With the COVID-19 pandemic changing the work landscape, potentially forever, cybersecurity officials are advising that workplaces prepare to build resiliency into these hybrid work landscapes and make sure they are working strategically to secure the connections.
A cybersecurity official from the Government Accountability Office (GAO) and the Chief Technology Officer (CTO) for the state of New Jersey stressed this at an August 17 webinar organized by GovLoop.
“Looking at the training and the guidance that is provided by our various organizations and really looking at the complexities of this hybrid workforce, none of us really expected it to be here, and none of us expected to be here this long,” Jennifer Franks, director of GAO’s IT and Cybersecurity team, said during the webinar.
“But even within this capacity, the cybersecurity vulnerabilities continue, and they’re continuing on at a pace that’s … a little bit difficult to keep up with,” Franks added. “So, in that, we need to help our employees be a little bit more diligent and you know it is helpful that everyone keeps cybersecurity at the forefront of their minds.”
Franks said that currently, she’s seeing agencies and employees with an enhanced awareness of the importance of cybersecurity compared to years prior and chalked it up to the rise in high-profile attacks. However, she also said there is a need for increased cybersecurity training, including more training on malware, phishing, and social engineering training to increase the resiliency of the workforce on cyber issues.
New Jersey CTO Christopher Rein agreed with Franks’ assessment and said that now that the government and world have realized that the pandemic has lasted longer than any expected, it’s important to reassess how employees are connecting to hybrid environments from a strategic cybersecurity standpoint.
“We were thrust into kind of reactionary, ‘quick, provide access as securely as we can,’” Rein said. “Realizing now that the pandemic outlived any of our wildest expectations, in this environment, I think we have to kind of try to get that shift of going back and taking a step back and realizing that we have to balance it. … Get back to strategic, let’s get back to planning and executing in a way that’s sustainable.”
Rein also talked about educating the workforce on cyber issues and noted that all the new cybersecurity bells and whistles are useless without the talent necessary to operate them effectively.
“We really have developed a kind of a mantra that says, when we’re talking about staffing and building and maintaining our cyber presence and in our cybersecurity initiatives,” Rein added. “Talent outweighs technology.”
In terms of how organizations can keep themselves secure, Franks recommends keeping an eye on GAO’s annual high-risk recommendations. GAO had four recommendations referring to cybersecurity in this year’s list, and Franks said if organizations focus on even just one, they will be building the cyber resiliency of their organization.
“My advice would be to look at those elements and figure out which area you could focus on in increments,” Franks said. “It could be very overwhelming, yes. But there could be some element that you could take and be able to implement efficiently and effectively to start adding additional cybersecurity protections in your various environments.”