Cyber security and the implications of COVID-19
We are currently in those unprecedented times, where a virus has not only shaken our planet, but also brought the world to a standstill. The outbreak of COVID-19 has disrupted the global economy and has touched every aspect of the way businesses run.
As we move forward and find ways to operate in the new world, there has been a sudden transition to adopt various digital technologies, including collaborative platforms, remote working and cloud platforms. This significant transition from physical world to the virtual world in a very short span of time has provided an opportunity to look at new ways of operations, however simultaneously it has exposed businesses to various cyber risks.
Emerging cyber exposure today is due to various reasons. Cyber intruders launching COVID-19, themed cyber attacks have become very successful since there is uncertainty in the environment. This has led to increase of phishing attacks, compromise of business emails, ransomware, and other malware attacks across organizations. Other reasons as organizations allowing their employees to operate remotely, organizations exposing key systems for remote connectivity, along with permitting technology assets which are not owned by organizations to connect to corporate environment and rapid cloud adoption are some of the key ones. Due to the situation, many organisations have not been able to ensure adoption of principles around security by design and privacy by design. Fake mobile apps have also targeted end users to compromise the mobile devices and exfiltrate critical information.
During these times there are many examples where organisations had adequate preparation which worked extremely well in the current pandemic situation. This provides opportunity to organisations to re-align their processes, establish a robust IT framework, deploy systems catering to the current need of remote working and implement appropriate security controls with focus on cyber hygiene.
Organisations should consider building strong resilient environment to manage cyber security, which shall include: end points (desktops, laptops, tabs, etc.) security, right preparedness to manage ransomware-related threats, automation of security management processes using technology solutions, adopt newer architecture principles, such as zero trust to provide robust and secure access, deploy solutions which have ability to scale up and also operate seamlessly across various digital channels, enhance security awareness across the organization, pro-active engagement with board and senior management to ensure there is a single version of truth.
Organisations would not only have to transform themselves to adapt to newer ways of working, but would also have to invest in infrastructure which enables strong IT security along with data privacy. Managing investments in the current economical environment may also bring challenges, specifically when organisations are increasingly having budget constraints. It will be prudent for leaders of organisations to ensure that the current state is looked as an opportunity to transform the overall business operating model, where technology and cyber security are strategically prioritised as there are multiple benefits to be accrued from this while operating in new normal.
Lastly as organisations adopt the new operating model, it will be vital to ensure that learnings from the current scenarios are rightfully addressed which include having the right positioning of crisis management and business continuity function, and having a robust communication plan establishing resilience by design across processes and above all, ensuring the safety and well-being of all employees.