With companies across the globe turning to work from home via the online medium amid the pandemic, threats to cybersecurity have increased.
At home, it's less likely we are protected by the corporate software that can scan every link we click and file we download for signs of danger. Moreover, with the lockdown being introduced, so many more people turned to online shopping, including those who have never done so before. Unsurprisingly there has been an increase in fraud being committed.
The role of cybersecurity professionals at this moment is more critical than ever as Chief Information Security Officers must balance two priorities to respond to the pandemic: protecting against new cyber threats and maintaining business continuity.
Organizations should evaluate the security defences in place and consider a robust Cyber Assurance Program that supports cybersecurity testing and certification, as well as continuous vulnerability monitoring.
Many organizations have business continuity plans (BCPs), but it is obvious the impact of a global pandemic like COVID-19 was not considered in many BCPs. With the widespread impact of the COVID-19, organisations need to re-visit their business continuity program and incident response plans especially to feature such pandemics that affect many countries and critical elements of supply chains at the same time. A revised risk assessment should be conducted on critical processes to identify the various options in ensuring these processes can still be maintained at an acceptable level and an effective failover is achievable.
In closing, COVID-19 will change our lives forever with new work styles, new cybersecurity issues, new proposed policies, personal hygiene, and so on. The fight against COVID-19 is not just for the organisation, employee, or customer but a joint effort from everyone. It is also obvious that post COVID-19, organizations will need to rethink their cyber risk management measures and verification.
Bob Stevens, Vice President, Americas at Lookout, warns the move to a remote workforce has changed the security attack surface for every organization. "Employees working from home are using their personal mobile devices to connect to home networks, which means traditional perimeter-based security tools no longer provide visibility or control for security teams. CISOs are adapting to provide endpoint security to all devices in this new normal, to enable teams and organizations to get back to business." “Losing cybersecurity and IT staff increases the risk of a successful attack during the COVID-19 pandemic and may impair the ability of a company to sustain the large volume of remote workers.” Fausto Oliveira, Principal Security Architect at Acceptto.