1) What is top of mind mid-way through 2020 for public sector IT leaders? (tech or threat)
We’re hearing a few things from many people in the sector. The first is the increasingly complex threat landscape. The potential attack surface has grown with so many more people accessing the network from home, and who are likely to continue doing so for the foreseeable future. At the same time, we know cyber criminals have been using the confusion sown by the pandemic to launch more targeted and sophisticated attacks, so the risk factors have grown significantly since March.
We’re also hearing more concerns from public sector leaders about having the right people with the right skills. The cybersecurity skills gap was a problem long before COVID-19, but now with a renewed focus on short and long-term strategies, leaders are very focused on making sure that they have people with the right training and backgrounds. So hiring and training are top of mind.
Finally, we know the public sector, like businesses, are looking for practical, tangible guidance on what they can do to better protect themselves now and in the future. They know the world has changed. The question becomes, what do we do now?
2) Digital transformation and IT modernization projects remain priorities, but priorities have shifted a big deal in 2020 and budgets have often had to be re-allocated. Where are your customers on this trajectory? Where is security in that conversation?
We actually released research this summer to look at this question. What we found is that the rapid shift to a new work paradigm hasn’t been easy, and has definitely shifted priorities. Nearly two-thirds of businesses moved half of their workforce to remote work practically overnight. Eighty-three percent of organizations found this transition to be challenging. And only 40 percent of organizations had a business continuity plan in place prior to the pandemic.
So right now, a lot of customers are focused on dealing with the issue that’s right in front of them – adapting cybersecurity to fit the new world of work. That means putting the right network security measures in place, ensuring secure, stable access to applications workers need, and making the necessary hiring and training decisions to prepare their teams for the long term.
Of course critical IT modernization projects must continue. We also know that public sector procurement cycles are necessarily slower than they are in the private sector, but that means there’s less pressure to be on the “cutting edge”. Instead, we need to work with the public sector to focus on proven, validated solutions that are suited to them and their needs, and that will have a predictable, long-term impact. Secure SD-WAN is a good example of this. Five years ago not many people were talking about it much, and now it’s one of the fastest growing technologies around, and is an ideal solution for the many security and productivity issues faced by the public sector.
3) What types of cybersecurity infrastructure do you see your customers looking for given the new normal we face today across Canada?
COVID-19 has certainly introduced a number of challenges, but it’s also accelerated and underscored trends we’ve been seeing for some time. In recent years it’s become harder for IT teams to get control and visibility into their data and applications. They used to sit in a well-defined secure zone. Now they move between different users, devices and networks, which greatly expands the potential attack surface. So the network perimeter is much harder to define. Factor in ever-tightening data and other regulatory requirements organizations must adhere to, and things get even more complicated.
Given this, we see customers stepping back and laying the groundwork for a cybersecurity architecture that is nimble and scalable enough to meet these demands. It’s a security platform approach, and it has the potential to give IT teams complete visibility across the digital attack surface. It brings the WAN, data centres, the multi-could and all endpoints and access points together as part of an integrated layer. Taking this approach can help to greatly strengthen security, allowing all these elements to automatically talk to each other, provide coordinated responses, generate the threat intelligence organizations need, and ultimately take some of the pressure of IT teams. By following a security platform strategy, sudden disruptions like COVID-19 can become far more manageable. It also sets up companies well for our new world of work.
4) The cyber skills gap continues to grow, what opportunities do you see for IT leaders in the public sector to reduce this gap going into 2021?
It’s a big issue. The gap isn’t going away anytime soon. With new skilled talent hard to find, it’s worth focusing on ways to reduce the workload on your existing IT teams and find ways to make cybersecurity part of the overall culture. The first is to get the basics down. We know that email is most often the biggest source of cyber risk in any organization and that’s usually because people through the best of intentions open a cleverly disguised email or text message, and unwittingly expose the network to malicious code. Workers are the first line of defence and they must be prepared to do their part and able to spot these threats, create proper passwords and work securely. We recently made some elements of our NSE Training Institute available to people free of charge, making it easy to provide workers with the training that they need to spot suspicious activity, and understand the critical role they play in the overall cybersecurity ecosystem.
Next, extend that commitment to training to cover your existing IT teams. People who gravitate to IT are usually by nature life-long learners. So there are almost certainly people on your teams who have an interest in cybersecurity, and would be willing to extend their knowledge through certifications like those offered by Fortinet.