In the coming weeks, as 2020 gives way to 2021, organizations of all sizes will attempt to size up and plan for a “post-COVID-19 workforce,” even as uncertainty over the virus lingers into the new year.
Even if a vaccine becomes available in the first half of 2021, businesses large and small believe that significant portions of their workforce will remain remote, as employees have taken to these home-office arrangements, which are also helping accelerate the shift to more cloud services as well as digital transformation projects.
At the same time, these organizations need to continue to invest in and refine their cyber defenses, thanks to an increasing amount of threats brought on by the COVID-19 pandemic. It’s an unexpected boon for the entire cybersecurity industry, experts said.
“COVID-19 has represented both a crisis and an opportunity,” Steve Durbin, managing director of the London-based, non-profit Information Security Forum, told Dice. “It has accelerated and concentrated forces, such as the move to remote working and adoption of cloud services, that were already in motion. Moving forward in 2021, organizations must be willing to respond to non-information security-related threats if they have a significant impact on the way an organization operates or threaten its technical infrastructure.”
In a recently published study entitled “Future of Secure Remote Work Report,” researchers with Cisco interviewed some 3,000 IT decision-makers in both large and small enterprises across the Americas, the Asia-Pacific region (including Japan and China), and parts of Europe about the future of work in a post-COVID-19 world.
The survey results show that even as organizations are preparing for a return to physical offices in 2021, remote and home-office work is likely here to stay for the long-term for a good portion of the employees.
The study notes that, in March, just when the pandemic hit most of the globe, about 62 percent of respondents had more than half of their workforce work from home. Now, 37 percent of respondents note that more than half of their workforce wants to continue working from home in a post-pandemic work world, compared to only 19 percent before the virus hit.
“As organizations start preparing for a post-pandemic world, one thing is clear: employees now expect to have the flexibility and ability to work remotely regardless of what the future of work entails, given the fact that we are not going back to the way things were pre-COVID-19,” according to the Cisco report.
The numbers bear out these sentiments. The study found that 46 percent of respondents in the Americas report that half of their employees will likely continue working remotely even after businesses have returned to normal. In Asia, as well as Europe, the percentage of those interviewed who will see half their workforce remain homebound is 34 percent.
“The global COVID-19 pandemic has forced digital change on organizations at high speed and certainly faster than many had dealt with before the pandemic,” Durbin said. “It meant that senior IT and security managers have been called on to refocus efforts and help their organization re-orientate around secure remote working practices.”
Cybersecurity’s Time Has Come
The Cisco report also notes that, as organizations allow significant portions of their workforces to remain remote, cybersecurity will become an even greater concern in 2021.
The Cisco report notes that 85 percent of all respondents reported that cybersecurity is extremely important or more important than it was before the pandemic. Breaking down the numbers along various geographic regions, 44 percent of Asia-Pacific respondents and 50 percent of interviewees in the Americas stated that cybersecurity is extremely important to their organization.
In Europe, 46 percent of respondents noted that security was more important than it was before the pandemic hit.
The reason for this renewed emphasis on cybersecurity is that, when the pandemic hit, so did the attackers. The Cisco report notes that 61 percent of all respondents reported that their organizations experienced a jump of 25 percent or more in cyber-threats or alerts since COVID-19 arrived in March. This played across all sizes of organizations with 55 percent of small businesses, 70 percent of medium-sized organizations, and 60 percent of large enterprises reporting increases in cyber-threats.
Heather Paunet, senior vice president of product management at security firm Untangle, noted that many firms made investments in security to get through 2020. The long-term shift to work-from-home means rethinking security priorities for possibly years to come.
“One of the key findings that stood out from the [Cisco] report is that cybersecurity has become significantly more important than it was before March 2020,” Paunet told Dice. “Investments made quickly to adapt to a globally dispersed workforce in 2020 have been enough to keep the business running. Now, thinking post-pandemic, the trend of employees working remotely is here to stay, and more needs to be done to ensure a solid, robust working environment.”
Jack Mannino, CEO of security firm nVisium, agrees that organizations of all sizes now need to think more strategically about cybersecurity investments and how best to protect workers, data and equipment that are now beyond the corporate walls and likely not returning.
“The shift to remote work has prompted many organizations to make significant new investments in their IT systems and infrastructure,” Mannino said. “While the shift has already happened for many, the security debt created in the process has not been addressed in many places. Securing a remote workforce requires a different mindset and presents an expanded perimeter for an attack.”
At the same time, the need for more intensive cybersecurity to protect remote workers means that businesses could start looking toward more cutting-edge approaches, such as investing in a zero trust model, to provide a more robust approach to these frequent attacks.
“As the report says, the number of cyber-threats and alerts increased during 2020 as malicious actors looked for holes in security as businesses tried to adapt so quickly to enable workers to work remotely,” Paunet said. “Fortunately, the report also shows that businesses understand now, more than before, the importance of prioritizing cybersecurity in IT budgets. Furthermore, it also shows that there will likely be new solutions, such as zero trust technology, which will be built specifically to adapt to a remote workforce-first way of working in the future.”
Still Looking for Those With Skills
And while the Cisco report notes that cybersecurity will be a larger and more important priority for many businesses, other problems will remain.
For instance, the so-called skills gap in cybersecurity, with more job openings than potential candidates to fill them, is likely to remain. This will prove challenging for companies looking to fill security roles to meet new demand, but having a smaller pool to draw from, said Brendan O’Connor, CEO and co-founder of security firm AppOmni
“The IT and cybersecurity shortage problem is far worse than anyone could have imagined. We've been operating under the shortage of IT and cybersecurity expertise for so long that it has become an acceptable norm. COVID-19 exposed how seriously undermanned we are when it comes to cybersecurity,” O’Connor told Dice. “With enterprises shifting to a virtual and remote workforce, organizations had to quickly shift business applications and data to the cloud. IT staff can no longer gain the little benefit they had from network segmentation afforded by traditional office networks.”
O’Connor noted that organizations will need to find not only the right cybersecurity workers, but also those professionals with skills to handle the influx of cloud services that are now in widespread use since workers shifted to home.
“With traditional security measures completely removed from the equation, IT staff struggled to implement necessary measures to ensure the safety of data in the cloud," O'Connor said. “The rapid adoption of SaaS exposed not only the lack of general cybersecurity expertise but also the lack of expertise in SaaS to leverage the built-in security measures effectively.”