CIOs say security must adapt to permanent work-from-home

Both private- and public-sector CIOs see many more employees permanently working remotely, and say security needs to adapt to new threats and how they communicate.

Remote worker  >  A man works from home with his dog
SolStock / Getty Images

The entire US economy and government were forced to shut down in-person facilities and operations almost overnight in March as COVID quarantines began. The new conditions forced organizations to quickly find ways to secure tens of millions of new, vulnerable endpoints created by at-home workers. Now, six months later, technology leaders are taking stock of what happened and considering how a post-COVID landscape might look.

COVID has resulted in a lot of forward-looking changes, Jim Weaver, CIO of Washington State, said at the second day of the annual Cybersecurity Summit hosted by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). “COVID has been our chief innovation officer. Now as a state we’re pivoting to change our service methodologies while in the middle of a pandemic and economic downturn.” Washington was the first state with a positive COVID case on January 14.

“Governor Inslee has been a big proponent for remote work for a lot of reasons and so we did have a culture and mindset in place already enabled to support it,” Weaver said. Washington had to jump from an average of 3,000 to 4,000 remote concurrent connections to 65,000 to 70,000 almost overnight. “That went pretty flawlessly, I’m pleased to say.”

COVID gives cyber criminals new opportunities

At the same time, adversaries are changing, too. “The bad actors are not going away. They’re changing. They’re thriving in the chaos,” Weaver said. “We are seeing a significant number of increased attacks, particularly along the lines of ransomware. Fortunately, among CISA, Secret Service, FBI and our state resources involving some of our national guard resources, we’ve been able to do a very good job recovering from them.”

To continue reading this article register now

The 10 most powerful cybersecurity companies