The COVID-19 crisis accelerated the need for digital transformation for many companies, as communication and collaboration became even more important for employees working from home. As enterprises rapidly pivoted to increase their digital footprint and ramp up a remote workforce, they faced increasing security challenges for protecting enterprise networks, devices and data. Unmanaged devices, shadow IT and rapidly deployed remote access networks introduced larger attack surfaces for cyber criminals, making securing the enterprise even more difficult for CSOs and their teams.
Increasingly sophisticated cybercriminals are routinely exploiting cybersecurity weaknesses, taking advantage of vulnerabilities by deploying ransomware, malware and other attacks. Cloud security company Zscaler reported that from January to late April of this year they saw an increase of 30,000% in phishing, malicious websites, and malware targeting remote users—all related to COVID-19.
As enterprises work to maintain business continuity and security to weather the crisis, they are applying the lessons learned to strengthen their cyber resiliency, embedding data security, privacy and compliance into their IT infrastructure. As part of this cyber resiliency imperative, post-COVID-19 will see more and more enterprises securing remote working, prioritizing employee cybersecurity education, moving to zero trust and joining together to collaborate on cybersecurity issues.
Securing remote working
Many enterprises struggled to scale security in response to the rapid coronavirus-driven shift to remote working. A respondent to an (ISC)2 survey captured the implications of this noting that COVID-19 hit organizations “with all the necessary ingredients to fuel cybercrime: 100% work from home before most organizations were really ready…[and] remote workforce technology supported by vendors driven by ‘new feature time to market’ and NOT security…”
And it looks like remote working, which was trending up before the pandemic, is here to stay. A Gartner survey of CFOs found that 25% of respondents will move at least 20% of their previously on-site workforce to permanently remote positions post-COVID-19.
With the increase in remote working comes an increase in exposure to cyberthreats. A survey conducted by Barracuda Networks found that almost “almost half (46%) of global businesses have encountered at least one cybersecurity scare since shifting to a remote working model during the COVID-19 lockdown.”
Enterprises know they have to do better. Post-COVID-19 organizations will reexamine their technology stacks to integrate solutions that more securely support a remote workforce.
This includes scrutiny of digital collaboration tools that have become a mainstay of remote working. Widespread employee usage of unsecure messaging and conferencing apps left many organizations open to significant security and compliance risks. A Messaging At Work Report found that usage of non-regulated consumer messaging apps is common in the workplace with 50% of respondents indicating they use these apps for mobile work communications. The report also found that employees are using these consumer-grade messaging apps to share a range of potentially sensitive business information with 29% of respondents indicating they share documents and 25% saying they share contacts including personal details like phone numbers.
Post-COVID-19 enterprises will step up governance to ensure employees have access to enterprise-grade collaboration tools that enhance employee communication, collaboration and productivity without sacrificing security.
Prioritizing employee cybersecurity education
The increase in remote working triggered by COVID-19 highlighted an urgent need for employee education on security practices. The global survey by Barracuda Networks found that 51% of business decision maker respondents said their workforce is not proficient or properly trained in the cyber risks associated with remote working.
Post-COVID-19, organizations will step up efforts to educate employees on best practices for security hygiene. Enterprises will need to develop ongoing training programs to ensure employees are educated on how to identify phishing attempts, the danger of clicking on unknown links, how to use a virtual private network (VPN) and the importance of using only corporate sanctioned, end-to-end encrypted collaboration tools for messaging and video conferencing.
Moving to zero trust
Post-COVID-19 should see wider adoption of zero trust principles. A 2020 Zero Trust Progress Report by Pulse Secure which surveyed more than 400 cybersecurity decision-makers, found that 72% of organizations plan to assess or implement Zero Trust capabilities in some capacity in 2020 to mitigate growing cyber risk.
The continuous verification and authorization approach of zero trust helps minimize risk. This approach provides more secure access, enhancing data protection, usability and governance. As part of zero trust, enterprises will increasingly implement security protocols such as multifactor authentication to reduce the risk of attacks.
Joining together to collaborate
As the COVID-19 crisis continues to unfold, public and private sector organizations are collaborating to address key security issues and challenges. Post-COVID-19 this ecosystem-wide collaboration will continue to help blunt attacks. The World Economic Forum in its report on Shaping the Future of Cybersecurity and Digital Trust noted “public- and private-sector leaders need to promote collaboration and actively participate in initiatives to ensure that actions are taken to secure the broader ecosystem against current and emerging cyber threats.” The report calls out necessary actions that will help leaders instill a culture of collaboration within the enterprise and across the ecosystem, including increasing collective situational awareness, taking a systemic approach to cyber-risk management and driving collective action through “active participation in industry action groups which should strive to coordinate actions against cyber-criminal groups and nation-state actors.”
The increased security issues and challenges driven by the coronavirus crisis have made cyber resiliency a key business imperative. In a post-pandemic reality, initiatives such as securing remote working, prioritizing employee cybersecurity education, moving to zero trust and increasing industry collaboration on cybersecurity issues will be the way forward to help enterprises achieve cyber resiliency.
Georges De Moura, Head of Industry Solutions, Centre for Cybersecurity, World Economic Forum said: “In the urgent management of near-term challenges, responsible business leaders must incorporate cyber resilience in the business operating model and invest in capabilities to anticipate, withstand, recover from and adapt to adverse conditions and cyberattacks, to position the business for its success beyond the pandemic conditions.”