Reshaping Cybersecurity in the COVID-19 Pandemic
The world has completed a year of battling the COVID-19 virus. After the initial panic followed by lockdown to ensure safety, people have now adapted to the new remote working model. Having to resort to remote work, organizations are now better adapted to this style of working. Although, it has come with its set of challenges, cybersecurity being a major one.
Cyber risks have increased due to large attack surfaces created by the “work anywhere” operating models. Organizations have had to ramp up their security efforts on a device level, revamp their strategies, and revise employee training.
Cybersecurity and Remote Work
Employees around the world are now returning to the office, as countries are lifting lockdowns and stay-at-home orders. But, several organizations are continuing a semi-remote, virtual workplace. Silicon Valley tech giants like Facebook, Amazon, Shopify are allowing their employees to work from home permanently through 2021.
With this pandemic teaching organizations a new semi-remote working model, we need to take note of the cybersecurity risk implications. Several factors should be considered while defining a new cybersecurity risk program.
1. Increasing Security Breaches: Since the COVID-19 outbreak, security breaches have increased as hackers have taken advantage of weakly protected corporate systems and the human distraction caused by the pandemic. The FBI has reported 3,000 to 4,000 complaints daily, an increase from 1,000 before the pandemic. Key industries like healthcare, finance and banking, manufacturing, and public sector organizations have been targeted. Phishing emails designed to lure unsuspicious employees into executing malware have flooded the email inboxes.
2. Expanded Attack Surfaces: The shift to remote work has led organizations to use new infrastructure and processes. Also, it is harder to verify the numerous business partners and third parties for their IT practices, causing an increase in cyber risks. It has led to cybercriminals targeting organizations and individuals with malware.
3. Staff Shortages: Organizations are facing staff shortages as employees (including cybersecurity professionals) call in sick or take time off for personal commitments. It further harms the ability of an organization to ward off the cyber threat. Also, self-reported data from the US shows a decline in productivity across industries. Around 11% of office workers and 17% of industrial workers have reported lower productivity.
4. Stressed Environment And Distracted Workforce: In the COVID-19 pandemic, employees are troubled by personal and financial stress at home. Such an environment makes the homebound employees susceptible to cyberattacks designed to trick them into revealing sensitive information. Also, security teams are operating in a multi stress environment, with each situation demanding sole attention from the cybersecurity and management teams.
Adapting Cybersecurity Risk Profile
The “remote” work operating model has increased the number of entry points for hackers. Sensitive customer information recorded during service calls is now highly vulnerable. Also, inadequately tested technologies deployed rapidly during the pandemic like chatbots could introduce threats. In such a scenario, organizations should focus on assessing and monitoring their cybersecurity risk profiles. Cybersecurity professionals should virtually mobilize their security team to fend off cyber threats.
Reviewing Cyber Strategy
It has become necessary to evaluate an organization’s cyber resilience in the COVID-19 pandemic. Security professionals and management teams should work together to assess measures that can be implemented immediately in case of a cyberattack. Risk guidelines, access controls, and security should be updated to meet the new remote working model. New technologies and tools to boost the existing security infrastructure is the need of the hour. Investment in automation to improve security processes and introduce discipline in the monitoring of a large amount of data is crucial.
Cyber Training and Exercise
Cyber awareness programs for employees to prevent, defend, and recover from cyberattacks is essential. Training programs should be designed to cover new threats on a device level. The employees should be taken through new cyberattack scenarios and given necessary guidelines for required actions and escalation. Such training and exercises will assist organizations in identifying loopholes in existing processes and subsequent revision to defend against cyberattacks.
The Way Forward
The current crisis has led individuals and organizations to learn new lessons while adapting to the remote working style. An operating shift with new and improved security strategies is critical. Hence, revamped cybersecurity risk profiles and security strategies are crucial to address the increasing cyberattacks in a multi-stress environment.
