A COVID Response is Important but Don’t Let It Distract From Vital Security Protections
- Salvatore Sinno, Global Chief Security Architect at Unisys
- 21.10.2020 07:15 am security
The coronavirus crisis has forced us to rethink our priorities, understandably putting health and financial concerns at the top of agenda.To ensure personal safety and comply with social distancing guidelines, people moved almost every aspect of their lives online. However, with increasing time and variety of activities we do virtually, it is easy to lose sight of the cyber risks.
Any period of uncertainty isseen by malicious actors as an opportunity to exploit gaps in cybersecurity and develop sophisticated methods to leverage possible vulnerabilities. In fact,cyber-attacks have increased within the current climate – the latest figures from Action Fraud, the national reporting centre for fraud and cybercrime, already shows that the coronavirus-related scams amounted to over £11 million in losses. Unsurprisingly, the financial sector has been a particularly appealing target for hackers, with the reported two-fold increase in attacks across the world.
Overlooking cybersecurity concerns
Although the threats are becoming more prevalent, Brits increasingly worry about safety in light of the spreading virus at the expense of protecting financial details online; the numbers fell significantly, as reported by theUnisys Security Index 2020 (USI). British consumers tend to be less worried about online risks such as bankcard fraud as levels dropped to 44% in 2020. Meeting financial obligations isalso less of a concern to the UK –with a 6% drop to 38% compared to last year.
Unsurprisingly, the USI findings show that health and national security issues dominate as primary concerns in light of the pandemic. However, even in such unusual circumstances, it's important that organisations continue to ensure efficient cybersecurity measures are in place. Despite the rapid changes taking place, security will remain the key trust factor for customers. The pressure to protect online assets has further increased as companiesbegan to work differently and behaviour patterns changed. In fact, more people use the internet extensively for work purposes, and often those users may not be adept at doing so.
Indeed, lockdown and social distancing regulations has put pressure on companies to share data, communicate and collaborate remotely via online channels. The unprecedented requirement for companies to scale their remote working capabilities for staff from around 15% to more than 90% meant that the priority of focus for organisations was on the technology to enable this. The scrutiny of the security aspects of such a move had to be considered after the event.
With a greater reliance and use of digital channels, the attack surface for cybercriminals has grown exponentially during the pandemic. People have long been the favoured target for attackers and are responsible for enabling well over 90% of all successful cyber-attacks, usually through opening infected files and hyperlinks in emails to name but a couple attack vectors.
Underlying issues require remediation
Although security threats are not a novelty caused by the mass shift to remote working, COVID-19 has significantly complicated and exacerbated the issue around cyber protection. The challenges facing organisations in this new landscape are both technical and human, and technology should not bring additional risks to the mix. Companies need toensure the access and bandwidth to maintain productivity and provide acceptable ROI having scaled up considerably. As noted, humans can enable over 90% of successful cyber-attacks, with so many more now working from home, these vulnerabilities are heightened.
Employees not used toworking remotely will see a blurring of their private and work life. Their working environment has now encroached into their home environment where many will not have the luxury of having a dedicated home office or study. This means they are using their bedrooms, living rooms and personal spaces to work. The net result of this is likely to be a significant increase in stress levels for employees, in which they will be less vigilant and therefore more susceptible to clicking an infected file or link in a phishing email.
Given these vulnerabilities it is critical that organisations implement effective cyber awareness and education and strive to create an environment and culture for their employees that recognises and addresses the stress remote working can cause.In terms of technology, careful consideration is required now that remote working capability has been established and stabilised as to how to reduce the increased risk introduced by scaling certain technologies that may already have distinct vulnerabilities, such as Virtual Private Networks. Introducing more complexity into existing infrastructure and networks is not the way to go.
Third-party expertise is key
Bearing in mind all of those factors, trustin a provider still remains critical to consumers and SMEs alike. Organisation’s ability to deliverhigh levels of security can turn into the key customer driver of choice and give it a competitive edge over other suppliers.
From our experience and extensive research, it is clear that security is a major area of concern for providers and one where they feel most in need of support. Unfortunately, many financial institutions might not have sufficient expertise to know what security measures they should invest in. As companies may lack the capability and time to fully implement new security systems, external help can allow them to run the business without compromising cyber protection for their customers.
Although sticking to the familiar technology seem as a way to avoid unnecessary disruption, there are solutions which can efficientlyreduce the risks and complexity without the need to rip and replace existing infrastructure. Indeed,now more than ever is the right time to leverage expert thirdparties in order to de-mystify the topic, focus on the right areas, build and secure consensus on integrated strategy and make progress faster than peers.
COVID-19 has undeniably redesigned virtually every aspect of the way we work and reshuffled our priorities. Although it forced leaders to make tough decisions about financial and operational side of their businesses, cybersecurity should not be overlooked. Today, when all the sensitive information about a company is stored online, protecting the networks needs to become an essential factor in decision-making and rebuilding the business.