Many organizations woke up to the importance of cybersecurity when the COVID-19 pandemic struck and shone a harsh light on the state of cybersecurity. The new constellation of home offices on personal networks and devices created more targets for cybercriminals globally.
There were new security threats, and organizations were not fully prepared to tackle these. The number of cybersecurity risks facing organizations rose in the far more digitally connected and vulnerable landscape. Thus, shot up the demand for cybersecurity solutions.
We believe that there is no going back to the old ways in the post-pandemic world. Will the importance of cybersecurity change further in the new normal? Let us delve deep into this question:
The Evolving Work Environment in the Post-COVID-19 World
In the pre-COVID-19 era, a vast majority of employees worked from the physical office premises. It was easier to secure the LAN and devices used in the physical offices. Using sophisticated technology and cybersecurity solutions, IT security teams avert major security crises and keep tight control on activities.
The pandemic struck. Organizations of all kinds shifted into a fully remote working model for business continuity in the face of a country-wide lockdown. The workforce is communicating, connecting to business networks, and accessing resources remotely over vulnerable and even, shared network connections and devices.
There has been an increase in the adoption of cloud-based infrastructure and applications, and online collaborative tools.
Moving forward, we believe that some of the features of the pandemic-time work will follow into the new ‘normal’ in the post-pandemic world. For instance, greater use of cloud-based infrastructure, institutionalized remote working, e-learning/ m-learning, etc.
The Security Challenges in the Post-COVID-19 World
- Even though several organizations do offer secure VPN (Virtual Private Network) to remote workers, the first point of interface for their device (laptop/ desktop, etc.) is the home network – broadband network/ shared wireless network/ mobile hotspot. These home networks and home wireless routers have rudimentary security configurations and traffic encryption.
- Often, these networks have weak passwords/ unchanged default passwords and hence, little protection against unauthorized access.
- Home networks also have multiple other devices that are used for a variety of purposes. Some of these may not be updated and as a result, vulnerable to attacks by hackers.
- All the users of the home network may not be aware of cybersecurity best practices and may engage in insecure and dangerous practices. For instance, clicking on a fraudulent link that downloads malware and compromises the company’s network.
- It is difficult for IT security teams to fully control and monitor remote activities.
- There has been a visible shift in attack vectors from enterprise to home networks. Cybercriminals have been leveraging a wide range of social engineering attacks to gain access to business resources. The number of phishing emails, ad frauds, impersonations, etc. has increased and will continue to increase. Overall, new cybersecurity risks have emerged during the pandemic and will have to be accounted for in the post-pandemic era.
- Given that many organizations were unprepared/ underprepared for such massive disruption, the cybersecurity solutions were quickly pieced together in the response phase of the pandemic. There was no time for a thorough evaluation of the changing infrastructure or complete documentation.
The Way Forward: Cybersecurity Best Practices
- There is a need to focus on resilience and proactiveness in cybersecurity.
- We need to understand, assess, and mitigate the cybersecurity risks that appeared throughout the pandemic with tools like Indusface’s Vulnerability Assessment tools.
- Haphazard cybersecurity solutions must make way for more formalized, long-term, resilient, and scalable cybersecurity strategies and solutions in the post-COVID-19 era.
- Real-time risk analysis, always-on surveillance, and full visibility into the full range of devices used are going to be a must. Remote access and BYOD policies must be redesigned with the new knowledge on threats and risks gained.
- Organizations will have to adopt a ‘zero-trust network’ model where not all devices are trusted. All devices and users must undergo strict authorization processes to ensure that all remotely accessed data, systems, and resources are secure always. This will cause inconveniences to users but protect the organization’s digital infrastructure.
- Big data, AI-ML, automation, and other futuristic technologies must be applied to further strengthen cybersecurity and infuse agility into the process.
The importance of cybersecurity will continue to grow. COVID-19 is not the only disruption that we are going to face. Living in a VUCA world, we must be prepared for all disruptions in the future and their security implications. The importance of cybersecurity in the post-COVID-19 world is undeniable and highlights the need for cyber-resilience.