The coronavirus pandemic has caused a number of disruptions in the world of tech industry events – and next week’s now virtual Black Hat is no exception. In response, businesses are getting creative and rethinking their approaches to the usual networking, presentations and panels we see at in-person conferences. This week, Highwire’s Security Practice is hosting a series of virtual panels titled “On The Record: Cyber Edition” featuring a lineup of executives from top clients to highlight some of the key topics we’ll see at this year’s virtual Black Hat.
Wednesday’s panel, “The Future of Work: The Biggest Threats to a New 21st Century Work Life,” was moderated by Sam Whitmore, founder of Sam Whitmore’s Media Survey, and featured expert panelists from Cybereason, Code42, One Identity, and Akamai.
In attendance were Samantha Schwartz (@SamanthaSchann) from CIO Dive, Jennifer Schlesinger (@jennyanne211) from CNBC, Tony Bradley (@RealTonyBradley) from Forbes/TechSpective, Arielle Waldman (@ariellewaldman) from TechTarget, Alyssa Newcomb (@AlyssaNewcomb) from NBC/Today Show, Shaun Nichols (@shaundnichols) from The Register, Teri Robinson (@TeriRnNY) from SC Magazine, Sue Poremba (@sueporemba) from Security Boulevard, and Mark Cox (@Mark_ChannelGuy) from ChannelBuzz.
Whitmore kicked off the panel with a discussion around how COVID-19 has changed the panelists’ view on the future of work. There was a shared sentiment around how their companies acted swiftly to get employees working from home, and there was complete unanimity that a hybrid workforce is “the new normal.”
Although digital transformation was already well on its way to changing the way we work, panelists agreed that COVID-19 really accelerated the timeline.
“Y2K was supposed to be the year everything changed, but it seems like the change happened 20 years later,” said Maha Pula, VP of Solutions Engineering at Akamai. “We were just redesigning workspaces to be more open and shared, and then COVID-19 came and changed the paradigm.”
Not only has our work environment changed, but the attack surface as well. The way Mor Levi, VP of Global Security Services at Cybereason puts it, there are many threats and risks for the privacy of employees – everything from conference calls to speakers and webcams. Without the benefits of a secure office infrastructure, employees open themselves up to a whole new host of privacy and security risks.
“What worked for companies [before] are no longer relevant,” said Levi. “VPN and all those things must shift to zero trust, SaaS and cloud — all those areas that are more secure, robust and available.”
Jadee Hanson, CISO and CIO at Code42, went on to add that there are other security challenges in the current landscape, such as not having an office network, which means companies need to shift their strategy to focus more on the endpoint. She stressed the need for CISOs to weigh that cost and that they need adequate funding to be able to protect the company.
In addition to network security, another large threat to the quickly changing workforce is overall security awareness, according to Dan Conrad, field strategist at One Identity. More people working from home means employees are using devices that may have access to the corporate network, and activities like streaming videos and accessing potentially malicious sites (or worse — downloading malware) puts them at serious risk. A point remains — employees don’t know what they don’t know.
“We can’t expect users to understand [security] training unless they understand the dangers of working from home,” said Conrad. “Realizing when you authenticate a VPN you have extended the company network to your home that may be riddled with viruses — if [they] are not aware, you can’t expect a lot out of them.”
Hanson agreed, adding that compliance is not a checked box, it’s a cultural shift.
“[With COVID-19], we have focused a bit more on those guiding principles — what to do when you’re home, how to set up your home router or network,” said Hanson. “I think of security awareness as the daily corrections that happen throughout the day.”
While there’s no denying that the world is moving beyond the idea of a “new normal” and well into a forever-changed future of work, there is a silver lining. Some of our experts noted that as a result of the pandemic, security roadmaps have been accelerated and this is good news for CISOs and CIOs who now have a front row seat at the table to innovate around tools, smart processes, and models like zero trust.
Overall, the panelists provided thoughtful insights into the threat landscape and the opportunities the new future of work presents for security teams. You can watch the full panel here and above.