By now, there can be little doubt in anybody’s mind that the pandemic is going to have a profound and permanent impact on the workplace. Despite a strong vaccine rollout and a planned return to normality, things like social distancing and mask-wearing are likely to be with us throughout 2021, and perhaps for years to come after too. That said, even if a so-called ‘new normal’ was established tomorrow and offices were allowed to throw open their doors to employees, would workers even want to return to a pre-Covid working model?
This is a question that has been given relatively little attention in the ‘build back better’ debate, but the answer could present some enormous challenges in how businesses handle their IT estates and infrastructure. Below we explore some of those challenges and outline what steps businesses might take to prepare for a new way of working permanently.
While the UK Government outlines its multi-step roadmap for a return to ‘normality’, there are many workers out there who have actually found a silver lining in all of this. Our route out of this pandemic seems to be predicated on the idea that everything will go back to how it was at the beginning of 2020. The reality, however, is much different. Employees have shed their long, costly commutes, allowing them to spend more time with their families, friends and hobbies, which has brought a shift in the work life balance we once knew. They’re saving money by not having to fork out for overpriced train tickets and cappuccinos, and saving on time better spent either with family or friends or on work but from a relaxed environment. It’s not for everybody, but now that remote working has been proved successful in many instances, the genie can’t be put back in the bottle. According to a recent survey by Gartner, a staggering 82 percent of business leaders are now planning on making ‘hybrid working’ a permanent feature and many organizations announcing permanent work from home policies.
It’s great that staff will be able to split their time between home and the office, but how will businesses accommodate for this from an IT perspective?
One of the most obvious results from a year of remote working is the number of devices now in people’s homes. Prior to the pandemic, if a company allowed or expected employees to work from home, they would have an established system for facilitating it. Devices would be issued and there would be strict security policies in place to accommodate remote working, typically involving VPNs or virtual desktops. However, given the speed at which businesses were forced to close their doors and adapt to home working for the long term, few of them will currently have these preparations in place. Businesses that were already at a high level of digital maturity will have been able to adapt over the past 12 months with relative ease, but for every business that has mastered secure agile working, there will be ten more who aren’t quite there.
We’re therefore likely to see IT budgets in 2021/22 shift to mobilization, cloud migration and remote network security, which will prompt a change in the technology ‘culture’ of many organizations. Most notably, the trend toward BYOD (bring your own device) will be stopped in its tracks. While it was feasible and cost-effective for employees to bring in their own iPads and smartphones to connect to an on-premise network, enabling this kind of ‘device freedom’ remotely is a recipe for disaster. With the recent SolarWinds breach being hailed by the likes of Microsoft as the “most sophisticated Cyber-attack in a generation”, technology-leaders will no doubt want to maintain a firm grip on security protocol. That will mean a virtual overhaul of IT real estates. Yes, desktop PC and landlines will need to be replaced by laptops and mobile phones, but responsible CTOs and CSOs will want to exercise high-level control over network endpoints too.
However, it’s not just technology and the rollout out of devices that will need to be placed under the microscope. Employee training around Cybersecurity and remote working will be crucial when it comes to preventing the significant rise of phishing attacks and other similar ransomware threats. Those choosing to work from home, away from their colleagues and IT specialists, are going to be far more suggestible to fraudsters looking to seize credentials or extort information, looking for access into corporate networks where IP, Data and Cyber Criminal targets reside. It’s important that we remember that 95 percent of all Cybersecurity breaches are caused by human error, and that’s based on data gathered from before the pandemic. With the switch to hybrid working, humans are going to have even more exposure to networks and will therefore become a highly targeted vector for supply chain attacks like the SolarWinds breach referenced above.
To combat this, IT leaders are going to need to start introducing new security controls to protect the endpoints, and fast. Devices being so distributed in 2021 will naturally make this more difficult than it would otherwise have been, so security strategies will need to be well thought out. Network segmentation, virtual desktops and VPNs are going to become paramount, and we’re likely to see ‘least privilege’ or need-to-know access take a more prominent role in controls policies. That covers workers, but suppliers will also need to be reviewed on a regular basis, particularly as many of those will also be utilizing home offices and off-premise working environments. This switch to hybrid doesn’t just impact the security posture of individual businesses, it also impacts the security posture of every link in their supply chain. Documentation and frameworks will therefore need to be heavily scrutinized and reviewed, and penetration tests will need to be ramped up to identify any weak links in the security chain.
Hybrid working may be the silver lining for many workers, and the chosen route for many businesses, but the challenge now facing IT departments throughout the UK is difficult to overstate. A digital transformation roadmap that might have taken five to ten years now must be executed and implemented within a matter of months. The days of bustling train commutes and busy office floors might not be entirely over, but networking is going to play a dominant role in organizations from here on out. Businesses need to start preparing for the inevitable switch to hybrid work now, or risk leaving themselves open and vulnerable in an increasingly volatile threat landscape.
Rowan Troy, Senior Cyber Consultant, Littlefish