The Post-Covid Cyber Security Challenge

Uploaded on 2021-07-12 in TECHNOLOGY--Resilience, FREE TO VIEW

The social changes, economics, and strategic implications brought on by COVID-19 have changed the work environment significantly. Remote work, once expected to be the future, is now our new reality. Most organisations have been through a lot of changes over the past eighteen months and there is now a heightened cyber security risk. 

Even as we move into a ‘new normal’, the landscape is anything but certain. Organisations need to keep up with this evolving threat landscape, as there are several cyber security trends that are emerging from this new post-pandemic era.

Ransomware has been a key adversary for quite some time and there is no sign of this changing. As a result, we expect to see new initiatives released and developed to counteract this threat. There are several initiatives in development because of collaboration between governments, industry associations, businesses and vendors.

The proposed extension to Know Your Customer (KYC) transparency rules in financial transactions is an excellent example of what can come about as an outcome of this collaboration. 

KYC currently does not include crypto currency transactions but attacks against crypto currency payments are a favourite of ransomware attackers because they are untraceable. Therefore, extending KYC rules to include crypto currency payments is a matter of importance as it will act as a strong deterrent. Collaboration in the development of these initiatives is vital, any organisation that is at risk of becoming the next victim of a ransomware attack will benefit from new initiatives, so it is important that they are supported where possible.

Cyber security needs to become front of mind for all employees, not just those who work in IT. This change needs to spread to the rest of the business so that all employees prioritise security and collaboration, whatever their level and role. 

The natural result of this is that teams will become more open and better at information sharing which will make it easier to spot when there has been a cyber security issue, as everyone will know what is and isn’t normal across the company. The next step of this repositioning of security within the organisation is to acknowledge the impact that working from home has had. At the height of the pandemic, almost all workforces became remote and now, even as companies are gradually starting to return to offices, there will still be a vast network of remote employees.

This rapid and huge shift to remote working at the onset of lockdown restrictions would not have been possible without VPN architectures, but the security governing VPNs is not as strong as it needs to be for the heavy reliance placed on these systems to connect employees to vital applications placed organisations.

Organisations have therefore turned to software-defined wide area networks SD-WANs. These systems now come with integrated security controls, delivering almost the same level of security to remote workers as the head office. These combine network and network security into a single cloud service that is both secure and able to provide the level of connectivity needed to run devices at the edge.

Due to the sudden switch to remote working and cloud service adoption, certain principles of cyber security best practice had to be temporarily overlooked for many organisations. Now that cyber security teams have overcome those earlier challenges in the peak of the crisis, there’s an opportunity to learn from the pandemic to improve cyber security posture long-term.
To succeed in the post-COVID-19 era, technology providers must rethink their strategies and offerings to accommodate a new security landscape.

Human error is an issue of concern. Prior to the pandemic, human error was already a major cause of ‘cyber insecurity’: employees would unknowingly or recklessly give access to the wrong people With home working, the problem is even greater. When they work from home, employees may be interrupted in the work they are doing by family members or social visitors. While the future remains uncertain, organisations are embracing the new normal, and now is the time for CISOs and IT managers to start thinking about how they will continue securing their teams while working remotely. 

In that future, cyber security will be ever more important and the companies that can react quickly to address the changing security demands of the market will ultimately be successful.

Organisations should consider conducting a strategic and tactical IT and cyber security risk assessment. They should identify an enforcement mechanisms, such as multi-factor authentication, single sign-on, and automatic logout from unattended devices. Organisations should also consider blending new cyber security investments with enhanced cyber insurance coverage to reduce their retained risk, optimise spending relative to protection, and conserve resources.

 The post-pandemic recovery and preparation period presents the opportunity for companies to rebuild to a new normal, with enterprise resilience as a pervasive goal.

Marsh:       Deloitte:    BluVentureInvestrors    Govtech:       BrightTalk:     Information-Age:   

You Might Also Read:

Managing Cyber Security As Office Work Resumes:

 

« India’s New National Cyber Security Strategy
Biden Warns Putin The US Will React To Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

InfoSecurity Magazine

InfoSecurity Magazine

Infosecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

NextLabs

NextLabs

NextLabs provides data-centric security software to protect business-critical data and applications.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

Wallix

Wallix

Wallix is a software company offering privileged access management solutions for enterprises, public organizations and cloud service providers

Omada

Omada

Omada is a leading provider of IT security solutions and services for identity management and access governance.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

Beosin

Beosin

Beosin is a blockchain security company providing cybersecurity services including security audits, on-chain asset investigation, threat intelligence and wallet security.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

World Cyber Security Summit

World Cyber Security Summit

World Cyber Security Summit, by Trescon, is a thought-leadership driven platform for CISOs who are looking to explore new-age threats and the technologies/strategies that can help mitigate them.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

Palindrome Technologies

Palindrome Technologies

Palindrome Technologies help clients defend against cyberattacks across all attack surfaces, including hardware, software, network-to-cloud, people, and emerging technologies.

BeckTek

BeckTek

BeckTek specialize in IT Cyber Security & Support, helping clients run their businesses faster, easier and more profitably.