SlideShare a Scribd company logo

The top cybersecurity challenges post-lockdow

Dharmendra Rama
Dharmendra Rama

According to current government guidelines, everyone who cannot do their job from home should now go to work, provided their workplace is open. As people start to trickle back into the workplace over the next few months, we’re going to see the emergence of a very dierent workplace. More people are going to continue to work remotely, whether full-time or part-time, and businesses are going to have to deal with the impact of the predicted recession.

Related slideshows

Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
 
Mayfield CXO Survey: Post COVID-19 Impacts to IT
Mayfield CXO Survey: Post COVID-19 Impacts to ITMayfield CXO Survey: Post COVID-19 Impacts to IT
Mayfield CXO Survey: Post COVID-19 Impacts to IT
 
With 5G adoption, come new cybersecurity risks to mitigate
With 5G adoption, come new cybersecurity risks to mitigateWith 5G adoption, come new cybersecurity risks to mitigate
With 5G adoption, come new cybersecurity risks to mitigate
 
1 of 4
Download to read offline
ITProPortal is supported by its audience. When you purchase through links on our site, we may earn an a liate commission. Learn more (Image credit: Image Credit: Deepadesigns / Shutterstock)      The top cybersecurity challenges post-lockdown By Gidi Cohen 5 hours ago This ‘new normal’ brings with it many challenges, not least for cybersecurity teams. According to current government guidelines, everyone who cannot do their job from home should now go to work, provided their workplace is open. As people start to trickle back into the workplace over the next few months, we’re going to see the emergence of a very di erent workplace. More people are going to continue to work remotely, whether full-time or part-time, and businesses are going to have to deal with the impact of the predicted recession. This ‘new normal’ brings with it many challenges, not least for cybersecurity teams who will have to develop new short- and long-term plans to ensure resiliency.  Challenge one: not all employees will return to work The shift to remote working, and with it the empty o ces and quiet commutes, provided some of the most striking images re ecting just how much the Covid-19 pandemic had impacted businesses. It also refocused IT and security priorities: new connections, devices and VPNs expanded the corporate network perimeter and created a need for the enforcement of greater protections. 
The interlacing of corporate and domestic networks has suddenly become a real concern. And as the workforce looks set to continue to make full use of their home o ce space, it seems likely that the attack methods deployed during the rst throes of the crisis (primarily phishing attacks) will not abate. If businesses are going to properly secure their critical assets, they need to understand where all ingress and egress points exist within their newly expanded network so that they are armed with the knowledge needed to develop their ongoing security strategies. Challenge two: an increase in cyber threats and scams Since the start of the Covid-19 pandemic, there has been a dramatic increase in the number of cyber-attacks and email scams. While a large degree of criminal activity has been conducted in a scattergun way to target the public at large, there have also been several focused attacks on corporate entities. In June 2020, the UK’s national reporting center for fraud and cybercrime, Action Fraud, reported that there have been over 16,300 cases of successful scams and losses totaling £16.6m over the lockdown period. It was also reported that the public reported more than 160,000 suspect emails to the National Cyber Security Centre over just one weekend in May. This onslaught of phishing attempts, paired with the increasing sophistication of the ransomware and trojans that criminals are using to target businesses, is emblematic of a very sobering threat landscape. Criminals appear to have greater opportunities than ever to gain leverage within a corporate environment. Challenge three: a potential recession An economic crash – which has been predicted to happen in the coming months – could mean that businesses will have to reduce their spend. This could come in the form of job cuts, delayed projects, or cuts in technology and services. Cybersecurity teams need to anticipate this by establishing more e cient ways of working now. One of the best ways that they can do this is by taking advantage of technology that automates time-sapping processes and determining how well their current solutions integrate with each other. Surviving the dreary economic outlook will depend, in part, on making the best use of data. Within the security function, this means collating, normalizing and modelling to understand risk posture and prevent attacks – but it doesn’t necessarily mean that costly investments will need to be made. Businesses should look at their existing tech stacks, identify ine ciencies and establish ways to get the solutions to work more collaboratively. Challenge four: cloud security Although Covid-19 has put many transformation projects on hold, cloud adoption is increasing at pace. The e ciencies o ered by containers and Kubernetes are even more attractive now than they were in the pre-Covid age. But this shift isn’t without its challenges: security teams need to make sure that all cloud services are properly con gured to prevent any new risk being introduced to the corporate environment. To do so, they will need to be able to ensure their involvement in digital transformation projects and have the capacity, resources and agility needed to support the businesses as it spins up new services. Challenge ve: accelerating digital transformation It isn’t just investment in cloud services that’s increasing – interest in SD-WAN, SASE, etc., are accelerating as budgets are cut from other projects. For security teams, this has resulted in them having to deal with an increase in the deployment of VPNs and other remote access capabilities, modi cations to rewalls and other controls to enable the remote access to corporate resources that forms a central role in continuity plans. Again, security teams need to be able to act quickly to secure these initiatives. If there are any chinks in the armor, they risk falling into non-compliance. At a time when scal stability is paramount, the threat of attack and the risk of landing nes from regulatory bodies cannot be underestimated.  What should organizations do to protect themselves? To better protect themselves, businesses can develop a cybersecurity model that accommodates working from home on an ongoing basis. To secure their remote workforce, organizations should have already de ned how to handle employees with hardware or software issues, know how to maintain management of remote computers (including patching, con guration and detecting any potential compromises or policy violations), and should have a plan of action that can be used if internal IT systems become overwhelmed. Beyond that, to reach assured levels of appropriate cybersecurity controls, they need to have an infrastructure-wide view of all corporate assets to gain full network visibility as soon as possible to ensure risks are not exploited. They should also conduct continuous access and path analysis to critical systems and between network systems; be con dent in their ability to address critical vulnerabilities on critical
 GET WEEKLY NEWS AND ANALYSIS Sign up below to get the latest from ITProPortal, plus exclusive special o ers, direct to your inbox! Your Email Address SIGN ME UP CYBERSECURITY CHALLENGE LOCKDOWN COVID-19 TOPICS business assets; and have processes in place that will ensure proper con guration of VPN, rewalls, security and networking devices, and all other ingress and egress points. Network segmentation should be introduced to secure the company’s most sensitive data, so that should a cyber-criminal enter the network, they will not be able to gain access to the most critical parts of the system. Organizations’ security teams must also ensure that their cybersecurity policies are strong enough, and that they are adhered to. They must continually educate employees on good cyber hygiene; every worker has a role to play in keeping their company’s data protected from breaches, especially if they are going to have to continue to work on home networks with limited security. Covid-19 as a catalyst for change Covid-19 has, and will, continue to act as a catalyst for change within the cybersecurity industry. However, the new challenges thrown up by the pandemic haven’t displaced existing cybersecurity issues. The CISO still has to contend with complex network environments, pressure to grow the business, digital transformation and so on. And cybercriminals continue to improve their capabilities and focus, making it a case of ‘when’, not ‘if’, organizations will be on the receiving end of an attack. The outlook for 2020 and beyond may be bleak, but by putting cybersecurity at the top of their agenda businesses will be able to maintain compliance, avoid attack, and maintain consumer con dence. Gidi Cohen, co-founder and CEO, Skybox Security Super Boost WiFi | Sponsored Desert Order | Sponsored Philippines: New Wifi Booster Stops Expensive Internet Play this Game for 1 Minute and see why everyone is addicted ITProPortal New phishing scam uses IBM Cloud, Microsoft Azure to feign legitimacy There is a new phishing scam doing the rounds. Perfect-Dating.com | Sponsored Cubao is actually full of handsome single men. Check them out on this free dating site!
No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission. MOST READ MOST SHARED 2 How to insert a tick or a cross symbol in Microsoft Word and Excel 3 How to turn o "OK Google" Android voice search 4 Phishing attacks concealed in Google Cloud Services 5 How to start page numbering from a speci c page in Microsoft Word ITProPortal is part of Future plc, an international media group and leading digital publisher. Visit our corporate site. © Future Publishing Limited Quay House, The Ambury, Bath BA1 1UA. All rights reserved. England and Wales company registration number 2008885. 1 Paypal accidentally creates world's rst quadrillionaire About us Terms and conditions Privacy policy Cookies policy Advertise with us

More Related Content

The top cybersecurity challenges post-lockdow

  • 1. ITProPortal is supported by its audience. When you purchase through links on our site, we may earn an a liate commission. Learn more (Image credit: Image Credit: Deepadesigns / Shutterstock)      The top cybersecurity challenges post-lockdown By Gidi Cohen 5 hours ago This ‘new normal’ brings with it many challenges, not least for cybersecurity teams. According to current government guidelines, everyone who cannot do their job from home should now go to work, provided their workplace is open. As people start to trickle back into the workplace over the next few months, we’re going to see the emergence of a very di erent workplace. More people are going to continue to work remotely, whether full-time or part-time, and businesses are going to have to deal with the impact of the predicted recession. This ‘new normal’ brings with it many challenges, not least for cybersecurity teams who will have to develop new short- and long-term plans to ensure resiliency.  Challenge one: not all employees will return to work The shift to remote working, and with it the empty o ces and quiet commutes, provided some of the most striking images re ecting just how much the Covid-19 pandemic had impacted businesses. It also refocused IT and security priorities: new connections, devices and VPNs expanded the corporate network perimeter and created a need for the enforcement of greater protections. 
  • 2. The interlacing of corporate and domestic networks has suddenly become a real concern. And as the workforce looks set to continue to make full use of their home o ce space, it seems likely that the attack methods deployed during the rst throes of the crisis (primarily phishing attacks) will not abate. If businesses are going to properly secure their critical assets, they need to understand where all ingress and egress points exist within their newly expanded network so that they are armed with the knowledge needed to develop their ongoing security strategies. Challenge two: an increase in cyber threats and scams Since the start of the Covid-19 pandemic, there has been a dramatic increase in the number of cyber-attacks and email scams. While a large degree of criminal activity has been conducted in a scattergun way to target the public at large, there have also been several focused attacks on corporate entities. In June 2020, the UK’s national reporting center for fraud and cybercrime, Action Fraud, reported that there have been over 16,300 cases of successful scams and losses totaling £16.6m over the lockdown period. It was also reported that the public reported more than 160,000 suspect emails to the National Cyber Security Centre over just one weekend in May. This onslaught of phishing attempts, paired with the increasing sophistication of the ransomware and trojans that criminals are using to target businesses, is emblematic of a very sobering threat landscape. Criminals appear to have greater opportunities than ever to gain leverage within a corporate environment. Challenge three: a potential recession An economic crash – which has been predicted to happen in the coming months – could mean that businesses will have to reduce their spend. This could come in the form of job cuts, delayed projects, or cuts in technology and services. Cybersecurity teams need to anticipate this by establishing more e cient ways of working now. One of the best ways that they can do this is by taking advantage of technology that automates time-sapping processes and determining how well their current solutions integrate with each other. Surviving the dreary economic outlook will depend, in part, on making the best use of data. Within the security function, this means collating, normalizing and modelling to understand risk posture and prevent attacks – but it doesn’t necessarily mean that costly investments will need to be made. Businesses should look at their existing tech stacks, identify ine ciencies and establish ways to get the solutions to work more collaboratively. Challenge four: cloud security Although Covid-19 has put many transformation projects on hold, cloud adoption is increasing at pace. The e ciencies o ered by containers and Kubernetes are even more attractive now than they were in the pre-Covid age. But this shift isn’t without its challenges: security teams need to make sure that all cloud services are properly con gured to prevent any new risk being introduced to the corporate environment. To do so, they will need to be able to ensure their involvement in digital transformation projects and have the capacity, resources and agility needed to support the businesses as it spins up new services. Challenge ve: accelerating digital transformation It isn’t just investment in cloud services that’s increasing – interest in SD-WAN, SASE, etc., are accelerating as budgets are cut from other projects. For security teams, this has resulted in them having to deal with an increase in the deployment of VPNs and other remote access capabilities, modi cations to rewalls and other controls to enable the remote access to corporate resources that forms a central role in continuity plans. Again, security teams need to be able to act quickly to secure these initiatives. If there are any chinks in the armor, they risk falling into non-compliance. At a time when scal stability is paramount, the threat of attack and the risk of landing nes from regulatory bodies cannot be underestimated.  What should organizations do to protect themselves? To better protect themselves, businesses can develop a cybersecurity model that accommodates working from home on an ongoing basis. To secure their remote workforce, organizations should have already de ned how to handle employees with hardware or software issues, know how to maintain management of remote computers (including patching, con guration and detecting any potential compromises or policy violations), and should have a plan of action that can be used if internal IT systems become overwhelmed. Beyond that, to reach assured levels of appropriate cybersecurity controls, they need to have an infrastructure-wide view of all corporate assets to gain full network visibility as soon as possible to ensure risks are not exploited. They should also conduct continuous access and path analysis to critical systems and between network systems; be con dent in their ability to address critical vulnerabilities on critical
  • 3.  GET WEEKLY NEWS AND ANALYSIS Sign up below to get the latest from ITProPortal, plus exclusive special o ers, direct to your inbox! Your Email Address SIGN ME UP CYBERSECURITY CHALLENGE LOCKDOWN COVID-19 TOPICS business assets; and have processes in place that will ensure proper con guration of VPN, rewalls, security and networking devices, and all other ingress and egress points. Network segmentation should be introduced to secure the company’s most sensitive data, so that should a cyber-criminal enter the network, they will not be able to gain access to the most critical parts of the system. Organizations’ security teams must also ensure that their cybersecurity policies are strong enough, and that they are adhered to. They must continually educate employees on good cyber hygiene; every worker has a role to play in keeping their company’s data protected from breaches, especially if they are going to have to continue to work on home networks with limited security. Covid-19 as a catalyst for change Covid-19 has, and will, continue to act as a catalyst for change within the cybersecurity industry. However, the new challenges thrown up by the pandemic haven’t displaced existing cybersecurity issues. The CISO still has to contend with complex network environments, pressure to grow the business, digital transformation and so on. And cybercriminals continue to improve their capabilities and focus, making it a case of ‘when’, not ‘if’, organizations will be on the receiving end of an attack. The outlook for 2020 and beyond may be bleak, but by putting cybersecurity at the top of their agenda businesses will be able to maintain compliance, avoid attack, and maintain consumer con dence. Gidi Cohen, co-founder and CEO, Skybox Security Super Boost WiFi | Sponsored Desert Order | Sponsored Philippines: New Wifi Booster Stops Expensive Internet Play this Game for 1 Minute and see why everyone is addicted ITProPortal New phishing scam uses IBM Cloud, Microsoft Azure to feign legitimacy There is a new phishing scam doing the rounds. Perfect-Dating.com | Sponsored Cubao is actually full of handsome single men. Check them out on this free dating site!
  • 4. No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission. MOST READ MOST SHARED 2 How to insert a tick or a cross symbol in Microsoft Word and Excel 3 How to turn o "OK Google" Android voice search 4 Phishing attacks concealed in Google Cloud Services 5 How to start page numbering from a speci c page in Microsoft Word ITProPortal is part of Future plc, an international media group and leading digital publisher. Visit our corporate site. © Future Publishing Limited Quay House, The Ambury, Bath BA1 1UA. All rights reserved. England and Wales company registration number 2008885. 1 Paypal accidentally creates world's rst quadrillionaire About us Terms and conditions Privacy policy Cookies policy Advertise with us