The COVID-19 health crisis almost instantly changed how the world works, bringing with it new security threats and challenges. As organizations work to find the path forward and emerge stronger on the other side, it’s important to take stock of where we are and where we need to be.

Working Together While Apart

Like many other organizations, ours transitioned employees to remote work, with nearly 95% of IBMers now working remotely. With this new reality comes the need to heighten employee awareness of the security risks associated with a distributed workforce and global crisis.

For example, since February, there has been an 84% increase in the use of tools that facilitate remote work, like video conferencing, remote access tools and Virtual Private Networks. At the same time, since March 11, when COVID-19 was declared a pandemic, IBM X-Force has observed a more than 6,000% increase in COVID-19 related spam.

As we navigate these uncharted waters, we should also remember that difficult situations can often bring out the best in us. Even as IT and security teams are facing new challenges due to COVID-19, organizations in every industry are leveraging IT tools to help keep their clients safe and productive – from enabling distance learning for students around the world, to securing major banking transactions, to thwarting ransomware attacks on critical hospital systems.

Focusing on Fundamentals

At the heart of all of these stories is a push to drive security into the fabric of business. Regardless of where or how we are all working, organizations need to continue to focus on the fundamentals of modern enterprise security, and be both flexible and diligent in their security approach.

Right now, at IBM, we are approaching security for ourselves and our clients in three ways: securing remote workforces, detecting and responding to accelerating threats, and virtually extending security teams to add expertise. There are a number of ways to meet these needs, including:

  • Employing cloud to account for the increased capacity and number of devices and networks being used by a global remote workforce
  • Mining data to identify potential vulnerabilities and understand the nature of the cybersecurity threats that have emerged during the crisis
  • Relying on experts and other business leaders who are best equipped to respond to attacks and then share best practices with other stakeholders

Leading with Innovation

With security fundamentals in place, organizations can also take this time as an opportunity to evolve cyber resilience strategies. For instance, as technologies like hybrid multicloud and Bring Your Own Device are driving remote work environments during this crisis, a solution like Zero Trust, which was already picking up steam even before COVID-19, has renewed relevance. Zero Trust is a flexible security framework that provides deeper security inside an IT perimeter and relies on sharing context between security tools to protect the connections between users, data, and resources.

New innovation cannot be left out of the security equation, and that it will be even more important as we prepare for the future.

Remembering Your Purpose

Even though how we work and where we work may have changed, why we work has not. At IBM, our mission is to be essential for clients; we have the tools to help ensure their business continuity and IT resiliency in the face of this challenge, and we have a collective drive to improve for the future.

To secure that future, leaders across industries need to continue to embrace the security fundamentals that have served them well up to now, and also take advantage of opportunities for innovation and outside-the-box thinking that can accelerate positive change.

By continuing to focus on this balanced approach to enterprise security, hopefully we will all be in a much better place when we come out on the other side.

Watch the Think Digital Session Now

More from Zero Trust

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Why Zero Trust Works When Everything Else Doesn’t

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a "default deny" security posture. All people and devices must prove explicit permission to use each network resource each time they use that resource. Using microsegmentation and least privileged access principles, zero trust not only prevents breaches but also stymies lateral movement should a breach…

What to Know About the Pentagon’s New Push for Zero Trust

The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations. But first, let’s review this zero trust business. What is Zero Trust? Zero trust is the most important cybersecurity idea in a generation. But “zero trust” is itself a bit of a misnomer. It’s not about whether a person or…

Effectively Enforce a Least Privilege Strategy

Every security officer wants to minimize their attack surface. One of the best ways to do this is by implementing a least privilege strategy. One report revealed that data breaches from insiders could cost as much as 20% of annual revenue. Also, at least one in three reported data breaches involve an insider. Over 78% of insider data breaches involve unintentional data loss or exposure. Least privilege protocols can help prevent these kinds of blunders. Clearly, proper management of access…