As businesses adapt to a COVID-19 world, cybersecurity is also having to adjust. It is resulting in shifting strategies, particularly as executives need to ensure the security of their, now remote and distributed employees.
One cybersecurity company stated it has seen a “500 percent increase in attacks directly related to work from home individuals” resulting from the COVID-19 situation. For example, one issue here is that many more people are using their own home devices when working from home, which they then share with other family members – thus increasing, for example, the risk of someone clicking on a malicious link.
Leading security organizations have seen “phishing attacks, malspams and ransomware attacks as attackers are using COVID-19 as bait to impersonate brands thereby misleading employees”. And no organization is immune from the threat – attackers have also targeted healthcare providers and research institutions looking into the pandemic.
This new threat environment has not gone unnoticed by organizations. In a recent survey published by the World Economic Forum, cyberattacks and data fraud ranked as the third most significant risk to businesses, just behind the prolonged recession of the global economy.
The biggest challenge for chief security officers has been adjusting to the rapid speed at which businesses shifted to a work from home model. As businesses moved in a matter of hours to employees working from home, they have had to address security after the fact. And it was only after it occurred that they had the chance to review and implement security tools and policies. It’s a case of playing catch-up and balancing competing priorities between business continuity and preventing threats.
As a first step, many organizations looked to quickly implement end user security controls, such as VPNs and multi-factor authentication, as well as their associate policies (such as controlling the number of VPN connections to further improve security). However, beyond these immediate actions which organizations urgently need to take, adapting to this new world will be an ongoing challenge, requiring strong cybersecurity leadership.
Meanwhile, as there is an increasing shift to digital products and services, amidst social distancing measures, the focus on building secure software using methodologies such as DevSecOps will become ever more important. Software development teams are realizing they need to bring in security practices as early as possible in the development lifecycle. In reality, this means from the very start, even when considering the design of your application or evaluating the underlying architecture, make sure security considerations are top of mind. Bring in threat modeling and risk assessments as soon as possible.
You can read more about how organizations are navigating this new world, in our report “Navigating the new world ushered in overnight by COVID-19”.
July 08 / 2020
April 23 / 2020
As we gradually get used to our new COVID-19 reality, daily life from just a few weeks ago now feels like a lifetime away. For businesses this has created,...Read post