The Post-Covid Cyber Security Challenge
The social changes, economics, and strategic implications brought on by COVID-19 have changed the work environment significantly. Remote work, once expected to be the future, is now our new reality. Most organisations have been through a lot of changes over the past eighteen months and there is now a heightened cyber security risk.
Even as we move into a ‘new normal’, the landscape is anything but certain. Organisations need to keep up with this evolving threat landscape, as there are several cyber security trends that are emerging from this new post-pandemic era.
Ransomware has been a key adversary for quite some time and there is no sign of this changing. As a result, we expect to see new initiatives released and developed to counteract this threat. There are several initiatives in development because of collaboration between governments, industry associations, businesses and vendors.
The proposed extension to Know Your Customer (KYC) transparency rules in financial transactions is an excellent example of what can come about as an outcome of this collaboration.
KYC currently does not include crypto currency transactions but attacks against crypto currency payments are a favourite of ransomware attackers because they are untraceable. Therefore, extending KYC rules to include crypto currency payments is a matter of importance as it will act as a strong deterrent. Collaboration in the development of these initiatives is vital, any organisation that is at risk of becoming the next victim of a ransomware attack will benefit from new initiatives, so it is important that they are supported where possible.
Cyber security needs to become front of mind for all employees, not just those who work in IT. This change needs to spread to the rest of the business so that all employees prioritise security and collaboration, whatever their level and role.
The natural result of this is that teams will become more open and better at information sharing which will make it easier to spot when there has been a cyber security issue, as everyone will know what is and isn’t normal across the company. The next step of this repositioning of security within the organisation is to acknowledge the impact that working from home has had. At the height of the pandemic, almost all workforces became remote and now, even as companies are gradually starting to return to offices, there will still be a vast network of remote employees.
This rapid and huge shift to remote working at the onset of lockdown restrictions would not have been possible without VPN architectures, but the security governing VPNs is not as strong as it needs to be for the heavy reliance placed on these systems to connect employees to vital applications placed organisations.
Organisations have therefore turned to software-defined wide area networks SD-WANs. These systems now come with integrated security controls, delivering almost the same level of security to remote workers as the head office. These combine network and network security into a single cloud service that is both secure and able to provide the level of connectivity needed to run devices at the edge.
Due to the sudden switch to remote working and cloud service adoption, certain principles of cyber security best practice had to be temporarily overlooked for many organisations. Now that cyber security teams have overcome those earlier challenges in the peak of the crisis, there’s an opportunity to learn from the pandemic to improve cyber security posture long-term.
To succeed in the post-COVID-19 era, technology providers must rethink their strategies and offerings to accommodate a new security landscape.
Human error is an issue of concern. Prior to the pandemic, human error was already a major cause of ‘cyber insecurity’: employees would unknowingly or recklessly give access to the wrong people With home working, the problem is even greater. When they work from home, employees may be interrupted in the work they are doing by family members or social visitors. While the future remains uncertain, organisations are embracing the new normal, and now is the time for CISOs and IT managers to start thinking about how they will continue securing their teams while working remotely.
In that future, cyber security will be ever more important and the companies that can react quickly to address the changing security demands of the market will ultimately be successful.
Organisations should consider conducting a strategic and tactical IT and cyber security risk assessment. They should identify an enforcement mechanisms, such as multi-factor authentication, single sign-on, and automatic logout from unattended devices. Organisations should also consider blending new cyber security investments with enhanced cyber insurance coverage to reduce their retained risk, optimise spending relative to protection, and conserve resources.
The post-pandemic recovery and preparation period presents the opportunity for companies to rebuild to a new normal, with enterprise resilience as a pervasive goal.
Marsh: Deloitte: BluVentureInvestrors: Govtech: BrightTalk: Information-Age:
You Might Also Read:
Managing Cyber Security As Office Work Resumes: