Cybersecurity in the "New?Normal"
David Robinson
Managing Partner at &How Intelligence, Cloud & Cybersecurity Specialist, Keynote Speaker, Mentor & Advisor
We are just past the 6-month mark in Singapore of the "New Normal" with talks about us entering in Phase 3 and employers starting to allow staff to return to the offices gradually.
At the beginning of the COVID-19 crisis, many organizations suddenly transitioned to a remote workforce with an increased focus on servicing customers via digital channels. While this rapid transition occurred, telecommuting's sudden move created some security gaps with employees using insecure devices and networks. Cybercriminals, never wanting to let a crisis go to waste, used well-known attack techniques to capitalize on people's COVID-19 fears. The following are some statistics with regards to COVID-19 cybercrime:
- The number of unsecured remote desktop machines rose by more than 40%.
- RDP brute-force attacks grew 400% in March and April alone.
- Email scams related to COVID-19 surged 667% in March alone
- Users are now three times more likely to click on pandemic-related phishing scams.
- COVID-19 drives 72% to 105% ransomware spike.
When you look at some of the above statistics, it underscores the vital role that security plays in not only enabling remote operations but in the future as companies transform how their workforce, customers, supply chain, and partners will work together.
As I reflect on the past six months from a security perspective, there are three main areas that all cybersecurity leaders needed to focus on as the business transformed and embraced new processes and technologies: firefighting hot spots, cleaning up operations, and policy and process evolution.
Firefighting hot spots
With the rapid transition to remote work, often in a less secure environment and in some cases having to use personal computers, this created several immediate security challenges that needed to be remediated and mitigated as a priority. Awareness campaigns had to be done by many companies focusing on digital hygiene, such as regular patching, pandemic-themed phishing campaign training, restriction on the use of personal printers, and prohibiting USB devices.
Cleaning up operations
As part of the pandemic response, many companies had no choice but to accept new risks to keep operations going before they could reevaluate these risks and then tighten controls at a later stage.
Many cybercriminals took advantage of the chaos that ensued during this disruption period as trust boundaries and responsibilities became blurred.
Policy and process evolution
As we all settled into the new way of working for the foreseeable future, organizations started to review existing policies regarding remote working. They began to look at longer-term solutions to mitigate the associated risks and evolving existing processes with a closer focus on securing the value chain.
What's next?
It is becoming evident that remote working is here to stay, and business leaders need to handle the new business environment. Security Leaders need to think about current cybersecurity activities and long-term cyber risk strategies.
To be able to secure the new business environment, security leaders will need to address three priority areas:
- Secure Workforce.
- Secure Customer Journey through digital transformation.
- Evaluate the supply chain and third-party risk.
Secure Workforce
As we move to a remote workforce, the attack surface increases, and as such, static network-based security perimeters are no longer sufficient. The security needs to be dynamic and focus on users, assets, and resources as the new boundaries. The protection of these devices will need to utilize real-time anomaly detection with endpoint detection and response systems.
In light of the distributed workforce, cyber-threat intelligence becomes crucial in conjunction with inside-threat detection to provide early warnings of attacks and or compromises.
Moving to a remote workforce this also provides an excellent opportunity for those struggling to find cybersecurity resources due to existing gaps in the local talent pools to extend beyond the geographical boundaries to tap into the broader pool of talent.
Secure Customer Journey through digital transformation
For industries that have had to transition from traditional bricks and mortar to embrace digital or seen a massive increase in demand needs to focus on providing a frictionless customer-security journey. A key area for this is customer identity and access management to have a single customer identity across all digital channels.
As you are looking at the customer journey, it is time to embrace a DevSecOps approach with security and privacy by design built into it and testing it at scale to ensure that they can continue to function when under load without impacting the customer's experience.
Evaluate the supply chain and third-party risk
Companies must consider third party cybersecurity levels as carefully as they do the security policies for employees and customers. It is critical to assess supply chain continuity and resilience controls to the new way of working.
Conclusion
In this continually changing landscape, cybersecurity teams have generally performed far above expectations to address new risks.
In the new normal, cybersecurity leaders will protect their organizations at scale, making security an integral part of delivering business value.