Rethink your cybersecurity strategy for the new world
- Posted on May 15, 2020
- Estimated reading time 3 minutes
Opportunity in a time of crisis
There is an old saying of “never put a good crisis to waste” and this is particularly pertinent for many organizations today. In recent months, there have been profound changes in the way organizations operate and the way many people work.
To respond to the COVID-19 pandemic, many organizations have had to implement new, unfamiliar operating models and quickly deploy technologies that support this new environment to ensure business continuity. These changes have resulted in a broader attack surface, with greater exposure to security threats.
Attackers are exploiting this increased exposure. According to new research from Microsoft, hackers have launched coronavirus-themed cyberattacks in 241 countries and territories. Microsoft is also tracking around 60,000 COVID-19 related malicious attachments or URLs daily.
Faced with a potential economic slowdown, organizations are moving to more agile and dynamic business models. With the security risk posture of many organizations now fundamentally altered, this presents a real opportunity to reset their security strategy to protect the core operations of their businesses.
So, where do you start?
We recommend three key steps to help you better prioritize and plan to address security risks.
1) Adopt a zero-trust mindset and vision
This concept is centered on the belief that organizations should not automatically trust anything inside or outside its perimeters - and that everything must be verified before granting access to systems. The identity of every individual, admin account, application, bot, and process must be validated and managed through a governance process. We also recommend that you consider tools that address Identity Governance and Administration (IGA).
2) Undertake a comprehensive risk assessment
Satya Nadella recently said, “We've seen two years’ worth of digital transformation in two months.” If like many organizations, you have recently experienced a rapid change to your enterprise architecture and the deployment of new collaboration and workforce tools, now is the best time to conduct a risk assessment of your environment.
It’s hard to evaluate the risk of everything from the outset, so a good place to start is by identifying the assets of most value and understanding what you want to protect. From here, you will be able to pinpoint the key risks to those assets and come up with a tactical plan to address them.
Understanding the risks to your newly altered ecosystem will allow you to take a measured and thoughtful approach to security project prioritization, resources, and budget. This is also a good time to review, or develop, a formal security governance framework to ensure that your new operating model is consistent with your new risk posture.
Like most things, security can’t be solved by throwing money at the problem. A risk-based approach will help you to focus your budget and resources. Many of our clients are now prioritizing their security spend on digital transformation and cloud migration projects to support a remote workforce.
3) Remove the clutter! Simplify and enhance your security landscape
A layered approach to security with the right tools is essential; but look for opportunities to cut unneeded controls. Excessively heterogenous security architectures are difficult to manage, costly and may increase your risk of exposure, so look to leverage any capabilities that are integrated into your cloud provider’s platform.
This is especially useful when you need to react quickly to an impacting situation such as enabling a remote workforce quickly. Ensure you are fully leveraging built-in security capabilities - such as those included in Microsoft 365, which will help to reduce unnecessary costs.
Renew to realize your security vision over the long term
Looking over the longer term, you’ll want to re-emerge strongly and be able to continually adapt to the changing business landscape and evolving threats.
Visit avanade.com/security for more information about our security solutions.