Challenged to operate through pandemic-induced office and transport facility closures, businesses have dramatically shifted to a work from home protocol. The demand for and dependency on cloud technology have skyrocketed. While it has allowed businesses to survive, this new dependency has also produced vulnerabilities to cyberattacks and a massive advantage for cybercriminals. In this article, we’ll look at how cybersecurity has evolved in the age of COVID-19.
Cyber attackers have leveraged the pandemic by exploiting the employs’ unawareness via fake COVID-19 webpages, news, and clickbait pertaining to their capital interests. Not to mention, it’s become easier for individuals to fall for phishing attempts by working in the comfort of their homes.
Also, vulnerabilities of conference services which have spiked in use – such as Zoom – have led to hacks into video conference calls and exposure and seizing of users' personal data (to then be and sold on the dark web).
The work from home protocol has placed IT departments under tremendous pressure. In the heat of businesses’ newly formed network dynamics, organization security leaders must ensure their enterprises’ websites and internal networks are resilient. This has brought VPNs and firewalls into the spotlight.
1. The recognition of overall insufficient security and data protection measures typically enforced.
2. Script kiddies (unexperienced hackers) throwing automated scripts and hacking tools at organizations to improve their skills.
3. Hacktivists using social media for their causes.
4. Malicious employees are at an advantage when working from home with less supervision.
1. Cybersecurity Awareness: Employees should be briefed on the recommended cybersecurity practices and the procedures (e.g., sending emails with encryptions, cloud storage practices, wariness of phishing attacks, etc.).
2. Home Network Security: Every employee’s home Wi-Fi should (at least) be protected by a 32-bit character password.
3. Antivirus Protection: Employees' laptops should be protected with licensed antivirus and antimalware software. While this won’t nullify all attacks, it eliminates most low-level ones.
4. VPNs: Virtual private networks use secure protocols like IKE (Internet Key Exchange) to transfer information over the internet putting them among the essential measures organizations should incorporate.
5. Penetration Tests: Companies should have pentests run on their networks and web applications to identify the undiscovered loopholes. This paired with harden one’s infrastructure is an excellent practice.
6. Zero Trust Model: Organizations should consider implementing the Zero Trust access model, providing service access specifically to authorized users (rather than granting access by default).
7. Frequent Introspection: Organizations need to evaluate their level of cybersecurity exposure frequently making amends to their policies when needed.
Cybersecurity has become a vital agenda. Attacks will only increase with possible COVID-19 and other pandemic waves. Pulling in an incident response team in reaction to cyberattacks is crucial. But it's important for companies to do what they can to mitigate attacks with proper planning and actions.