When the COVID-19 pandemic hit, all businesses were shaken awake by the rapid transmission of this virus. The disruption it unleashed on the global economy was beyond anyone’s comprehension. As they developed overnight responses to ensure business continuity, many were left vulnerable and exposed to security breaches. Amidst the pandemic, while most people work from home, cybercriminals have upped the ante and are not taking any time off. With many employees working remotely and organizations shifting their focus to their employees’ health and safety, security and risk management teams need to be more vigilant than ever before. There is a need for eternal vigilance.
By Rohan Vaidya, Regional Director of Sales – India, CyberArk
The pandemic has impacted industries in several ways:
1. Risks from Self-service Applications
The deployment of self-service applications has become de rigor. Organizations have rationalized help desks to save time and labor. End-users reset passwords and unlock their accounts. They may use multi-factor authentication. It enables them to access apps and other services without adding load to the help desk.
2. Impact on Third-party Vendors
Just-in-time provisioning for third-party users, while looking to mobilize the workforce, has increased the number of third-party vendors. These users are a new challenge since they are outside the company directory and tracking them could be problematic. The attack surface can be reduced through solutions that automatically allow and block access through one-time onboarding. Hence, vendors can gain just-in-time access and just the right amount of access without manual intervention to allow or disallow access.
3. Risks from Remote Working, Learning
With many companies allowing employees to work from home and students now attending virtual classes, virtual private network (VPN) servers have become the lifelines for companies and educational institutions. But security remains a vital concern.
There are concerns that an organization’s lack of preparedness would expose sensitive information on the Internet and also expose the devices to cyberattacks. Users that utilize their personal computers for official duties may put an organization’s security at risk. Thus, employees should be advised against using personal computers for official purposes.
EC-Council’s CISO MAG brings to you a webinar on “The Current State of Application Security.” Register Now!
4. Possible Delays in Cyberattack Detection and Response
The functioning of security teams was impacted by the pandemic, making detection of malicious activities difficult, and response complicated. Security patches and updates on systems proved a challenge as the security teams were offsite. Organizations are now forced to study security defenses and consider co-sourcing with external consultants in areas where the key risks are known.
5. Exposed Physical Security
Allowing discretionary work from home, where power supply and Internet connectivity are inconsistent, may force employees to work from public spaces like cafés or friends’ homes. This could expose the endpoints and the confidential information they hold. Working or attending classes from public spaces needs to be checked; firms should leverage technologies to ensure that confidential information is secure on these devices in case of device theft or damage.
6. Pandemics Now Part of Business Continuity Plans
While most big organizations have established a Business Continuity Plan (BCP), the impact of an epidemic and a prolonged one like the current COVID-19 pandemic was never a factor considered in most BCPs. Corporations are now having to rewrite their BCPs and incident response plans to consider epidemics that impact global supply chains. Revised risk assessments are being done to ensure sustainable business processes for minimal disruption in the event of another global catastrophe.
7. Cybersecurity Front
At one stage, it seemed as if the global economy would be brought to its knees due to the pandemic, and by any measure, it caused the considerable strain. The global recession has begun to bite, with most countries seeing their economies contracting. A significant number of organizations have downsized during the pandemic, and this strategy includes downsizing business lines they perceive as non-critical, which may include cybersecurity operations. However, this short-term plan might prove “penny wise and pound foolish” in the long haul. It can result in increased attacks on the organization. Hence, it has become imperative for organizations to update their BCPs and remote working policies/practices while prioritizing cybersecurity during the post-COVID-19 re-strategizing process.
Conclusion
During the pandemic, organizations are mostly focused on business continuity and employee health. The way forward would be to take pre-emptive steps to fix any bugs that would arise and to ensure uninterrupted operations, resilience, and security. The elements who attack are looking for chinks in the organization’s operations and security.
COVID-19 has changed lives for eternity with new formats of working, new cybersecurity issues, new policy proposals, hygiene, and a laundry list of other items. A joint effort on all fronts is a necessity. It is now apparent that post-COVID-19, organizations need to re-look at their cyber risk management measures.
While apps have ensured convenience for everyone, the legacy of security issues continues to dodge them. The COVID-19 emergency has only given more opportunities for malicious elements to disrupt everyday lives. That’s why security companies and cybersecurity professionals must double up with greater use of tech solutions to ensure a future of more significant and safer possibilities.
This story first appeared in the October issue of CISO MAG. Subscribe now!
About the Author
As the Regional Director of Sales – India at CyberArk, Rohan Vaidya is responsible for managing sales operations and profitability of the business in the sub-continent. He joined CyberArk in May 2016 with more than 18 years of experience in successfully building brands and businesses in India and the wider Asian region.
Rohan has served in a variety of capacities in an expansive career including sales, marketing operations, technical consulting, and business management with mostly multinational organizations in India, Southeast Asia, and the Middle East. His track record for engaging deeply and productively with clients has delivered measurable success in industries including telecommunications, financial services, publishing, media, IT, and IT-enabled services (ITES).
Prior to joining CyberArk, Rohan was the Head of Region for the Indian sub-continent at K2 Partnering Solutions, a European consulting firm specializing in ERP and Cloud. He has also co-authored a book “That’s Naut My Business.”
Disclaimer
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
EC-Council’s CISO MAG brings to you a webinar on “The Current State of Application Security.” Register Now!
