By Scott Meacham
Connecting with experts across the state on the subject of “first the pandemic, then what,” I am struck that the first thing everyone mentions is the pandemic phenomenon of telecommuting and work-from-home.
From scientists at Oklahoma Medical Research, to engineers and software developers at startups like Ten-Nine Technologies, to Oklahoma-based experts in energy and finance, every business is adjusting to this mostly positive new configuration of work—and expecting it to endure.
When I asked Dr. Jerald Dawkins, founder and chief information security officer of True Digital Security in Tulsa, OK, to weigh in on how the landscape of cybersecurity has changed and what he anticipates going forward, he, too, began with work-from-home.
“If you had told me that I wouldn’t be in the office and working from home as the world shut down, I would have been shocked,” Dr. Dawkins said. “The really surprising thing is how fragile society is and how resilient we can be. That we can execute business, have meetings, communicate and do our work—that’s all powered by technology. But we need to mitigate the new risks, too.”
Working from home has blown up old cybersecurity paradigms for many.
“There are essentially two types of businesses,” he said. “Companies that early on embraced migration to the cloud and technologies like touchless payment systems are excelling in the time of COVID-19. Others that kept classical data center structures and were anti-moving to the cloud or software as a service (SaaS), relying on people working in the office, will have to adjust.”
Pre-pandemic, many businesses’ model for cybersecurity was focused on physical locations with firewalls, cameras, and company-owned and controlled laptops. In those cases, solutions like network segmentation, firewalls, and MFA were really helpful. Not anymore. Endpoints are everywhere, and most of them sit outside of corporate security controls. Another complicating factor of that new endpoint is the explosion of the Internet of Things (IoT).
“Now that the cyberattack surface has expanded to include work-from-home, and, with more hackers having more time to hack, companies are shifting their focus from where the office is to the endpoint, which is where the employee is,” Dr. Dawkins said. “The back door is wide open. Everything from the thermostat to ROKU to refrigerators is on the internet. It is hard to break into corporate networks—they are fortresses, but hackers love people working from home.”
Questions to ask: Where is the person who made the software located? Are IOT devices secure out-of-the-box? Does an app that looks like a flashlight on your iPhone also ask for access to your notes or contact list? We used to have firewalls and control over traffic. That is not the case anymore.
“Cyber security is not a problem to solve, it is risk to manage,” Dr. Dawkins said. “Technology is going to change. Responses to it will change. Threat actors will change. Going forward, security will need to be more of team sport. There are technical things you can do—dual factor authentication and managed detection and response, for example. There are also operational and procedural things. A good strategy will have a handle on all three. At TRUE, we’ve focused our efforts on helping people stop the bleeding on their endpoints long enough to make changes to their policies and network structure, so they can better mitigate the risks of this new paradigm.”
Post-pandemic security demands a new mindset, a heightened sense of urgency, and increased demands from the C-suite on technology managers when it comes to cyber security.
Oklahoma is superbly positioned to lead and influence the cybersecurity industry with companies like True Digital Security, experts like Jerald Dawkins, and educational concentration and excellence in cybersecurity at University of Tulsa.
Scott Meacham is president and CEO of i2E Inc., a nonprofit corporation that mentors many of the state’s technology-based startup companies. i2E receives state support from the Oklahoma Center for the Advancement of Science and Technology and is an integral part of Oklahoma’s Innovation Model. Contact Meacham at i2E_Comments@i2E.org.