Cybersecurity lessons from the pandemic

Jerry Ray, Chief Operations Officer at SecureAge Technology, takes a look at the cybersecurity challenges ahead and what we can learn from our COVID-19 experiences
Jerry Ray, Chief Operations Officer at SecureAge Technology, takes a look at the cybersecurity challenges ahead and what we can learn from our COVID-19 experiences

Better times are hopefully ahead in the real world thanks to the success of the Covid-19 vaccine roll-out. But in cyberspace, there are no equivalent vaccine options that offer the same levels of efficacy and protection against sophisticated and constantly mutating viruses raging throughout our digital ecosystems. Google registered over 2 million malicious websites during 2020 and said it was blocking more than 100 million phishing emails a day during the first lockdown, with almost a fifth of them related to coronavirus.

Exploiting the Home-to-Office migration

Covid-19 has posed new cybersecurity challenges and will have a long and lasting impact on the evolving threat landscape. Working from home created a mass of distracted employees outside the confines of their office network and secured perimeter, vulnerable to phishing emails around Covid-19 and vaccine news. But motivated hackers will be just as active as offices and hospitality come back to life. Phishing messages related to everything from company policies to social gatherings will introduce new malicious file attachments and lead countless workers astray to fraudulent websites scooping up personal credentials and payment information. Staffing changes, the rush of new hires and mix of flexible working practices, will only serve to compound the problems for system administrators and security specialists.

Head in the clouds

Cloud technology came into its own over the past 18 months by making working from home a seamless exercise, but every endpoint accessing data from inside or outside the office will remain a target of hackers. Security professionals will have to keep in mind that cloud providers offer freedom of data access and freedom from physical infrastructure, but not necessarily the freedom of security or freedom from exploitation. Even with the notion of zero-trust having been shouted and praised globally in relation to VPN use for accessing corporate data, everything that can be seen on the endpoints needs protection on the endpoints. Renewed attention to securing them, whether inside or outside the confines of the corporate network, will be even more essential in the second half of 2021 given that cloud providers did a good enough job of storing, delivering, and securing massive amounts of data over the past year.

Relentless ransomware

Ransomware is one of the most common threats to any organisation’s data security, and this threat continues to increase and evolve. Ransomware made up a massive 81 per cent of all financially motivated cyberattacks in 2020 with the average cost of a breach costing victims a massive $4.44million, according to research by AtlasVPN. Technical preparation, such as remote backups with sufficient intervals and redundancy, should be no more critical than strategic preparation, where decision trees with probabilities should be drawn to help decide if or when to pay a ransom, even if never paying is the default stance prior to being attacked and all data becoming inaccessible.

No immunity

Nobody will be enjoying any type of immune response to changes made to cybersecurity policies throughout the work-from-home experience. The smallest to the largest companies, with hundreds of dedicated IT security staff, will still see users as their weakest security link and in need of constant education. Most cyberattacks are not targeted and rely on massive numbers of automated hacking attempts across vast IP ranges till someone, somewhere brings a dormant shell to life on the hacker’s terminal. No company whatever size is immune and security strategies and tools should constantly be evaluated and tested to protect workers at home or returning to the office.

Time to focus on the data

Traditionally, we have tried to protect all data with multiple layers of security to prevent access, but it is clear this is not working. So, if we can’t keep the cybercriminals out nor trust the people around us to always do the right thing, we must rethink the traditional ‘castle and moat’ methods of protection and adopt a data-centric approach, where security is built into data itself. 

Full disk encryption will protect data when it is at rest on a hard disk or USB stick, which is great if you lose your laptop but is of absolutely no use in protecting data against unauthorised access or theft from a running system. And though the situation may gradually change, most organisations still deploy endpoints with local storage, where extracted, sensitive data is often stored. Data, therefore, needs to be protected not only at rest but also in transit and in use, on-site or in the cloud. This means that if the cybercriminals do get through, they are faced with encrypted data that is useless to them. In effect, we would be beating the ransomware criminals at their own game – and how satisfying is that?

READ MORE:

As companies continue to navigate the new challenges of cybersecurity as we emerge out of the pandemic, approaching their security strategies with a sense of urgency and fresh perspective will reduce overall risk against to the increasing attacks we will face.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...