When a network breach or another cybersecurity incident occurs, enterprises typically rely on their on-site security operations centers (SOCs) to isolate and stop the threat. But what happens when the SOC analysts are working remotely because of, say, the global coronavirus pandemic?

This scenario hasn’t been top of mind for security professionals, but it’s quickly moving up the ranks, said Zulfikar Ramzan, CTO at RSA.

“When you talk about people suddenly shifting to a remote workforce, you can’t have a physical SOC or war room anymore,” he said. “And the question becomes: can I carry out my incident response plan and activities where everybody’s remote? Can I figure out and investigate an incident correctly if everybody’s remote and maybe nobody is on the corporate network? I better find ways of getting visibility into all my critical assets beyond just want happens in the purview of a centralized location.”

RSA strongly recommends all organizations do tabletop exercises to simulate a security breach where the SOC and 100% of the responders are remote.

One of the security lessons learned from the coronavirus pandemic — and the newly remote workforce that has resulted from it — is the importance of visibility across all of an organization’s assets, Ramzan said. “So maybe a bigger shift toward thinking about visibility directly at the endpoint versus just the network.”

This isn’t a new debate. Endpoint security usually involves installing an agent on the endpoint, and it is typically more difficult to deploy and manage. So the pendulum has swung toward network security. However, as companies moved toward remote and mobile workers — even before COVID-19 — and allowed bring your own device (BYOD), Ramzan said he saw attitudes about endpoint security start to shift.

“Risk has changed, and if people are now going to be off-network frequently, those same things that worked well five or 10 years ago are no longer enough to mitigate risk today,” Ramzan said, adding that 10 years ago saying “endpoint” or “agent” to a customer was a guaranteed way to end the meeting. “In the last five to seven years, I’ve seen a resurgence in the interest in the endpoint, primarily driven by the fact that today’s threats are sophisticated enough to bypass traditional defenses like anti-virus and that sort of thing. So it becomes more critical to get that endpoint visibility to actually know what’s happening at the scene of the crime.”

COVID-19 has shined a spotlight on how security threats have changes, “and now it’s more critical to have endpoint capabilities than it was in the past,” he said.

This includes identity and authentication controls, which become more important with a remote workforce as workers use an increasing number of devices to access company systems from home. “If you look at every single breach that’s ever happened, every single intrusion, at some point there was some abuse or misuse or co-opting of an identity,” Ramzan said. “So getting identity right first and foremost is paramount in these types of situations.”

And while supply chain isn’t a new risk, either, the coronavirus magnifies the need to ensure that third parties’ resiliency goals and security environment closely match those of the organization. Both ransomware and pandemics can wipe out supply chains.

“What if one of my suppliers get impacted by ransomware. All of a sudden they may not be able to supply something to me when I need it, and that could hurt the rest of my business,” he said. “When you look at something like COVID-19, it has impacted supply chains across the world.”

Specifically to RSA and its security business, this includes hardware suppliers that make hardware tokens such as key fobs. These are assigned to a computer user and create an authentication code at fixed intervals to help ensure customers’ devices.

“We were very fortunate in some of the planning we did ahead of time as we saw the possibility of COVID-19 arise, but we’ve had to be on the phone with suppliers and come up with new workarounds to make sure that we can continue to operate successfully,” Ramzan said. “I think COVID-19 has taught us more than anything else in this world that we are so interconnected. Every organization today is part of a much more comprehensive and rich ecosystem. And when you have these hyper-connected systems of organizations, a small failure in one part of that system can have a dramatic ripple effect in other parts of the system.”