CEO (in February): Could all our nonessential employees work from home?

CIO: Totally out of the question. Too tedious and far too expensive.

CEO (in April): It wasn’t that difficult and turned out to be cost effective too.

CIO: Yes.

In the annals of IT history, this little dialogue will be representative of the radical change that shook the IT and cybersecurity industries in the spring of 2020.

During the pandemic, it has become clear that the concept of the enterprise perimeter for any manufacturing setup needs to be redefined. It is no longer static, but changeable and dependent on the location of employees, who increasingly access applications in the cloud from anywhere. What's more, whether at working from home or at another remote location, employees need more freedom of movement, which can no longer be mapped with traditional rights management. IT capabilities must be geared to their needs, and not the other way round. This, however, increases the scope for cyberattacks, hence the need for the CIO to be involved in the discussion.

Iskander: time for SASE solutions

The CIO does not, by any means, have an easy life. Cybercriminals set the pace, and a CIO must do everything possible to protect the organisation from their increasingly advanced and aggressive attacks. The CIO must struggle with historically developed security silos and structures, keep the adversities of the digital transformation in check, keep an eye on user behavior and constantly fight over budgets. Despite all the efforts, which are seldom rewarded, every security incident falls back on the CIO. "There is no glory in prevention," as the saying goes.

Apart from external threats, a CIO must focus on countering the potential data loss by insiders as well. To address this, a CIO must integrate additional data protection solutions within the existing security framework. By using NGFW (next generation firewall) web and email security, the organisation may defend itself against external threats. But additional measures such as Data Loss Prevention (DLP) technology safeguards data from threats and violation.

That being said, there is a need for a radical rethink when it comes to cybersecurity. The first step is to consider a cybersecurity solution which reacts dynamically to risk. Secondly, ensure you build for a world where users are free to access data from wherever, whenever they need OT. Lastly, focus on the bigger picture. Your security environment can no longer be organised as it used to in the past when companies used dozens of different security tools to build up, layer on layer a tightly knit defense.

The mass shift to remote working has dramatically increased the unmanaged security risks of the remote working environment, from unsecured networks to using unsecure personal devices to access corporate systems. At the same time, cybercriminals keep chasing the money – we’ve seen phishing attacks up more than 667 per cent in the first half of this year.

Couple this with the sobering financial, brand trust and intellectual-property damaging costs of a data breach (latest research shows that the average cost of a breach is  $3.92 million) and you’ve got a perfect risk-based storm.

In the Middle East, the market is estimated to have a post Covid-19 valuation of $15.6 billion in 2020 and expected grow by 13.8 per cent to $29.9 billion by 2025. We must conclude then that with increasing risks and increased potential cost if you get it wrong, we must rethink cybersecurity as an industry.

So how do we proceed? One answer is gaining a lot of traction: Secure Access Service Edge, or SASE. Market researcher Gartner first formulated the architecture model in 2019. It proposes to bring networking and IT security directly to where the applications and data are located: the cloud.

Even though SASE solutions are only slowly taking shape in the market, Chief Information Security Officers (CISOs) can already take the first practical steps towards SASE architecture: for example, introduce SD-WAN technologies with integrated cloud security services; secure remote employees with Cloud Web Security; control access to applications with Cloud Application Security Brokers; and rely on integrated Cloud Web Security, Cloud Application Security Brokers and Cloud-based Data Loss Prevention and Data Leakage Prevention.

This allows them to connect users directly to the cloud through a single, integrated layer of security - no matter where they are, no matter what level of freedom they require, and no matter what the definition of a network perimeter.