The top cybersecurity challenges post-lockdown

security
(Image credit: Shutterstock / Askobol)

According to current government guidelines, everyone who cannot do their job from home should now go to work, provided their workplace is open. As people start to trickle back into the workplace over the next few months, we’re going to see the emergence of a very different workplace. More people are going to continue to work remotely, whether full-time or part-time, and businesses are going to have to deal with the impact of the predicted recession.

This ‘new normal’ brings with it many challenges, not least for cybersecurity teams who will have to develop new short- and long-term plans to ensure resiliency. 

Challenge one: not all employees will return to work

The shift to remote working, and with it the empty offices and quiet commutes, provided some of the most striking images reflecting just how much the Covid-19 pandemic had impacted businesses. It also refocused IT and security priorities: new connections, devices and VPNs expanded the corporate network perimeter and created a need for the enforcement of greater protections.

The interlacing of corporate and domestic networks has suddenly become a real concern. And as the workforce looks set to continue to make full use of their home office space, it seems likely that the attack methods deployed during the first throes of the crisis (primarily phishing attacks) will not abate. If businesses are going to properly secure their critical assets, they need to understand where all ingress and egress points exist within their newly expanded network so that they are armed with the knowledge needed to develop their ongoing security strategies.

Challenge two: an increase in cyber threats and scams

Since the start of the Covid-19 pandemic, there has been a dramatic increase in the number of cyber-attacks and email scams. While a large degree of criminal activity has been conducted in a scattergun way to target the public at large, there have also been several focused attacks on corporate entities.

In June 2020, the UK’s national reporting center for fraud and cybercrime, Action Fraud, reported that there have been over 16,300 cases of successful scams and losses totaling £16.6m over the lockdown period. It was also reported that the public reported more than 160,000 suspect emails to the National Cyber Security Centre over just one weekend in May. This onslaught of phishing attempts, paired with the increasing sophistication of the ransomware and trojans that criminals are using to target businesses, is emblematic of a very sobering threat landscape. Criminals appear to have greater opportunities than ever to gain leverage within a corporate environment.

Challenge three: a potential recession

An economic crash – which has been predicted to happen in the coming months – could mean that businesses will have to reduce their spend. This could come in the form of job cuts, delayed projects, or cuts in technology and services. Cybersecurity teams need to anticipate this by establishing more efficient ways of working now. One of the best ways that they can do this is by taking advantage of technology that automates time-sapping processes and determining how well their current solutions integrate with each other.

Surviving the dreary economic outlook will depend, in part, on making the best use of data. Within the security function, this means collating, normalizing and modelling to understand risk posture and prevent attacks – but it doesn’t necessarily mean that costly investments will need to be made. Businesses should look at their existing tech stacks, identify inefficiencies and establish ways to get the solutions to work more collaboratively.

Challenge four: cloud security

Although Covid-19 has put many transformation projects on hold, cloud adoption is increasing at pace. The efficiencies offered by containers and Kubernetes are even more attractive now than they were in the pre-Covid age. But this shift isn’t without its challenges: security teams need to make sure that all cloud services are properly configured to prevent any new risk being introduced to the corporate environment. To do so, they will need to be able to ensure their involvement in digital transformation projects and have the capacity, resources and agility needed to support the businesses as it spins up new services.

Challenge five: accelerating digital transformation

It isn’t just investment in cloud services that’s increasing – interest in SD-WAN, SASE, etc., are accelerating as budgets are cut from other projects. For security teams, this has resulted in them having to deal with an increase in the deployment of VPNs and other remote access capabilities, modifications to firewalls and other controls to enable the remote access to corporate resources that forms a central role in continuity plans.

Again, security teams need to be able to act quickly to secure these initiatives. If there are any chinks in the armor, they risk falling into non-compliance. At a time when fiscal stability is paramount, the threat of attack and the risk of landing fines from regulatory bodies cannot be underestimated. 

What should organizations do to protect themselves?

To better protect themselves, businesses can develop a cybersecurity model that accommodates working from home on an ongoing basis. To secure their remote workforce, organizations should have already defined how to handle employees with hardware or software issues, know how to maintain management of remote computers (including patching, configuration and detecting any potential compromises or policy violations), and should have a plan of action that can be used if internal IT systems become overwhelmed.

Beyond that, to reach assured levels of appropriate cybersecurity controls, they need to have an infrastructure-wide view of all corporate assets to gain full network visibility as soon as possible to ensure risks are not exploited. They should also conduct continuous access and path analysis to critical systems and between network systems; be confident in their ability to address critical vulnerabilities on critical business assets; and have processes in place that will ensure proper configuration of VPN, firewalls, security and networking devices, and all other ingress and egress points.

Network segmentation should be introduced to secure the company’s most sensitive data, so that should a cyber-criminal enter the network, they will not be able to gain access to the most critical parts of the system.

Organizations’ security teams must also ensure that their cybersecurity policies are strong enough, and that they are adhered to. They must continually educate employees on good cyber hygiene; every worker has a role to play in keeping their company’s data protected from breaches, especially if they are going to have to continue to work on home networks with limited security.

Covid-19 as a catalyst for change

Covid-19 has, and will, continue to act as a catalyst for change within the cybersecurity industry. However, the new challenges thrown up by the pandemic haven’t displaced existing cybersecurity issues. The CISO still has to contend with complex network environments, pressure to grow the business, digital transformation and so on. And cybercriminals continue to improve their capabilities and focus, making it a case of ‘when’, not ‘if’, organizations will be on the receiving end of an attack.

The outlook for 2020 and beyond may be bleak, but by putting cybersecurity at the top of their agenda businesses will be able to maintain compliance, avoid attack, and maintain consumer confidence.

Gidi Cohen, co-founder and CEO, Skybox Security

Gidi Cohen is co-founder and CEO of Skybox Security. He has guided the company's vision and development as the leader in cybersecurity analytics.