There’s been a lot of literature in recent days about the “remote” or at-home revolution. Remote working, videoconferencing, telemedicine and online shopping just to name a few are indeed currently supporting millions of people across the world in their daily professional activity, in helping them to stay in contact with colleagues and loved ones and, more critically, in providing them with food and essentials as well as medical assistance.
While digital solutions like Citrix remote desktop, Zoom videoconferencing or the Slack collaborative platform offer material benefits, they also bring many new cybersecurity challenges as data and login processes are sent over the open Internet through wireless or fixed-line networks instead of protected corporate LAN or WAN networks.
To illustrate this, phishing and ransomware attacks have literally exploded over the past couple of weeks with a Check Point survey revealing that 71% of IT and security professionals have seen an increase in security threats or attacks since the start of the COVID-19 outbreak. Hackers are now exploiting known (and, most of the time, still unpatched) bugs in remote software or operating systems for example.
The recent and stellar rise of remote workers is thus a nightmare for IT corporate departments. The most unprepared ones had to rush just to set up a basic infrastructure (Virtual Private Networks, remote desktops…) while the most tech savvy are (still) struggling with bandwidth scarcity and data center outages. Furthermore, another difficulty is added as a growing proportion of corporates are now operating on flexible and scalable but also more complex hybrid IT infrastructures (on-premise and cloud). Finally, remote workers can access their companies’ digital properties with private devices like laptops, smartphones or tablets running on different operating systems and using different applications. Obviously, this heterogeneity offers wider attack opportunities as these devices have not been configured, monitored and sanitized by IT professionals.
The virtual remote world also brings a formidable challenge in terms of person identification, one of the main pillars of IT security. A new generation of identity management software, which permanently monitors the user during its login time, has now become crucial (Okta, Ping Identity…). A state-of-the-art privileged access management layer is necessary to avoid any internal wrongdoings (CyberArk, SailPoint…) while encrypted email solutions are simply unavoidable (Proofpoint, Zix…). Machine learning algorithms are deeply integrated in the roots of all these platforms. Artificial Intelligence is used to build user behavioral profiles or to detect, in real-time, unusual patterns for example. AI is the only way to proactively react and adapt in an environment of ever-changing types and styles of cyberattacks.
It’s worth noting that the rise of cloud computing and of these new cybersecurity solutions is redefining the digital security landscape. A wave of cloud-native companies offering the above-mentioned solutions is disrupting the actual leaders (Check Point, Palo Alto…). The elevated revenue growth of this new cloud cybersecurity generation, which also includes the likes of Zscaler, Rapid7 and CrowdStrike, is a clear statement of market share gains at the expense of security incumbents.
The main question right now is whether the adaptation of the IT infrastructures we’re witnessing today with new software solutions will just be temporary or more than that. In our view, the new IT security policies could be long-lasting, considering that work-at-home could become a secular trend as it brings many benefits (reduced costs for companies, lower pollution…) and is likely to take center stage in the definition of most business continuity plans in the future (prevention against fires, earthquakes, storms… or a new health crisis).
The cybersecurity industry is expected to grow at a 5-year CAGR of 11% with the specific cloud security segment reaching levels of 30%+. These forecasts may clearly materialize or even surprise on the upside as upcoming technologies like Internet-of-Things, autonomous vehicles and smart cities will further exacerbate the need of secure connections, identification and digital privacy.