In the months following a March 2020 declaration the coronavirus outbreak officially constituted a pandemic, the crisis has produced drastic changes to nearly all facets of everyday life – wreaking havoc on public health systems, creating economic hardship, and reducing opportunities for social interaction. In addition to the more glaring implications for global health, equity, economic growth, and politics, the pandemic has also had significant consequences for cybersecurity. The unexpected turn to remote work, as well as a global sense of anxiety and uncertainty, introduced new dynamics ripe for exploitation by malicious actors looking to disrupt, defraud, and manipulate.
Trend #1, Securing the Cloud
The events that followed the onset of the COVID-19 pandemic have proven the importance of comprehensive cybersecurity measures. As rising infection rates forced workers to embrace remote work, many organizations shifted from on-premise networks to cloud-based applications, where a successful transition relied upon trustworthy, secure infrastructure. Yet, organizations had to contend with new risks brought on by the ad hoc adjustment, such as employees’ use of personal devices and home networks. Indeed, failing to properly evaluate one’s cybersecurity vulnerabilities and employ the best tools to mitigate these risks could put an organization at risk of being compromised. In fact, speakers at the 2021 RSA conference argued the increasingly central role of cloud applications in the contemporary era has rendered security a “business differentiator,” where failing to demonstrate an ardent commitment to certain standards could undermine success. They noted video conferencing app ‘Zoom’ has enjoyed massive success in recent months precisely because it is both accessible and secure. Similarly, cybersecurity vendors operating in a post-COVID environment must ensure their products are flexible, frictionless, but most of all, effective.
Trend #2, The Human Side of Cyberdefense
What is often forgotten is cybersecurity’s distinctly human aspects. Employees, for example, can, and should, play a significant role in improving security. Security tools can still serve as a “safety net” that provides additional protection, but it’s the people who should be coached and trained on staying vigilant and making decisions with security in mind. Organizations can reduce risk by implementing security tools that consider a person’s behavior. For example, when employees are engaging in complex tasks on cloud networks, dichotomous defense structures that classify behavior as “block” or “allow” can stifle productivity and introduce unwanted friction into the workplace. Instead, organizations can adopt more nuanced understandings of acceptable and anomalous behavior, thereby reducing barriers to work and limiting false positive alerts. In fact, accidentally blocking user behavior that should be permitted may create additional risks by incentivizing employees, who simply just want to get the job done, to pursue less secure methods. Those organizations that want to be ahead of potential losses should therefore adopt a ‘zero trust’ policy that recognizes people will make security errors, often unintentionally. Still, assuming breaches can-and-will occur can allow organizations to prepare accordingly.
Trend #3, Contemporary Disinformation
Disinformation, while primarily thought of as an issue existing at the national or international level, is increasingly affecting specific industries, businesses, and even individuals. Some predict the threat posed by disinformation will worsen in the coming years, as information echo chambers deepen, ‘deepfake’ technology proliferates, and criminals turn to Disinformation-as-a-Service attacks. Further, the increased public awareness of the threats posed by disinformation has done little to actually address the problem. There are few barriers limiting the dissemination of disinformation, as it does not require sophisticated technical skills or extensive financial resources. It is therefore relatively easy for malicious actors and disruptors to spread falsehoods that erode trust, exacerbate polarizations, and sow chaos. More concerning, disinformation has proved difficult to eliminate, as falsehoods that resonate with existing biases spread rapidly and widely. Organizations must therefore ensure employees are aware of the threat posed by disinformation, and have appropriate tools for spotting deliberately-curated inaccuracies.
Trend #4, The Rise of Insider Threats
While organizations may commonly assume the most pertinent security risks emanate from external actors, individuals who have access to internal networks and data can also pose an equally serious risk. These so-called ‘insider threats’ can be intentional, where employees deliberately leak or delete data for personal gain, retribution, or because they have been compromised. Still, many insider threats are accidental, stemming from genuine errors, phishing scams, ransomware, or poor judgement. Again, the challenges associated with addressing insider threats have been exacerbated by the COVID-19 pandemic. As more employees work from home and some businesses contemplate a permanent transition to ‘hybrid’ workforces, the association between the firm and employees may slowly erode, increasing the risk posed by insider threats. In order to address these threats, distributed, hybrid workforces require sufficient network visibility so that employee data-handling can be appropriately monitored. In monitoring traffic and employee activity, organizations can protect against both those intentional, malicious insider actors looking to exploit access to data, and those that may make genuine mistakes or fall victim to nefarious actors.
Trend #5, Protecting Data
Despite the recent rise in phishing, ransomware, and malware attacks seen throughout the pandemic, many organizations continue to disregard data protection. As abrupt transformations to remote work pushed many organizations into the cloud, and employees began to use personal devices for handling sensitive data, the attack surface for exfiltration has greatly expanded. Global business may not yet know the full scope of data breaches stemming from the shift to remote that took place in early 2020 and continues to this day. Organizations must, therefore, adopt new and comprehensive security postures for both cloud and on-premise software. They should aim to bolster their resiliency by running simulated attack scenarios, conducting stress tests, and assessing the robustness of security measures. It is important organizations have sufficient visibility that allows for monitoring and identification of anomalous or suspicious behavior as it occurs. Instead of dealing with the consequences of a breach after it has occurred, a more modern approach to get “left of loss” helps initial intrusions and losses entirely.
Many of the threats that will continue to influence cybersecurity in the coming years, including disinformation, data breaches, and internal threats, existed prior to the onset of the ongoing COVID-19 pandemic. However, the crisis has highlighted some of the vulnerabilities plaguing organizations that rely on digital networks, and has produced lasting changes to the way business leaders and developers should think about cybersecurity. It is now clear that organizations can no longer afford to ignore cybersecurity, but must prioritize preparation so they can effectively adapt to unseen circumstances that disrupt normal operations. Preparation for the unexpected, coupled with adaptation in moments of crises, are key to security, success, and resilience.