Bio Hazard Goes Digital
COVID-19: Lessons Learned
Let’s summarize. We have been on the journey into how the COVID-19 health pandemic has had a knock-on effect on our businesses and the digital realm. Hackers have capitalized on the crisis, using social engineering attacks, malware campaigns, and a whole host of other tricks to disrupt, misinform, aggravate existing geopolitical tensions, and generally spread harm. As a result, the emergent threat model has shifted, creating a new normal for cybersecurity professionals trying to temper panic and anxiety with logical, strategic thinking.
According to ZDNet, the initiative has already removed over 2,000 coronavirus-related scams in just one month. A plethora of other groups have vowed to clean up the worldwide web, one hacker at a time, which serves as a beacon of hope and altruism in otherwise dark and confusing times.
Bad for society, bad for business
Given the domino effect, COVID-19 has had on nations globally, if anything the virus has demonstrated that – despite everything – our societies and economies are so closely intertwined. This shows how a catastrophe in one area really can spill over into another.
Responding to the crisis has shown us the impact that our behavior can have on the whole of society, rather than just individually or within our immediate circles of influence. This is an important lesson for the security community. While considering when, where, and how much to invest in security, we need to think more broadly. Instead of looking at the single-dimensional risk to our business, we also need to look at the secondary and tertiary effects on the broader economy when breaches happen. A good rule of thumb to live by is: what’s generally bad for society, is also bad for us as a business.
What does the future hold?
COVID-19 will change the entire face of the world in numerous ways – some we can predict, others we cannot possibly anticipate.
When it comes to cyber specifically, the following are how we believe the cybersecurity industry will change when our current situation returns to relative normalcy.
Pressure on Business Continuity Planning
We can no longer wait for a crisis to happen to recognize or identify weaknesses in our security armor. In the same way that banks stress tests to ensure their businesses are robust whatever the situation, businesses should also be baking regular business continuity planning (BCP) and Disaster Recovery (DR) testing into their corporate DNA. This includes the incorporation of “Contagious Illness Response.” We expect a surge in demand for consulting and support as a result of the interest in these types of policies and exercises. We also expect innovation and the emergence of additional products and platforms addressing incident response and business continuity planning, such as simulators, ongoing BCP assessment, and measurement.
Whereas hot desking was previously frowned upon by many, this is the dawning of the age of remote working, which could lead to offices reducing in size. Required infrastructure for business operations will, therefore, change drastically.
Zoom picks up speed
If offices are shrinking in size, then demand for “fuller” video conferencing and remote work-capable applications will peak. We may even see a surge in VR-enabled applications.
In VPN-less we trust
We also anticipate that demand for Zero-Trust and similar VPN-less technology will surge. This includes an increase in demand for remote desktop (VDI) and front-end services, as well as cloud-based web browser remote desktop solutions.
The new frontier
We’ll likely see an acceleration in demand for technologies protecting the new perimeter (zero-trust, data-centric, IoT, etc.)
Online services reign supreme
Online services (banking, payments, e-commerce, learning, entertainment) will continue to accelerate. As a result, we expect an increase in the consumption and the development of application security technology platforms to secure online software. This includes load balancing, DoS protection, and API security.
Returning to mother
We expect an increased perception of the risk from devices (laptops) not being connected to the mother network for longer periods (patching, anti-virus, secure configuration, etc.) As a result, we may see demand for tools such as Juniper to quarantine devices out of compliance when returning to the network.
Risk from relaxing
Relaxing is not always a good thing. We anticipate increased levels of risk from staff having more relaxed access to the Internet, e.g. Office 365, etc. and other software and services that don’t require access to the mother network. This renders features like URL filtering, firewalls, and IDS/IPS abandoned for periods. New next-generation firewall features and architecture will be needed.
Toughen up, crackdown
Moral, legal and law enforcement attitudes regarding hacking against healthcare facilities will harden considerably, perhaps even with charges as severe as manslaughter or culpable homicide. This could have far-reaching implications for the ability of law enforcement to counter cybercrime, even after the COVID-19 crisis is over.
Budgets for better or worse?
IT and security budgets will certainly change off the back of this crisis. It’s not clear yet whether that will be for better or worse. But we do expect that there will be an increased focus on and demand for clear and measurable ROI from spend on cybersecurity.