Four Lessons Learned about Cyber Security during the COVID-19 Pandemic

The world has experienced an unprecedented crisis that has caused chaos in the global economy, disrupting supply chains, and transforming society. The new reality is accelerating business model transformation at a faster pace than ever before to ensure existential survival in a crisis for which no one was prepared. The COVID-19 pandemic has forced everyone to become heavily reliant on the internet and its digital economy that mainly relates to the unprecedented pressure on the digital architecture and supply chain dependencies.

The following principles will help organisations to shape a responsible course of action that balances short-term goals against medium- to longer-term imperatives.

1.Foster a culture of cyber resilience: beyond compliance

Effective cyber resilience requires a combined and aligned multi-disciplinary effort to move beyond compliance to cohesive business and digital enablement. Cyber resiliency should be part of a holistic approach to security that takes all aspects of the business into consideration, from employees and partners to the board of directors. Improving security is not a one-time project, but instead is a program of continuous improvement.

To become cyber resilient, enterprises must strike a balance between these three actions: protecting critical assets, detecting compromises, and responding to incidents. Making the IT landscape cyber resilient requires investments in infrastructure, design and development of systems, applications, and networks. At the same time, organisations must create and foster a resilience-conscious culture, of which security is an essential part.

2. Balance risk-informed decisions

The high velocity of new applications being developed alongside the adoption of open source and cloud platforms is unprecedented. Organisations often fail to resolve bugs or configuration issues for their software applications, as was the case for Zoom, which has been under a lot of scrutinies during the pandemic for security and privacy flaws. As hackers are proactive in identifying and exploiting the weakest link in a value chain, a zero-trust approach (i.e. Fortinet CTAP, Cisco DUO) to securing the supply chain must become the norm. Meeting organisers should use built-in security features, such as waiting rooms, password protection, and other settings to control participants’ capabilities (e.g., printing, participant lists, document sharing, recording). Participants should not share meeting links publicly or with people who do not have a need to know. Virtual meeting software should be regularly updated to the current version or have auto-update enabled. Finally, employees should only accept meeting invites from expected and trusted sources.

Cyber security is a business issue that affects all aspects of the organisation. The board must take responsibility for its oversight and instilling the cultural shift that must take place. Effective and consistent implementation of strong cyber hygiene would have mitigated most of the cyber attacks that were perpetrated since the beginning of the pandemic. Exploitation of known vulnerabilities that exist on a server, applications or endpoint devices are common entry points for a cyberattack. Developing and maintaining an inventory of all digital assets starting with the critical ones will help ensure an effective vulnerability management strategy and will be essential in protecting critical systems against cyber threats.

3. Update and practice your response and continuity plans as your business transitions to the new normal

This crisis has reminded business leaders of the importance to adapt and test regularly their response and resilience plans against different disaster scenarios (including pandemics) with their key suppliers and business partners. This includes using these tests to challenge assumptions (such as recovery times) and to develop means to measure resilience, response, recovery and other key capabilities needed to anticipate, withstand and recover from, and adapt to, adverse conditions, attacks or compromises on systems that are enabled by cyber resources.

4. Strengthen workforce ecosystem collaboration

Achieving a balance between productivity and security has become increasingly difficult as most organisations do not have adequate visibility or control over what their employees do on corporate devices, such as company-issued laptops and smartphones. Security measures, as well as training, have increased in the workplace and employees connected to corporate networks are generally safe, secure, and productive thanks to the several layers of technology such as firewalls which are put in place to protect them. However, while working from home, remote employees lack this same level of security and this exposes them and their organisation to the higher levels of risk.

Businesses are making changes to their operating model and technology landscape at an unprecedented scale and pace, which will require some risk trade-offs as they adapt and respond urgently to the crisis. However, as they enter the new normal, they will need to reassess the digital dependencies and risks accrued to restore their risk profile to an acceptable level.

As the cyber threats to business continue to evolve, IT leaders will have to address them in the digital and physical worlds to mitigate any potential harm to individuals and avoid the disruption of critical services. Businesses that understand and act on the signals and warnings can adapt and turn an increasingly ambiguous and fast-moving world to their advantage.

For more tips on securing your cloud computing system in your IT infrastructure, simply contact us for a vendor-agnostic approach and we can assess the full cyber security marketplace and tailor the solution to your company’s needs.