To say that the world is dealing with a crisis of unprecedented proportions is something we now all understand. But the far-reaching effects of COVID-19, particularly as they relate to how we do business, are still being understood. And in no place is this more significant than the world of cybersecurity.
Consider first that both businesses and consumers had to quickly balance understandable health concerns with the rapid shift to working remotely. And to shift hundreds or thousands of employees to a remote work model, all within a one-to-two week span is no minor feat. IT largely rose to the challenge; the share of workers reporting that their employers were offering remote or flex-time options rose from 39% to 57%, based on a Gallup poll conducted March 30 to April 2, while the percentage of working Americans who said they worked from home due to the coronavirus doubled from 31% to 62% over the same period.
However, another group was eager to use the pandemic to create their own challenge for businesses and consumers: cybercriminals looking to use phishing, ransomware, and other attacks designed to capitalize on peoples’ fear and uncertainty. As our reliance on technologies like home Wi-Fi networks, platforms like Zoom and Virtual Private Networks (VPNs) to access company data has increased, so has the number of criminals seeking to exploit vulnerabilities for their own benefit.
For example, consider that the pandemic has added significant challenges for state unemployment insurance agencies as they struggle to process a significantly increased volume of benefits applications with inadequate staffing, aging legacy IT systems, and tightening budgets. And states are reporting a rapid increase in unemployment fraud according to the US Secret Service and US Chamber of Commerce. The most prevalent use case has been filing applications for benefits and using the names and personal information of people who have not lost their jobs.
According to the 2020 Unisys Security Index™, the longest-running snapshot of consumer security concerns conducted globally, less than one in three (31%) Americans expressed concern about their data security while working from home, suggesting a false sense of security.
All of this is to say that the world now finds itself at a critical juncture. At its core, the pandemic has been a catalyst for the beginning of a new technological reality. As work from home becomes a new normal and as more things are connected to networks around the world, it’s not just our financial systems that are at risk from bad actors, but also our governments, communications, energy, healthcare, and transportation. In short, data is the new currency, and the trust we place in it is vital to our health, prosperity, welfare, and growth as a society. And as a result, the future of cybersecurity must adapt accordingly.
Fortunately, there are tangible steps that businesses and governmental agencies that serve consumers can take to stay secure as we all seek to navigate this “new normal.”
Adapt your security for the work from home (WFH) era
Companies must make it easier for their employees to be secure when connecting from home, and that means less use of old-style VPNs that don’t scale and aren’t suited for COVID-era WFH security, and more use of Zero Trust processes and technology, including always-on encrypted direct access, identity verification tools and a software-defined perimeter that utilizes micro-segmentation to limit the damage from malware getting in. This enables the secure scalability that today’s operations demand.
Utilize emerging technologies, including biometrics, to extend safety precautions in the age of WFH
It is not just for employees to implement safe practices. It is also on employers to recognize the new risks posed by a remote workforce and to implement appropriate protections. With most people working away from the office, unauthorized access to one employee's laptop could mean access to the whole company. However, firms can equip their employees with additional security controls such as multi-factor authentication — a code from an external device in addition to usernames and passwords — or even biometric logins such as fingerprint scans, which people already use to secure their smartphones.
Be forward-facing – prioritize and implement the adoption of next-generation cyber tools
It has been said that disruption often begets innovation. And one potential benefit to the pandemic is the opportunity it presents to organizations to expand their usage of advanced security automation capabilities, including utilizing artificial intelligence, advanced analytics, and machine learning to improve their cyber posture. However, proper implementation is more complicated than snapping one’s fingers -- it takes a long time to develop, foster, and get it to a mature state.
That said, with the right training, implementation and technical support, AI, advanced analytics and machine learning capabilities can be key to verifying identity and identifying discrepancies, such as scanning for irregular behaviors or for malicious users who access documents or parts of the network unrelated to their job – without sacrificing speed or flexibility.
The realities of our new digital world, compounded by the reality of the global pandemic, requires that we all rethink how we approach security. The future of business is now inexorably linked to cybersecurity. It’s time businesses and governments understand the importance and adjust, or else they risk falling behind.