Impact of the Pandemic on Cybersecurity:
Key Insights & Lessons Learned

In the wake of sudden health emergency of COVID-19 pandemic, the world came to a standstill and the organizations around the globe struggled hard to find ways for continuing their businesses. The IT mechanisms of most of the organizations were not well equipped to enable their employees to work from home. A major constraint was to ensure secure access to systems and a secure remote access capacity. But to run the businesses one needed to come up with a sturdy solution between COVID-19 and cybersecurity.
Soon after, the industries and their workers got even more virtually linked than before. The pandemic established a new trend of work from home where the enterprises ran their businesses online. And this required a lot of critical data sharing/handling, cloud networks, digital devices, data centres, massive communication among employees. Though it was smooth and effective initially, a major leap in the cyber-attacks and information security incidents were witnessed. Cyber criminals or hackers started preying on the personal data of individuals as well as the critical data of organizations. The increase in the digital traffic and footprints helped them to paint a picture of the individual/organization, to trace vulnerabilities and finally to siphon off capital and data.

This alarming increase in security risks compelled a lot of industries to introduce ways to address these threats, to upgrade the cybersecurity posture and to strengthen information security controls. Hence it is crucial to analyze the impact of pandemic/work from home set up on software security.
The adverse effects of the pandemic on the industry are as follows:

1. Increase in COVID-19 related Phishing & Ransomware Attacks

Employees or organizations are tricked by hackers, sending them links, emails, applications (related to COVID-19) disguised as genuine and legitimate applications but when downloaded, they extract data and credentials. Often individuals are fooled into installing ransomware as the hackers imitate brands and send them links to click on. The cybercriminals set up attacks by sending phishing emails with malicious attachments which when downloaded, the malware impair the network and steal data. They also attract people to temporary websites for hosting malicious codes. Organizations shall ensure that its employees are careful enough to not fall prey to these fake branding and cyber-attacks.

2. Increase in Security Risks from Remote Working

Due to the pandemic a new trend of work from home has been established. But industries were not prepared with an alternative plan which could work out and run the business smoothly. Virtual Private Network (VPN) has now come into the scene, and it provides a few layers of extra security over the data and devices. As employees are working from home, they might use their personal devices to execute the official work. That is again highly unacceptable as it unlocks doors to hackers to enter the unprotected network or device and siphon off data. Organizations shall make sure that the security configuration in VPNs are well established and effective and employees do not use their personal devices for official purposes.

3. Potential delays in Security Incident Detection & Response

In the present scenario of remote working, it has become increasingly difficult to monitor the detection of attacks and security incidents and even more difficult to respond to these incidents within the decided time. The performance of the security team has considerably become feeble as remote working invites obstacles in the way of implementing security controls and it demands time to execute them too. Hence security defences in organizations shall be checked time and again to ensure its effectiveness and suitability.

4. Exposed Physical Security

Due to people’s increased tendency to work in public areas like coffee shops, hotels, etc during this crisis period the physical security perimeter has somewhat got blurred leading to the exposure of devices and critical data contained in it to unauthorized individuals. Organizations shall take steps to raise awareness of information security among employees and shall ensure limited working in public spaces.

5.  Increase of Cybercriminals

Industries and employees got associated virtually, trying to continue with their businesses. But this opportunity has been grabbed by hackers or attackers to misuse/steal data and make a handsome amount of money exploiting the owners of information. The number of attackers has seen a boost since the wake of this unprecedented crisis.

6.  Global Pandemics not included in Business Continuity Plans

Though most organizations were ready with a Business Continuity Plan, it never considered or gauged the effects of COVID-19 pandemic. It forced many of them to wrap their businesses up permanently. But now the BCP needs to be revised and shall capture all the effective processes that could be made effective in case of any pandemics that might hit the world in future. Risk assessment shall have a modified approach and consider every process across the organization.
Analyzing these effects will help you to understand the strength of your organization’s security posture. You can take steps, accordingly, to plug in the security requirements into the operations to come up with an overall better and robust security structure. Work from home might go on for a bit longer and hence it is essential to curb the threats right now and continue with a smooth and protected business plan.