Let’s face it, 2020 hasn’t got off to a great start. The coronavirus pandemic, which has so far infected more than 550,000 people globally, has forced Governments across the globe to effectively shut down large parts of their economies, with citizens in many countries being required to stay at home.
The travel industry has been badly damaged due to the travel restrictions, and we’ve already seen a historic surge in people claiming unemployment benefits in the US. COVID-19 has already wiped trillions of dollars off global stock markets, and it’s highly likely that the route will continue.
So, what does COVID-19 mean for digital transformation? The short answer is a lot!
The Effect of Social Distancing
Naturally, given the “social distancing” measures that have been put in place, significantly more people have been working from home, and even after the coronavirus pandemic has subsided, it’s likely that this trend will continue.
In addition to more people working from home, many more people are using the internet for shopping, banking and social media. Some are even starting to seek medical advice online, as opposed to visiting their GP. Again, we’ll probably see this trend continue.
There’s a lot of people (myself included) who are stuck in their ways and prefer the “analogue” way of doing things, which involves visiting supermarkets, fast-food restaurants, high-street banks, and so on. However, this is largely due to habit, as opposed to convenience, and these habits will no doubt change as result of COVID-19.
How Will CISO Life Change
It’s difficult to predict how the coronavirus pandemic (and the ensuing recession) will pan out for CIOs and CISOs. They’re already grappling with a shortage of cyber-security professionals, and the health crisis, along with the increase in online activity, is making the problem much worse.
According to the president of the European Commission, cybercrime in the EU has increased due to the coronavirus outbreak.
Cybercriminals are not only capitalizing on the fact that more people are using the internet for work and various other activities, but they are also exploiting the crisis in other ways. Any time there is an important global event or crisis, cyber-criminals will try to use it to their advantage.
For example, according to the World Health Organization (WHO), cybercriminals have been sending out phishing emails disguising themselves as the WHO to steal money or sensitive information.
Which Industries Will Be Affected
As always, healthcare organizations, such as hospitals, research laboratories and medical centres, have been subject to a surge in cyber-attacks. So far, we’ve seen attacks on Brno University Hospital, Hammersmith Medicines Research (HMR), and the website for the public health department in Illinois has been taken offline following a ransomware attack.
According to a report by cybersecurity firm Nocturnus, the most common technique that is being used is spear phishing, which uses coronavirus-themed emails with malicious attachments.
The primary motive behind such attacks is unclear, however, it is usually the case where hackers are looking to steal valuable information, which they can sell on the black market. In this case, they might be looking for information about potential cures/vaccines.
Unsurprisingly, many of the attacks we’ve seen on healthcare have been ransomware attacks. Naturally, when the stakes are high, as they are in the case of a crisis, the hackers will be able to demand a higher ransom.
The Problems Remote Working is Likely to Cause
Even though allowing employees to work from home is likely to be beneficial in the long term, the problem is that many organizations are simply not prepared for it, and it’s unlikely that employees have been sufficiently trained to handle sensitive data when working from a remote location.
CIOs and CISOs will find it much harder to enforce company security policies, such as policies relating to what devices can be used, where they can be used, and how they can access the company network.
They will find it harder to enforce the encryption of sensitive data, both at rest and in transit. They will have little control over which applications an employee can install on their device and will struggle to ensure that all devices are password protected.
Should a device containing unencrypted sensitive data get lost or stolen, there isn’t much the CISO can do about it. If the CISO was sufficiently prepared, they could have installed Mobile Device Management (MDM) software on the users’ device, which would allow them to wipe the data from the missing device, amongst other things.
In times of recession, the last thing a business wants is for a data breach to make the headlines, and of course, it’s the last thing CIOs and CISOs want too, as it will put them even more pressure. And while the ensuing recession may result in a loss of business, this won’t necessarily ease the load on CIOs and CISOs.
Hopefully I’m wrong, but the chances are, businesses will try to cut staff and training budgets, as opposed to taking on much needed IT security professionals or training existing staff to fill the role.
Is there anything positive we can extract from this? Well, it’s not exactly a silver lining, but at least there will be less physical security threats, and less employees asking questions, which may otherwise distract CIOs and CISOs from more important tasks. Additionally, many of the internal devices, including printers and scanners, will be used less, or even made redundant, thus reducing the amount of time the IT department spends on maintaining out-dated systems.
What Can CIOs and CISOs Do to Improve the Situation?
There are, broadly speaking, four areas that CIOs and CISOs need to focus on to reduce the likelihood of a data breach during the coronavirus pandemic.
The first relates to the protocols they use to ensure that employees working from home can do so in a way that doesn’t put sensitive data at risk.
The second relates to the use of automation to compensate for the shortage of cyber-security skills, and to improve the overall efficiency and scalability of business operations.
The third relates to their ability to protect their systems from ransomware attacks. Even though the recent surge in ransomware attacks are mostly targeting the healthcare industry, hackers will no doubt continue to take advantage of the health crisis to infect anyone they can.
Finally, CIOs and CISOs need to ensure that they have the best auditing solutions in place to give them the visibility they need to identify anomalous user behaviour. They need real-time information about what data is being accessed, from what location, when, and by who.
There will be some tough challenges ahead, but it’s not all doom and gloom. In the aftermath of the coronavirus pandemic, the resulting shift in the digital landscape will inevitably yield some long-term benefits. The current crisis will lend justification to larger cyber security budgets, and result in a more data-centric approach to cyber-security. And if more employees are working from home, and using their own devices, companies will no doubt save money. Businesses may even move into smaller buildings, which could significantly reduce their overheads. Not only that, but it could actually result in a boost in productivity, as employees tend to feel happier working from home, using devices which they are familiar with.
To see how Lepide can help organizations adapt to remote working whilst maintaining data security and productivity, click here.