The COVID-19 health crisis almost instantly changed how the world works, bringing with it new security threats and challenges. As organizations work to find the path forward and emerge stronger on the other side, it’s important to take stock of where we are and where we need to be.

Working Together While Apart

Like many other organizations, ours transitioned employees to remote work, with nearly 95% of IBMers now working remotely. With this new reality comes the need to heighten employee awareness of the security risks associated with a distributed workforce and global crisis.

For example, since February, there has been an 84% increase in the use of tools that facilitate remote work, like video conferencing, remote access tools and Virtual Private Networks. At the same time, since March 11, when COVID-19 was declared a pandemic, IBM X-Force has observed a more than 6,000% increase in COVID-19 related spam.

As we navigate these uncharted waters, we should also remember that difficult situations can often bring out the best in us. Even as IT and security teams are facing new challenges due to COVID-19, organizations in every industry are leveraging IT tools to help keep their clients safe and productive – from enabling distance learning for students around the world, to securing major banking transactions, to thwarting ransomware attacks on critical hospital systems.

Focusing on Fundamentals

At the heart of all of these stories is a push to drive security into the fabric of business. Regardless of where or how we are all working, organizations need to continue to focus on the fundamentals of modern enterprise security, and be both flexible and diligent in their security approach.

Right now, at IBM, we are approaching security for ourselves and our clients in three ways: securing remote workforces, detecting and responding to accelerating threats, and virtually extending security teams to add expertise. There are a number of ways to meet these needs, including:

  • Employing cloud to account for the increased capacity and number of devices and networks being used by a global remote workforce
  • Mining data to identify potential vulnerabilities and understand the nature of the cybersecurity threats that have emerged during the crisis
  • Relying on experts and other business leaders who are best equipped to respond to attacks and then share best practices with other stakeholders

Leading with Innovation

With security fundamentals in place, organizations can also take this time as an opportunity to evolve cyber resilience strategies. For instance, as technologies like hybrid multicloud and Bring Your Own Device are driving remote work environments during this crisis, a solution like Zero Trust, which was already picking up steam even before COVID-19, has renewed relevance. Zero Trust is a flexible security framework that provides deeper security inside an IT perimeter and relies on sharing context between security tools to protect the connections between users, data, and resources.

New innovation cannot be left out of the security equation, and that it will be even more important as we prepare for the future.

Remembering Your Purpose

Even though how we work and where we work may have changed, why we work has not. At IBM, our mission is to be essential for clients; we have the tools to help ensure their business continuity and IT resiliency in the face of this challenge, and we have a collective drive to improve for the future.

To secure that future, leaders across industries need to continue to embrace the security fundamentals that have served them well up to now, and also take advantage of opportunities for innovation and outside-the-box thinking that can accelerate positive change.

By continuing to focus on this balanced approach to enterprise security, hopefully we will all be in a much better place when we come out on the other side.

Watch the Think Digital Session Now

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today