What will the post COVID-19 world look like in terms of cybersecurity?
Unfortunately, the longer the crisis persists (and it may persist for years given current expert opinions), the less likely “returning to normal” becomes. In fact, the post COVID-19 cybersecurity landscape may not resemble the previous one at all. We already have evidence of hackers adapting to a post COVID-19 landscape, altering their threats to take advantage of more remote workforces and new concerns. Therefore, your business’ cybersecurity and endpoint security must adapt as well.
We consulted with several cybersecurity experts on what they see for the post COVID-19 world. Here’s what they had to say.
Cybersecurity Predictions for the Post COVID-19 World
Anurag Kahol is CTO and Co-Founder of Bitglass.
The shift to widespread remote work also increases the likelihood of insider threats.
“Verizon’s 2019 Data Breach Investigation Report found that approximately 34 percent of breaches involved internal actors. Additionally, a recent survey conducted on IT professionals about insider threats revealed that only half of organizations provide user training regarding insider threats. While protecting data from malicious external actors is typically top of mind for most organizations, the fact remains that they must also defend against employees—whether they are malicious or merely careless.
Phishing attacks are not a groundbreaking threat, and general employee awareness of these schemes has grown in recent years; however, hackers still find success with this tactic by taking advantage of major news. In fact, the United Nations’ health agency released an alert warning of an increased number of cybercriminals posing as World Health Organization (WHO) representatives amid the current pandemic. During this stressful time, recipients of these messages are more likely to click on malicious URLs, open attachments, and give up personal data. Because of this, insider threats will spike and be a leading cause of data breaches in 2020.”
Businesses will implement changes to ensure BYOD devices are secure.
“A majority of organizations (85 percent) were already somewhat prepared for remote work by enabling bring your own device (BYOD) policies. On the flipside, not all companies that have adopted BYOD are doing so securely. For example, 43 percent of businesses do not know if the devices employees are using to access corporate data are infected with malware—demonstrating a disturbing lack of visibility. By the end of 2020, we will likely see even higher BYOD adoption rates—whether out of necessity for enabling remote work, or simply for BYOD’s many benefits, including enhanced mobility, efficiency, and employee satisfaction.
Regardless, when companies enable BYOD, they must also implement agentless security measures that can protect corporate data on personal devices. With agentless tools, IT gains security and compliance without invading user privacy through agents on employees’ personal endpoints. As organizations increasingly realize that cybersecurity must be a top priority, we predict that the use of agentless security solutions will rise alongside that of BYOD.”
James Carder is Chief Security Officer & Vice President of LogRhythm Labs.
Attackers upping the scale with user-focused attacks.
“Attackers are not using terrifically novel, new tactics during this time. They are, however, significantly upping the scale of existing attack vectors (phishing and watering hole types), and attacks are increasingly user-focused. Business operations are more focused on capacity, availability, and maintaining a productive workforce, while security is looked at for exceptions and compensating controls. Additionally, as some companies were not prepared for the sudden switch to a remote workforce, they might have asked their employees to use their personal devices. Unfortunately, companies cannot monitor or control these devices, leaving the remote technology and subsequently, their company, vulnerable. Attackers will continue to realize the monetary benefits and disruption of user-focused attacks as remote technology becomes imperative for business continuity. Thus, we will see an increase of data breaches over the next few months caused by successful phishing attempts and personal devices being infiltrated.”
Mike Riemer is Global Chief Security Architect at Pulse Secure.
The future of work post COVID-19—there will be a larger remote workforce with cybersecurity built into the culture.
“A recent Gartner survey of over 300 CFO’s found that 74 percent of respondents say they expect to move previously on-site employees to remote post-COVID-19. As such, a large remote workforce is forcing companies to re-evaluate how to evolve their corporate culture and invest in capital. Embedding a long-term cybersecurity strategy as part of this evolution to keep workers safe will be critical.
Ultimately, an effective security culture mitigates the risk of a breach as a result of credential theft, phishing, and business email compromise (BEC)—and working with employees to protect their privacy addresses a growing issue for many people, 28 percent of whom have had their identity hacked or stolen. That number increases to 35 percent when looking at the entire U.S.
However, as businesses are quick to ditch their office spaces, they will need to allow employees to have secure remote access to corporate systems as well as implement Zero Trust. Zero Trust is an approach based on the concept of continuous verification and authorization. It ensures that only authenticated users with compliant devices, whether corporate, personal, or public can connect to authorized applications over any network, whether on-premises or in the cloud. This will help remote workers to engender more confidence that their business and personal data is secure.”
Zero Trust will be part of the future of work during and post COVID-19.
“The need for Zero Trust security has never been greater, especially due to increased targeted attacks, rapid work from home mandates, and mounting privacy compliance obligations due to COVID-19. As such, enterprise adoption of the Zero Trust security model is growing as mobility and hybrid IT models have placed most workloads beyond the shelter of corporate networks and traditional perimeter defense. This creates significant user access and data concerns.
The 2020 Zero Trust Progress Report by Pulse Secure revealed that nearly a third of cybersecurity professionals have expressed value in applying Zero Trust to address hybrid IT security issues. This report, which surveyed more than 400 cybersecurity decision-makers, found that 72 percent of organizations plan to assess or implement Zero Trust capabilities in some capacity in 2020 to mitigate growing cyber risk, while nearly half (47 percent) of cybersecurity professionals lack confidence applying a Zero Trust model to their Secure Access architecture.
With its principle of user, device and infrastructure verification before granting conditional access based on least privilege, Zero Trust holds the promise of vastly enhanced usability, data protection and governance and must be part of any security architecture as we navigate the current COVID-19 business landscape.”
Thanks to our experts for their time and expertise. Learn more about adjusting to the new normal in our Endpoint Security Buyer’s Guide.
Latest posts by Ben Canner (see all)
- Findings: The Forrester Wave: Enterprise Firewalls, Q3 2020 - August 11, 2020
- Thinking about Long-Term Endpoint Security (During and Beyond COVID) - August 6, 2020
- Is There An Optimal Endpoint Security Approach? - August 5, 2020