The COVID-19 pandemic has been in the spotlight of the press and media around the globe. Businesses and employees are being forced to adopt norms such as social distancing, hand washing and working from home. Nations are on the hunt for innovative ways to stimulate their respective economies and stabilize what is proving to be an increasingly volatile situation. This impact on the health and safety of individuals as well as the economy of nations is providing a wellspring of opportunities for cyber criminals to break into high security systems and gain access to higly classified corporate data.
This article explores how the COVID-19 is forcing businesses around the world to rethink their cybersecurity strategies.
COVID-19 Related Security Issues
Many devices are falling prey to phishing, malspams and ransomware as cyber criminals take advantage of the widespread fear and panic among staff and clients owing to the spread of the COVID-19 virus. This trend is expected to become increasingly prevalent as more individuals install COVID-19 based applications on their devices, many of which are an entry point for ransomware.
The Problem with Working and Learning from Home
Organizations and educational institutions are heavily dependent on virtual private network (VPN) servers as most of their respective staff and students are logging in remotely to perform their tasks. IT teams must proactively address concerns around protection and availability as these working conditions will persist for some time in the near future. Lack of preparation can expose inaccurate security settings in VPNs. These configuration issues can compromise confidential information and make devices vulnerable to DDoS attacks. There is also an inherent risk when individuals use personal devices to carry out office related tasks. Needless to say, IT teams are under tremendous pressure to provision dependable and secure VPN services as they determine the extent to which businesses can continue operating during this crisis.
Working from home might not be feasible if there are frequent power and internet outages which might not be uncommon during the upcoming hurricane season.
Those who are working remotely might also be using shared internet connections and technologies which could expose sensitive corporate data to people outside the enterprise as well as increase the chances of theft or damage.
Slow Detection & Response
Security teams have to work with numerous constraints and have limited control over the environment due to COVID-19. This makes it all the more difficult to identify security compromises and quickly respond to them before the issue spirals out of control. System patch updates also turn into a tedious chore as IT personnel are working with limited capacity and resources.
Enterprises must assess current security measures as well as the feasibility of co-sourcing with third party vendors especially in the case of projects or processes that are overly dependent on single individuals.
Increase in Cyber crimes
Businesses around the world are cutting down on manpower to adapt to the new normal induced by the pandemic. Revenue streams, especially those that depend on the movement of goods and services across nations have been severely impacted. Such a scenario might increase the likelihood of resentful individuals with internet access and the technical know how perpetrating cyber crimes and exploiting the situation.
Enterprises must outline a strategy for relieving employees in a manner that takes into consideration both the company’s business interests as well as those of the individual. Employees must also be encouraged to take advantage of this period to upgrade themselves, learn a new skill or gain expertise in a specialized domain.
Incorporating a Pandemic Component in BCP Solutions
Most businesses have invested in a BCP solution that doesn't include a global pandemic component. As COVID-19 continues to alter the way businesses around the world operate, the need of the hour is for enterprises to bring their business continuity and incident response plans up to date to include workarounds and alternate strategies in the event of supply chain disruptions, especially if the raw materials are being sourced from outside the country.
Risk assessment frameworks must be updated to ensure that mission critical tasks stay operational, at least at a minimum level, failing which a feasible workaround solution is always available and can be activated.
Post COVID-19 Cyber Protection
Economies around the world have suffered drastic operational slowdowns and the threat of a financial meltdown looms large over the future prospects of businesses and markets in general. Enterprises will find themselves obliged to do away with non-essential business activities. Some might even cut back on cyber security measures temporarily. While this might have its short term benefits, it could severely impact business prospects in the long run.
IT teams must adapt existing Business Continuity Plan solutions based on how the pandemic evolves including their policies on remote connectivity and cybersecurity must be given the utmost priority while restructuring business operations.
COVID-19 has been an exercise on a global scale in adapting work styles, addressing unique cyber security issues, outlining specific policies, implementing personal hygiene and a whole lot more. Responding to this pandemic is going to require a collective effort that is effective both at the macro and micro level. But no matter how businesses decide to tackle this situation, the role and importance of cyber security cannot be undermined.