They say change is the only constant in life, but 2020 is really pushing the boundaries for many. In response to the COVID-19-pandemic tragedy the world finds itself in, my company is currently operating remotely on a global scale. Like many tech companies, flexible working is not new to us and working from home is one of the perks of the job. Even as “early” as 2009, I was working remotely from Belgium for companies in Silicon Valley. The technology was way less advanced back then, but it still did the job.
If there is one very small positive we can take away from these strange times, it’s that people will have seen the benefit of a digital workforce, and the ways in which a team can connect, collaborate and maintain culture despite not being physically together. The cybersecurity industry is one that can truly thrive from a work-anywhere, always-on approach.
The future is flexible, and this is how we—and the cybersecurity industry as a whole—can make it work now and into the future:
Universal Access-Anywhere Products
Before any sort of forced quarantine situation, global teams still had to find a way to collaborate when required. Affordable conference calls made their debut in the same year as the Rolling Stones. (In 1964, that is—and no doubt those early adopters had the same “Are you there?” “No, you go ahead.” issues we face today.)
In 2020, digital communications technology is an enormous part of the multi-trillion-dollar ICT industry, with cloud-native, mobile and social platforms dominating and replacing legacy tech. Innovations like Slack, Zoom and Discord have kept us more connected than ever, especially at work. And communication is just one aspect of the story.
Web-based applications are being created to streamline processes, revolutionize the existing ways we live and work, and solve problems we may not have realized we had. We are nowhere near the peak of cybersecurity tools and training that can be accessed on-demand, in ways that are engaging and useful to the user while showing a tangible benefit to the business. The time is ripe to innovate in multiple areas of attack and defense, where security-first methodologies like DevSecOps can still thrive even if everyone is at home. It’s about collaboration, and a considered suite of tools for each member of the team to do their job effectively regardless of their physical location.
Security Training Where You Need It Most
Developers have a fraught relationship with security, and in a lot of ways, they’ve not been catered to in a specific enough way to engage properly with security best practices. On-demand, gamified training can help win them over no matter where they are; this is also imperative for ensuring that offshore teams and vendors display adequate security awareness as well, especially when involved in any sort of tinkering with an organization’s software.
Keeping your cohort engaged and upskilled with training that will help the organization (not to mention their own career) is a very effective glue when it comes to retaining your best and most loyal talent … an absolute necessity as we face an ongoing cybersecurity skills shortage.
In remote working situations, everyone tends to receive an increase of email, on top of having to sort out various logins, systems and setups. It’s all too easy for socially engineered attacks and malware to slip through the cracks on a bunch of devices out of the in-house security scope. This is not a reason to abandon remote work; it is a golden opportunity to learn by doing and make it as robust as possible for the future. And in security-focused organizations, well, this is a good opportunity to audit processes and “eat your own dog food” when it comes to security best practices for everyone.
Security awareness is of utmost importance in every organization, and adequate training should be provided at every level—even measures like enforcing password management tool use and learning how to spot a phishing email are helpful.
When it comes to developers, they are the first line of defense in securing the code actively produced within the business, and they can be a valuable asset along with your AppSec team in avoiding further pain from a cyberattack by closing the back doors created by common vulnerabilities.