The Post-Covid Cyber Security Challenge

Uploaded on 2021-07-12 in TECHNOLOGY--Resilience, FREE TO VIEW

The social changes, economics, and strategic implications brought on by COVID-19 have changed the work environment significantly. Remote work, once expected to be the future, is now our new reality. Most organisations have been through a lot of changes over the past eighteen months and there is now a heightened cyber security risk. 

Even as we move into a ‘new normal’, the landscape is anything but certain. Organisations need to keep up with this evolving threat landscape, as there are several cyber security trends that are emerging from this new post-pandemic era.

Ransomware has been a key adversary for quite some time and there is no sign of this changing. As a result, we expect to see new initiatives released and developed to counteract this threat. There are several initiatives in development because of collaboration between governments, industry associations, businesses and vendors.

The proposed extension to Know Your Customer (KYC) transparency rules in financial transactions is an excellent example of what can come about as an outcome of this collaboration. 

KYC currently does not include crypto currency transactions but attacks against crypto currency payments are a favourite of ransomware attackers because they are untraceable. Therefore, extending KYC rules to include crypto currency payments is a matter of importance as it will act as a strong deterrent. Collaboration in the development of these initiatives is vital, any organisation that is at risk of becoming the next victim of a ransomware attack will benefit from new initiatives, so it is important that they are supported where possible.

Cyber security needs to become front of mind for all employees, not just those who work in IT. This change needs to spread to the rest of the business so that all employees prioritise security and collaboration, whatever their level and role. 

The natural result of this is that teams will become more open and better at information sharing which will make it easier to spot when there has been a cyber security issue, as everyone will know what is and isn’t normal across the company. The next step of this repositioning of security within the organisation is to acknowledge the impact that working from home has had. At the height of the pandemic, almost all workforces became remote and now, even as companies are gradually starting to return to offices, there will still be a vast network of remote employees.

This rapid and huge shift to remote working at the onset of lockdown restrictions would not have been possible without VPN architectures, but the security governing VPNs is not as strong as it needs to be for the heavy reliance placed on these systems to connect employees to vital applications placed organisations.

Organisations have therefore turned to software-defined wide area networks SD-WANs. These systems now come with integrated security controls, delivering almost the same level of security to remote workers as the head office. These combine network and network security into a single cloud service that is both secure and able to provide the level of connectivity needed to run devices at the edge.

Due to the sudden switch to remote working and cloud service adoption, certain principles of cyber security best practice had to be temporarily overlooked for many organisations. Now that cyber security teams have overcome those earlier challenges in the peak of the crisis, there’s an opportunity to learn from the pandemic to improve cyber security posture long-term.
To succeed in the post-COVID-19 era, technology providers must rethink their strategies and offerings to accommodate a new security landscape.

Human error is an issue of concern. Prior to the pandemic, human error was already a major cause of ‘cyber insecurity’: employees would unknowingly or recklessly give access to the wrong people With home working, the problem is even greater. When they work from home, employees may be interrupted in the work they are doing by family members or social visitors. While the future remains uncertain, organisations are embracing the new normal, and now is the time for CISOs and IT managers to start thinking about how they will continue securing their teams while working remotely. 

In that future, cyber security will be ever more important and the companies that can react quickly to address the changing security demands of the market will ultimately be successful.

Organisations should consider conducting a strategic and tactical IT and cyber security risk assessment. They should identify an enforcement mechanisms, such as multi-factor authentication, single sign-on, and automatic logout from unattended devices. Organisations should also consider blending new cyber security investments with enhanced cyber insurance coverage to reduce their retained risk, optimise spending relative to protection, and conserve resources.

 The post-pandemic recovery and preparation period presents the opportunity for companies to rebuild to a new normal, with enterprise resilience as a pervasive goal.

Marsh:       Deloitte:    BluVentureInvestrors    Govtech:       BrightTalk:     Information-Age:   

You Might Also Read:

Managing Cyber Security As Office Work Resumes:

 

« India’s New National Cyber Security Strategy
Biden Warns Putin The US Will React To Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

Relution

Relution

Relution is the Unified Endpoint Management platform for innovative companies and educational institutions. It enables you to manage your mobile apps and devices easily and securely.

National Cybersecurity Society (NCSS)

National Cybersecurity Society (NCSS)

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

US Secret Service

US Secret Service

The US Secret Service has a pivotal role in securing the nation’s critical infrastructures, specifically in the areas of cyber, banking and finance.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

Informer

Informer

Informer provides an Attack Surface Management SaaS platform alongside penetration testing services. We combine machine learning and human intelligence to reduce cyber risk.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

Alacrinet

Alacrinet

Alacrinet is an IT and cyber security consultancy. From penetration testing to fully managed MSSP, our team is focused on knowing the latest threats, preventing vulnerabilities, and providing value.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

Kiberna

Kiberna

Kiberna are a small but niche company specialising in data driven security to manage your cyber risks.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

Security Discovery

Security Discovery

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform.