Managing workforce cybersecurity in a post-COVID-19 world
This originally occurred as a foreword to an Elastic report. You can read the full report here: Managing workforce cybersecurity in a post-COVID-19 world | Elastic
The sudden and significant move to remote work at the start of the pandemic enabled the government to continue delivering critical services to the nation.
At the same time, the pandemic ignited the move for government departments and agencies to rapidly accelerate their digital and cloud strategies. However, the initial temporary measures that were deployed to support the swift and seismic move to remote working, particularly around IT security, are not sufficient or sustainable in the long-term.
Cybercriminals are increasing their attacks at a rapid pace, and the threat level won’t subside anytime soon, with targeted attacks on home-workers reported to become more frequent and sophisticated in the future. This warning should raise a red flag for government’s IT leaders, as remote working becomes more acceptable and the shift to a more hybrid workforce maybe permanent.
With this in mind, IT security policies, practices and tools to meet the needs of a hybrid workforce that splits its time between home and work, will need to be reassessed.
Securing a more distributed IT environment will be a key focus for IT leaders as they arm their departments with IT security tools specifically designed for remote work. To help IT leaders, this research report proposes three cybersecurity strategy considerations:
Data flexibility and scalability
Security and agility need to be balanced. Choosing the best data model to allow for this is a priority — one that weighs scalability and budget as the government rightly prioritises bolstering the UK economy.
Deployment options
Security and ease of deployment are also vital considerations. Although the government should develop, test, and deploy workloads that it can host safely on a public cloud, there will always be a reliance on a hybrid environment involving data centres within organisations’ estates. Flexibility is, therefore, a core requirement.
Cyber community
Fundamentally, it’s people that drive technology. Communities that leverage skills that already exist are critical in shaping cybersecurity strategies and making them stringent. From the internal team to other departments, technology partners and the open source community, this collaboration will allow civil servants to be more aware of internal and external threats.
