS. Even Microsoft witnessed an incredible increase in the adoption of Microsoft Teams: what ordinarily would take two years, happened in just two months.
As Lalit made clear, the big challenge is not technology. There’s no lack of technology: things like cloud services, GoToMeeting, etc., have all been around for years. The challenge is the adoption of technology. How do you train those workers? How do you get them to adapt to the new way of doing things?
This brings up an interesting stratification of the workers themselves. Just as we were able to divide enterprises, based on their transitional needs, into “easy,” “hard,” and “hybrid,” we can also distinguish between individual people—and, indeed, the companies they work for.
That may sound complicated, but it’s not. One word will unlock this mystery for you: “Millennials.” As digital natives, they’re naturally better tuned to technology, social media, mobility, and fast adoption. At the other end of the spectrum are those who were born before the digital age, and thus are still making the transition to the information landscape.
The same can be said for organizations. Some have more digital-forward cultures than others.
Cybersecurity in all its forms
If your workers are now remote, it’s essential that they have secure access to your enterprise’s systems and data, right?
Of course. But “cybersecurity” encompasses a lot more than that. It’s about monitoring the environment to make sure it’s secure. It’s about data privacy: once it’s exposed, it’s public. It’s about devices that weren’t originally configured for remote operations, “retrofitted” with solutions such as one-time passwords and two-factor authentication.
Again, from the “technology is not the main challenge” argument, Lalit made clear: Operational challenges are the biggest hurdle for many organizations today. You need to implement new policies and procedures. For example, workers might be able to use their own devices—but shouldn’t intermix work activities with social media.
Even the some of the seemingly best-prepared organizations suffer from teething pains: Lalit mentioned how Zoom was hit by “Zoom bombing,” and needed to rapidly take things down and revamp their security and privacy protocols. (Contrast that to Microsoft Teams, which fared better.)
While it would be nice to simply say “Consult this list of best practices” for your organization, it’s not that easy. There is no single repository of best-practice guidelines. Some of it is common sense. But a lot of it must be tailored to your business model and its unique needs.
The coming cyber tsunami
As we’d hinted above, Lalit made a chilling prediction during our interview. He put it this way: “It’s naive to think that bad actors have been asleep at the wheel” during the COVID-19 pandemic. In other words, while organizations have been scrambling to adapt to the new reality, they’ve actually become more vulnerable, as they’ve focused on simply keeping their businesses running.
Another unfortunate reality: Layoffs have created a lot of vulnerabilities. Disgruntled ex-employees are more likely to take valuable trade secrets and IP with them and leak it, sell it, or weaponize it.
Lalit has a lot more insight into this coming tsunami. We highly recommend his article on the subject, entitled “Cyber Attack Tsunami (CYBER X 20) INVADES as COVID 19 Pandemic FADES,” available here.
A glass half full
You might think that Lalit would have a negative outlook on the future, especially given the coming wave of cyber breaches he’s warning the world to brace against. But that’s not the case. While he admits that some companies will fail to adapt, and thus fail to survive the new reality, he sees more opportunity than threat: “It’s never too late to adapt to the new way.” Look at communications companies as a single example. Zoom overcame its problems and is thriving. The education industry is forever transformed. There are countless new players on the horizon who are capitalizing on today’s opportunities, and are poised to become tomorrow’s leaders.
So consider your company’s future not a matter of fate. It’s really a matter of choice.
Get help now
At Ensunet, we understand the nuances of IT for M&A because we’ve supported more than $4 billion in PMI activity. We can help you, too. Download Ensunet’s free pre-/post-merger integration IT checklist. Or contact us today for a free, no-obligation consultation with one of our friendly subject-matter experts.