by Moti Sagey*
As a result, a recent survey indicates that 95% of security professionals are facing added IT security challenges due to the coronavirus. The three leading challenges were the provision of secure remote access for employees – one mentioned by 56% of respondents. Other top challenges included the need for remote access scalable solutions (55%) and remote employees finding and using untested software, tools and services (47%).
Such changes influence the risk posture of the organization, meaning how exposed the organization is to a cyber attack.
Maintaining a company’s previous security policies in this new age of the coronavirus is not viable. Companies must adapt their IT policies as swiftly to keep their staffers secure. In a recent analysis, COVID-19 Risks Outlook: A Preliminary Mapping and its Implications, the World Economic Forum warns, “We should prepare for a COVID-like global cyber pandemic that will spread faster and further than a biological virus, with an equal or greater economic impact.”
Understanding the new landscape of IT security challenges in the COVID-era remote workplace can better help companies protect their workers and their data. Such challenges include:
1. Social engineered attacks exploiting fear, uncertainty and doubt. ’Social engineering’ attacks take advantage of workers’ natural tendencies and emotional reactions to divulge critical information such as passwords. The pandemic has left employees increasingly vulnerable to these targeted phishing campaigns and malicious websites claiming to offer help and advice.
A recent survey by Check Point showed that organizations were being hit by a ‘perfect storm’ of increased cyber-attacks, while having to manage the massive and rapid changes to their networks and employee working practices during the pandemic.
71% of respondents reported an increase in cyber-attacks during COVID-19. The leading threat cited was phishing (55%) followed by malicious websites purporting to offer information or advice about the pandemic (32%). Increases in malware (28%) and ransomware attacks (19%) have also been noticed.
2. An exponential increase in attack surfaces. With the rush to enable remote access to corporate assets, many companies allowed connectivity from unmanaged home PCs in a shift to new ’BYOC’ (Bring Your Own Computer) policies. Many of these home computers lack patches, updated best-of breed anti-malware, etc.
Additionally, mobile devices are now often allowed access to networks, and many apps are moved to cloud for scalability. This gap has created a dangerous opening for hacking and cybercrime. In May 2020, cyber security researchers saw nearly 200,000 coronavirus-related cyberattacks per week.
3. Employees are now their own CISO. With the drastic shift to work from home, living rooms are now part of a company’s perimeter, meaning the company network is borderless with staffers’ children having new access to networks and files. One simple mistake by a child can lead to data ending up in the wrong hands. In this situation, where data is more fluid, and everywhere, the risk of losing it exponentially grows, and can lead to a major breach which may result in bankruptcy or even worse loss of life in case of data alteration in critical infrastructure
Top tips to prevent the next cyber pandemic
The trends of the coronavirus have dramatically changed the way we work, and these changes are here to stay. When we change the way we work, we must adjust how we secure our work. Cyber security strategies must be revamped to meet our new reality.
Here are our top tips:
-Real time prevention
As we all know, Vaccination can sometimes be better than treatment. In cyber security as well, real-time prevention of threats, before they can infiltrate the network, is the key to blocking future attacks. 79% of respondents in a recent survey said their main priority was tightening their network security and focusing on attack prevention.
-Secure your everything
Every part in the chain matters. The “new normal” requires organizations to revisit and check the security level and relevance of their network’s infrastructures, processes, compliance of connected mobile and PC devices, IoT etc.
The increased use of the cloud means an increased level of security, especially in technologies that secure workloads, containers and serverless applications on multi and hybrid cloud environments.
-Consolidation and visibility
So many changes in the company’s infrastructure present a unique opportunity to check your security investments. These changes prompt new questions, such as: Are we protecting the right things? Did we miss a blind spot?
The highest level of visibility, reached through consolidation, will guarantee the best effectiveness. You need unified management, and complete visibility of risk across your entire security architecture. This can only be achieved by reducing the number of point product solutions and vendors.
In times of crisis, companies must be agile and act swiftly. The shock of the pandemic may be fading, but its after-effects are here to stay, and the best way for all of us to stay connected is by being protected. The ‘new normal’ requires us to continue to change and adapt our security to our new ways of working.
*Chief Evangelist , Check Point Software
**first published in: www.weforum.org