The Industrial Revolution took 100 years. The Internet Revolution took 25 years. But the digital transformation caused by COVID-19 happened almost overnight with “business as usual” one day and lockdowns the next, according to George Kurtz, CEO and Co-founder of cybersecurity firm CrowdStrike, which specializes in cloud-delivered endpoint and workload protection.
“There has been a dramatic acceleration in everything,” he says.
Due to the breakneck speed of workplace changes this past year, many companies were caught off-guard when it came to security and their ability to continue business as normal in the new reality, according to a recent EY article tackling how chief information officers (CIOs) are challenged now more than ever. The COVID-19 pandemic forced the move to a fully remote workforce almost overnight. Supporting communication and collaboration for employees is an essential step in ensuring resilience, but it has tested legacy infrastructure and security configurations.
Kris Lovejoy, EY Global Consulting Cybersecurity Leader and author of the article, recommends a number of steps to ensure security and resiliency, one of the most important being to increase cybersecurity. CrowdStrike’s Kurtz agrees. “With more reliance on digital than ever, it is important that there is resiliency built into the system,” he says, adding that he has seen a dramatic increase in cyberattacks, such as ransomware, along with a dramatic increase in the impact. “It’s no longer about just having a system be infected by a virus and you move on,” he says. “Now it could be 10, it could be 10,000, or 100,000 computers that are effectively rendered useless and their data encrypted.”
Organizations need to ensure their data’s security along with their mobile and virtual infrastructure security, suggests Lovejoy. CIOs would also do well to reach out to suppliers, contractors and customers to help them address their security concerns as well.
The reliance on technology is what’s driving these businesses, says Kurtz. Without a level of understanding of the types of risks that are out there or the right tools to deal with those risks and ensure this resiliency in the system, CIOs and their companies are going to get caught unprepared, he says.
Don’t just play catchup
Take an “ecosystem approach” to business operations, which will create a collaborative network that connects suppliers, customers, shippers and employees, says Lovejoy. In turn, this will enable faster response times, reduce risk and increase resiliency to ramp up and scale down and avoid an uneven “see-saw” recovery.
It will also stop companies from making the mistake of “taking their old, antiquated processes and applications and infrastructure and just basically moving them to the cloud,” says Kurtz. Just because they did it that way in the past doesn’t mean that they have to continue to do it the same way in the future. Instead, using Lovejoy’s ecosystem approach, they can adopt much more modern technologies, such as cloud containers and servers.
— George Kurtz, CEO & Co-founder of CrowdStrike share
“Those tend to build a better foundation for the future,” says Kurtz. In addition to moving to the cloud, some companies are layering on a security transformation as they evolve. “They’re basically saying, ‘Since we’re going to new architecture, we’re also going to architect in new security.’” But a lot of companies are still not prepared or moving this way. “They just don’t have the expertise or the people to be able to deal with a lot of these complex technologies,” he says.
The upgrade solution
For those companies, they can either buy the expertise and bring it in house or outsource it – or do a combination. Kurtz uses the example of midsized companies. “They have a lot of risk, but they don’t have the expertise to actually be able to deal with it,” he says. “So, it’s a disproportionate relationship to the risk they have versus the expertise: a high level of risk, a low level of maturity. That creates this gap that allows adversaries to be able to take advantage and compromise their systems.”
No way around it
“If you don’t have the expertise one way or another, you’re going to have to get it,” says Kurtz. Options include hiring infrastructure consultants or security consultant firms.
“At the highest level, there isn’t a business on the planet that isn’t aware that security breaches are problematic,” says Kurtz. “Anyone can be a target.” The focus needs to be on stopping breaches through a cloud-delivered platform. The technology runs on computers, servers, and cloud systems and can protect against new and never-before-seen attacks across the spectrum, from ransomware to nation-state adversaries, says Kurtz. “The ultimate goal, at the highest level, is protecting endpoints and servers against advanced attacks and keeping them safe.”
Work from anywhere
CIOs need to rethink their companies’ infrastructure, says Lovejoy. Without a crystal ball, it is impossible to know exactly what the future holds post-pandemic. But one thing we all know is that there is a new kind of workforce to support as we return to work, she says. This new workforce needs a flexible communications platform and other new infrastructure that supports collaboration, remote working, and higher levels of automation in operations.
Kurtz is confident that things will keep evolving. “When we go back fully, it’s not going to look like the way it was. That I know for sure,” he says. Instead, he and Lovejoy see a hybrid model. “I think now there’s going to be a lot more flexibility in the working environment where work becomes a bit of a collaboration space and almost reconfigured,” says Kurtz. “It’s where you’re collaborating and working and you have access to resources, but you may go away and you may be home for a few days a week, and you may go collaborate in the office.”
Kurtz sees the new normal as “work from anywhere” rather than “work from home” and that this new model is here to stay.
Fight for talent
Finding and keeping the right employees is critical, says Kurtz. “Allowing people the flexibility to work from anywhere allows companies to get the people they need, wherever they are,” he says. “Given that trend, you’re going to need security, because you’re outside of the firewall and don’t have the protection of the corporate network.” Security becomes more essential than ever, he says. “It doesn’t matter where you work. What matters is that those computers are always connected to the cloud and always protected.”
— George Kurtz, CEO & Co-founder of CrowdStrike share
The pandemic has shone a light on those companies that are forward leaning, the ones who were already cloud-enabled, says Kurtz. He adds, “The folks who have leveraged the cloud were pretty quick to be able to get up and running, because their infrastructure was somewhere else, and they didn’t need to be at the office.”
Even small companies need security
Everyone needs security – no matter the size of the company, says Kurtz. Smaller companies make the mistake of thinking, “I’m too small. They won’t focus on me,” he says. “Well, the answer is they will.” A lot of times the attacks are random. “You may be in the most uninteresting business, but that doesn’t mean you aren’t going to be a target,” he says. “If you get hit by ransomware, you can’t conduct your business and your for-profit operation is going to come to a standstill. It’s important for people to realize whether they are big or small, what they have is valuable and they have data that is sensitive. Maybe they won’t be attacked by nation states, but they are going to be a target of other groups.”
How to get started
Those businesses still in legacy mode need to be looking at SaaS providers as a starting point, says Kurtz. On the security side, these are very easy to coordinate, and one doesn’t need an army of people to manage backup software, he says. There is Dropbox, for example. “We see most smaller companies that are more effective as they start out as a cloud first company using SaaS applications before trying to build an infrastructure themselves. That’s really the starting point.” From there, it’s being able to add to those skills with help from some of the companies out there that are providing these services. “If you’re using AWS (Amazon Web Services), they have their own consultants. If you’re looking for security, managing your endpoints, there are companies that can do that and help manage your Salesforce implementation. So, it’s augmenting that expertise and leveraging a SaaS first model is really the bottom line.”
Pandemic silver lining?
“The silver lining is the fact that there were digital transformation roadmaps that were three years old that got executed in one day in March in 2020,” says Kurtz. “It really has pushed additional areas where people can certainly accelerate what they’re doing from a digital perspective.”
EY is YPO’s strategic learning advisor.
