Security powered by emerging technologies such as Artificial Intelligence (AI ) , machine learning (ML), hyper-converged infrastructure, edge computing, and serverless computing are among the top priorities for CIOs in top IT companies.
Cybersecurity has been a major concern for companies around the world since the beginning of 2020. Most CIOs of top companies and organizations have made cyber security their top priority for 2020.
According to a survey conducted by Hitachi ID in collaboration with Pulse, 89% of CIOs believe that long-term IT priorities have changed since the beginning of 2020. Cybersecurity is now the company’s top priority.
Op IT CIOs have prioritized identity and access management over safety and security awareness training for their employees. Self-education initiatives should help IT companies strengthen their security architecture.
Karl Mosgofian, CIO of Gainsight said, “The trend toward AI/ML insecurity has been accelerated by the current situation. In addition, some “old school” technologies like VDI and VPN are getting a lot more attention as circumstances have made office network security less relevant. However, the key to effective AI is structured learning. Just turning an algorithm loose against a dataset may not yield much, but with the combination of AI, human intelligence, and understanding, it’s amazing what we can achieve.”
These are InfoSec guidelines that can be followed by an organization.
Network Access Control (NAC):
Password Change:
Desktops:
Laptops:
Data Hygiene:
Exceptions:
Physical Security:
NAC solution to prevent unpatched machines from being connected to the network. Access to business applications is allowed once devices are compliant, fully patched and updated.
As password is the first line of security, users must reset/change the password before they login into their system. As many organizations would have relaxed the password policy, this needs to be reset to the previous level.
: Before users go back to the office, the IT department needs to ensure the systems are kept up to date with antivirus signatures, patches, and software versions. They should also ensure full AV scan and make sure that health checks of Data Leakage Prevention tools and other technologies have been performed.
Similar measures need to be enforced for desktops as well. A walk-in center\clinic can be set up for users to submit their laptops to get their systems updated.
For users using their personal devices while working from home, it would be good to have them clean their organization data from personal machines.
Risk team must review all the risk exceptions for employees and revoke them once employees start reporting to office.
No employees or support staff should be allowed within the office premises without an authorized ID card.