By Duncan Greenwood, VP & GM NEMEA, EMEA Lead for Diversity & Inclusion at VMware
Well, 2020 has been quite the unexpected year, hasn’t it? In my last blog, I spoke about the empowering impact 2020 had on the workplace and our employees. Today I want to discuss why security must be woven into the fabric of our digital foundation, if we are to succeed with this ‘new way of work.
Employees expect to continue to work from home, either entirely or partially, long after the pandemic is over. This concept of distributed working has proven it works and is likely here to stay. Recent research from VMware found a 41% increase in the proportion of employees in EMEA who see remote working as a pre-requisite of a role rather than a perk.
Technology has had a huge role to play in enabling the shift to distributed working. With virtual meetings becoming the norm and the need for more collaboration tools to keep in touch, technology has both helped and occasionally hindered progression. We must continue to develop and innovate with the technical tools at our disposal to enable workforces to be productive, collaborative and upbeat across their organisation. But we must do so in a secure way.
Technology required to keep things moving
Legacy or traditional IT equipment, tied to the parameter-based office model, has been simply unable to provide the flexibility and scalability needed to keep work pipelines moving during the disruption. Broadband and mobile networks help up relatively well, but in too many instances neither the public or private sector had the tools to access applications, data and services securely from any device, anytime, anywhere.
We have seen some central government departments struggle with the transition to distributed working. In the UK in May this year, only 20% of the Department for Work and Pensions team were able to work off-site. While it was not the case for all governments (some in Europe where digital infrastructure was more advanced coped well with the move) we’ve seen the same issues arise in some private sector organisations too.
The UK Government has committed to “providing world-class, next generation infrastructure, so that everyone can take those advantages and those opportunities wherever they live.” – according to Oliver Dowden, Secretary at Department for Digital, Culture, Media & Sport.
That commitment must mean going beyond what we usually think of as digital infrastructure, to also include the digital foundation at the level of individual organisations which underpin secure, remote access. The tools and technologies, which include virtualisation and the cloud, are not simply another wave of innovation to be introduced, ad hoc. Instead, they are a crucial form of infrastructure which will bring huge efficiency and productivity benefits to across the public sector.
Ensuring a secure way of working
There are reasons to be concerned that the speed at which organisations implemented remote working may have come at the expense of security in some cases. This is a significant risk to take given the deteriorating cyber threat environment.
We know from Government-commissioned polling that there is still an absence of basic cybersecurity procedures and technical controls in place across the business population. Any short-term savings from not investing in security are misleading – the annual cost of cyber-attacks for a medium sized business in the UK could go up by as much as £5,700 based on the increased rate of attacks seen during the peak of the first lockdown, as seen in VMware’s report. The potential change and complexity in security dimensions attached to employees working from home, the office, on the move or a combination of all three, mean that fully secured systems and processes based on ‘zero trust’ need to be a default option for all businesses.
The type of cyber threat is different now
Before the pandemic, cyber-attacks ranged from crypto jacking to worms to trojan horses. However, lockdown has impacted the nature of the cyber risk. It’s no accident that attacks which prey on the end user, such as phishing emails, spiked this year.
Cybercrime is an innovative business and hackers are opportunistic, adapting their approach to the vulnerabilities of the new world. When workers are isolated from the colleagues, including IT and technical staff, they are potentially more vulnerable to allowing hackers access their networks through emails or text which may appear to be from trusted sources such as their company or Government agencies.
Employees and businesses are also more likely to be using applications they are unfamiliar with or have not been trained to use in a secure way. Not to mention the employees using their personal devices for work purposes, following the rush to move to remote working in the first place. Of course, more often than not, these personal devices are likely to have inadequate technical security controls.
We will need to overcome these issues in the long-term
The cost that I mention above can of course be reduced if we work to decrease the risk from cyberattacks. VMware’s report identified the key traits of the top 10% performing companies in terms of cybersecurity and found that those companies:
- Involve their security team in key decisions that affect their IT stack from the start
- Have initiatives such as zero trust and least privilege as part of their security strategies
- Ensure their people, processes and tools are well prepared to meet any security challenges
The cyber threat causes damage to the economy, livelihoods and the privacy rights of individuals. For these reasons alone it is rightly a preoccupation of industry and policymakers. However, it also threatens the ability of companies to safely implement remote working at scale and is therefore particularly dangerous in the context of our recovery.
In powering the post COVID-19 recovery, Governments must prioritise secure digital foundations among public sector organisation, to empower their employees and securely and safely deliver much needed services to its citizens.
