The Post-Covid Cyber Security Challenge

Uploaded on 2021-07-12 in TECHNOLOGY--Resilience, FREE TO VIEW

The social changes, economics, and strategic implications brought on by COVID-19 have changed the work environment significantly. Remote work, once expected to be the future, is now our new reality. Most organisations have been through a lot of changes over the past eighteen months and there is now a heightened cyber security risk. 

Even as we move into a ‘new normal’, the landscape is anything but certain. Organisations need to keep up with this evolving threat landscape, as there are several cyber security trends that are emerging from this new post-pandemic era.

Ransomware has been a key adversary for quite some time and there is no sign of this changing. As a result, we expect to see new initiatives released and developed to counteract this threat. There are several initiatives in development because of collaboration between governments, industry associations, businesses and vendors.

The proposed extension to Know Your Customer (KYC) transparency rules in financial transactions is an excellent example of what can come about as an outcome of this collaboration. 

KYC currently does not include crypto currency transactions but attacks against crypto currency payments are a favourite of ransomware attackers because they are untraceable. Therefore, extending KYC rules to include crypto currency payments is a matter of importance as it will act as a strong deterrent. Collaboration in the development of these initiatives is vital, any organisation that is at risk of becoming the next victim of a ransomware attack will benefit from new initiatives, so it is important that they are supported where possible.

Cyber security needs to become front of mind for all employees, not just those who work in IT. This change needs to spread to the rest of the business so that all employees prioritise security and collaboration, whatever their level and role. 

The natural result of this is that teams will become more open and better at information sharing which will make it easier to spot when there has been a cyber security issue, as everyone will know what is and isn’t normal across the company. The next step of this repositioning of security within the organisation is to acknowledge the impact that working from home has had. At the height of the pandemic, almost all workforces became remote and now, even as companies are gradually starting to return to offices, there will still be a vast network of remote employees.

This rapid and huge shift to remote working at the onset of lockdown restrictions would not have been possible without VPN architectures, but the security governing VPNs is not as strong as it needs to be for the heavy reliance placed on these systems to connect employees to vital applications placed organisations.

Organisations have therefore turned to software-defined wide area networks SD-WANs. These systems now come with integrated security controls, delivering almost the same level of security to remote workers as the head office. These combine network and network security into a single cloud service that is both secure and able to provide the level of connectivity needed to run devices at the edge.

Due to the sudden switch to remote working and cloud service adoption, certain principles of cyber security best practice had to be temporarily overlooked for many organisations. Now that cyber security teams have overcome those earlier challenges in the peak of the crisis, there’s an opportunity to learn from the pandemic to improve cyber security posture long-term.
To succeed in the post-COVID-19 era, technology providers must rethink their strategies and offerings to accommodate a new security landscape.

Human error is an issue of concern. Prior to the pandemic, human error was already a major cause of ‘cyber insecurity’: employees would unknowingly or recklessly give access to the wrong people With home working, the problem is even greater. When they work from home, employees may be interrupted in the work they are doing by family members or social visitors. While the future remains uncertain, organisations are embracing the new normal, and now is the time for CISOs and IT managers to start thinking about how they will continue securing their teams while working remotely. 

In that future, cyber security will be ever more important and the companies that can react quickly to address the changing security demands of the market will ultimately be successful.

Organisations should consider conducting a strategic and tactical IT and cyber security risk assessment. They should identify an enforcement mechanisms, such as multi-factor authentication, single sign-on, and automatic logout from unattended devices. Organisations should also consider blending new cyber security investments with enhanced cyber insurance coverage to reduce their retained risk, optimise spending relative to protection, and conserve resources.

 The post-pandemic recovery and preparation period presents the opportunity for companies to rebuild to a new normal, with enterprise resilience as a pervasive goal.

Marsh:       Deloitte:    BluVentureInvestrors    Govtech:       BrightTalk:     Information-Age:   

You Might Also Read:

Managing Cyber Security As Office Work Resumes:

 

« India’s New National Cyber Security Strategy
Biden Warns Putin The US Will React To Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

EuroISPA

EuroISPA

EuroISPA is a pan European association of European Internet Services Providers Associations and the world’s largest association of ISPs.

Payload Security

Payload Security

Payload Security's VxStream Sandbox is a fully automated malware analysis system.

Norwegian Center for Information Security (NorSIS)

Norwegian Center for Information Security (NorSIS)

NorSIS) is an independent organization that works to increase knowledge and understanding of information security for businesses and individuals.

InnoSec

InnoSec

InnoSec is a software manufacturer of cyber risk management technology.

KBR

KBR

To help governments and other agencies to combat cyber threats, KBR is safeguarding their most valuable systems with sophisticated tools, hardware and training.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

Bright Pixel Capital

Bright Pixel Capital

Bright Pixel Capital is a venture capital company with a focus on Cybersecurity, Retail Technologies, Digital Infrastructure and Emerging Technologies.

Cyber Risk International

Cyber Risk International

Cyber Risk International offer CyberPrism, a B2B SaaS solution that empowers businesses to perform a self-assessment of their cyber security program.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

Cypago

Cypago

Cypago provides a powerful yet easy-to-use Compliance Orchestration Platform to automate the compliance process end-to-end.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.

Nexio

Nexio

We are Nexio. We help organisations take every NEXT step toward their accelerated digital transformation.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

NopalCyber

NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant.