Read the original article: Are We Ready for a Post-COVID-19 Cybersecurity Landscape?
There’s an old adage that history repeats itself.
This certainly holds true for the fact that every time there has been a major crisis, cybercriminals have been keener than before the crisis to exploit vulnerabilities. Unfortunately, the ongoing COVID-19 crisis has been no exception to this rule.
Unfortunately, cybersecurity is also no longer as big of a priority as it once was for businesses and individuals alike as ‘more pressing’ matters relating to their finances, well-being, and personal health have taken precedence.
As we begin predicting what a post-COVID-19 world will look like, we will also have to think about how cybersecurity will change after the crisis is over (and how it already is).
In this article, we’ll discuss exactly how the coronavirus is changing and will continue to change the cybersecurity landscape. Then, we’ll talk about the appropriate controls and technology that employers and online business owners need to deploy in order to create a cyber-resilient plan that will protect their company and brand both before and after the pandemic.
How Has COVID-19 Changed Cybersecurity?
COVID-19 and the resulting lockdown has forced more employees to work from home. Unfortunately, many of these employees are making use of devices, applications, and networks with proper cybersecurity knowledge or training. This has made an already significant threat even worse.
What’s more, is that the increased number of employees working from home is looking very likely to also become the new normal. This means that businesses will need to have new discussions on how to properly protect the online security of the growing mobile workforce not only for the present but also for the future.
The evolving technology of the new generation, including artificial intelligence and automation, is changing cybersecurity as we know it. Furthermore, with more people than ever connected to the Internet and with 25 billion smart devices in use worldwide as part of the Internet of Things, there have never been more numerous vulnerabilities for cybercriminals.
These factors have, together, no doubt, contributed to the large increase in cyberattacks that we have been witnessing following the coronavirus. In March of 2020, there were 37% more cyberattacks than in March of last year.
Major crises usually reveal an increase in cyber attacks, meaning that it should not be unexpected that we’ve seen yet another increase in such attacks during the coronavirus. But the fact remains that thanks to both the chaos created by the epidemic and the increase in available vulnerabilities to hackers through everyday online applications, the cybersecurity landscape has shifted in ways it never has before.
Amidst all the talk of ‘flattening the curve’ of the virus spreading with measures such as social distancing and quarantining, there should also be talk of ‘flattening the curve’ when it comes to the substantial increase in cybersecurity hacks and attacks with cybersecurity measures.
With that in mind, your online business should be taking the following actions for the following issues, at the bare minimum.
Phishing Attacks Have Become More Sinister
The most common cyberattack, both before and during the pandemic, has been phishing. Phishing has been made worse by the COVID-19 because opportunistic hackers are seeking to exploit it and play to people’s worst fears.
Specifically, people are receiving emails pretending to be from the Federal Bureau of Investigation, World Health Organization, Center for Disease Control, and others offering ‘help,’ but are in reality just seeking to either seize people’s personal information (government ID information, credit card numbers, etc.) or to trick people into installing malware.
The idea for the hackers is that by playing to commonly-held fears, ordinary people will be much more willing or likely to give up that kind of information. And while it’s easy to ask a more tech-savvy colleague in the office whether a strange email is authentic or not, when you’re isolated at home, it can be a bit more difficult.
Therefore, in the post-COVID-19 landscape, it will be critical to take the threat of phishing attacks even more seriously than before especially as the attacks become more seemingly trustworthy and yet more deeply sinister in nature. There’s an old saying with funny-smelling food that when in doubt, throw it out. In the case of emails, use the same approach.
This means that if you have any suspicions about the email at all, don’t open it. Instead, navigate your way to the real site and locate the section you need. Additionally, never reveal any sensitive information through email, and never respond to an email that asks for such information.
Don’t Make Yourself The Weak Link
The malware techniques hackers are using during the COVID-19 epidemic are a mixture of old and new. More critically, cybercriminals are going after the most vulnerable targets: namely, remote workers.
Malware is similar to phishing in that it seeks to gain unauthorized access to a network under the pretense of being helpful. Hackers view remote workers as being one of the weakest links to go after with malware specifically because they are decentralized and can be targeted individually.
For example, one example of a malware trick being commonly utilized by hackers to exploit the coronavirus epidemic has been to send maps located with legitimate COVID-19 tracking information. However, the map also contains a data-stealing trojan which, once installed, will begin to collect credentials to personal and financial accounts (and not only from the individual worker but from the business the worker works at as well).
All of the same procedures for stopping phishing attacks need to be applied to stopping malware, in addition to a variety of other security techniques. These include keeping all software up-to-date, never trust unverified people for any information about yourself or your company whatsoever, avoiding free software, and always verifying that the online connection to your company is secure through a virtual private network.
Don’t make yourself the weak link.
Don’t Neglect Security For Speed of Delivery
Remote access services have become absolutely critical for businesses. This is because any company that facilitates collaboration and the delivery of services for a remote workforce are now vital systems. This contrasts with before, where they were a simple convenience.
But the more businesses open up their remote access services in order to enable full functionality, the more vulnerable they become to hackers as well. While your business should absolutely prioritize the speed of delivery, you also need to ensure that you do your due diligence in regards to security. Don’t bypass simple security measures.
One such security measure will be to utilize multi-factor authentication or MFA. Two-factor authentication (2FA) on its own is not good enough. Too many businesses avoid using MFA because of the potential disruptions to workers in their workflow, but again, security should never be sacrificed for convenience.
Finally, you also will need to make it a policy of increasing your monitoring across your endpoint, cloud, and network services. The goal of this policy will be to identify any potential issues early on before they can become worse. This is another example of a simple security policy that online businesses will often neglect in the name of ‘speeding things up’ with their workforce. It’s also an example of a strategy that businesses will need to employ going forward, even in a post-coronavirus world.
Conclusion
The coronavirus has forced almost everyone to become more dependent on the Internet. If you want to truly consider yourself ready for the new cybersecurity landscape that we are in for thanks to COVID-19, you will need to make it a habit to put the above cybersecurity steps into practice just as you have put social distancing measures into practice as well.
Written by Nahla Davies, Software Developer and Tech Writer
Read the original article: Are We Ready for a Post-COVID-19 Cybersecurity Landscape?