The COVID-19 pandemic is an immense humanitarian crisis that has also severely affected the global economy. Cyber security Managers and IT Managers responded to the pandemic by quickly instituting measures to maintain business continuity and protect against new cyberthreats. To manage continuity, they have been patching remote systems over virtual private networks (VPNs) that have strained under increased loads. They have been monitoring spiking threat levels, including a near-sevenfold increase in spear-phishing attacks, since the pandemic began. Remote workers are also being bombarded with attacks based on COVID-19-crisis themes that are taking advantage of delayed updates to email and web filters, and using social engineering to prey on workforce concerns. These threats are just some of the reasons why many employers are planning on returning their workers to the office as soon as possible. Although using a COVID-19 Return to Office Memo might be the most effective way to encourage staff to return to work, in many places COVID-19 remains too dangerous and, in the meantime, remote working has become an essential part of the working landscape.
However, the coronavirus pandemic has presented a “once-in-a-lifetime opportunity for hackers and online scammers,” according to a new report from the Information Systems Security Association (ISSA), a community of international cyber security professionals, and independent industry analyst firm Enterprise Strategy Group (ESG). Cyber security and IT professionals from the global ISSA, stated based on their experience that they have suffered a 63% increase in cyber attacks because of the pandemic.
However, faced with this need only 20% of the respondents think pandemic security requirements will lead to an increase in security spending in 2020, while one quarter think their organizations will be forced to decrease security spending this year. Where they expect their spending to increase. In front of this problem, Mckinsey‘s ‘COVID-19 crisis shifts cybersecurity priorities and budgets‘ research, IT Managers and cybersecurity professionals will continue to make the following security niches high priorities for spending:
- Perimeter security. Companies will continue to prioritize short-term spending on security for remote workers. We also expect them to spend on e-commerce security that can be scaled to cover increased activity.
- Remote access. IT Managers will continue to support virtual work-arounds for help-desk staff who would work in the office under normal circumstances. A virtual security help desk assists remote workers with access issues that also support productivity, such as email security tokens and remote desktop access.
- Automation. Companies that can automate routine tasks can free up time for other work that adds more value. At organizations that use outsourced services, the expectation is that Cyber security Managers to ask managed-service providers to make up for increased workloads by adding such automated services as security orchestration and automation response tooling rather than by increasing staff or budgets.
- Security training. The crisis has provided companies with an opportunity to drive home cybersecurity’s importance to the workforce, especially frontline employees. Expected that the cyberawareness training-that developed in-house and that delivered by an outside provider-that IT Managers offer will be adapted both to cover remote-work situations and bring-your-own-device policies and to be delivered virtually.
- Security for trusted third parties. Companies that provide network access to contractors or other trusted partners need to protect those parties from outside attacks, since such threats could affect their own security. Companies increase monitoring for potential threats, which could increase budgets for click-of-a-button security-ratings tools, security-risk assessments, and security-reporting instruments-however, these expenses will not likely be prioritized until after any technical security gaps made more relevant by COVID-19 (for example, remote access security, multifactor authentication) have been closed.
And finally …
- Next-generation identity and access controls. Companies that had deferred adding MFA to legacy systems are accelerating its adoption or are moving to cloud platforms. With more employees working remotely, teams managing business-critical systems are revisiting who qualifies for privileged access. IT Managers at medium-size companies are likely to prioritize managing privileged-access and identity-governance solutions that integrate with security-information and event-management tools and with advanced security analytics to save time and money.
This last point is critical, Digital certificate and ID essential in the new business normality. It has become essential that workers have a Digital Certificate to be able to operate remotely in a legally effective way. A “virtual me” that has often been an essential substitute for the “real me” in running business. A totally legal, transparent and authenticated digital identity that is followed by the creation of a digital certificate: a digital document issued under the authority of an official body that allows a person or company to exchange information in a legally effective manner with full protection for their privacy
The main challenges related to the new situation are clear: protecting remote devices, providing secure network access for remote employees, monitoring network traffic, and coordinating moves, adds and changes with IT operations.
But, ‘beginning at the end’, is not an option. The correct implementation of the cyber security strategy of your business can save you a lot of headaches.
If you want to find out more about the advantages of digital identity and access management solutions, request a demo to see for yourself or contact us. We will be delighted to help you with all your queries.