The coronavirus pandemic has created new challenges for businesses as they adjust to an operating model in which working from home has become the ‘new normal’. Companies are speeding up their digital transformation, and cybersecurity is now a serious issue. The reputational, operational, and legal could be considerable if cybersecurity risks are abandoned. This article analyse the impact of COVID-19 on cyber risk

The restrictions imposed by governments in response to the coronavirus pandemic have encouraged employees to work from home, and even ‘stay at home’. As a result, technology has become even more important in both our working and personal lives. Despite this rise of technology need, it is noticeable that many organisations still do not provide a ’cyber-safe’ remote-working environment. Where business meetings have traditionally been held in-person, most now take place virtually.

The cyber security industry has faced two major sets of challenges over the last twelve months. The attacks and exploits affecting companies and their customers have focused attention on supply chain risk, but the impact of the coronavirus pandemic has been felt more broadly across cyber security domains and disciplines. For example according to National Cyber and Crypto agency in Indonesia (BSSN) There are 88.4 millions Cyber Attack for the last 4 months. Moreover, It is stated that 83% company in Indonesia easily to get hack

Are businesses prepared for the new cybersecurity risks?

Remote working has created challenges for many small and medium-sized companies: they have not been sufficiently prepared for the upsurge in sophisticated cyberattacks, and much progress is needed to raise cybersecurity awareness. Before the pandemic, some companies were opposed to allowing remote working and especially when it came to accessing confidential data (e.g. banking client personal data). In only a short period of time, companies had to increase their capacity and capabilities for remote working. Unfortunately, cybersecurity was not always a key priority in the fast deployment of remote working capabilities.

For example, some companies do not check that personal devices are equipped with standard security protections before their employees access corporate data, relying on virtual private network (VPN) technologies to do a job that they are not by default designed for. There are ways that companies can implement security measures without being intrusive. For example, host checking is a technology that validates individual requirements on personal devices before allowing access to corporate applications. When vulnerabilities in VPNs are discovered and patches are produced to deal with them, it is important to apply the patches in a timely manner, where possible.

How companies and employees can increase cybersecurity

Employees working from home and using their personal computer (and even those using a corporate-owned device) should implement essential cyber hygiene practices. These include:

  • Antivirus protection. Employees should be provided with a license to antivirus and malware software for use on their personal computers. Although this does not provide failsafe protection, it eliminates many low-level attacks.
  • Cybersecurity awareness. Staff should be briefed on best practices and procedures to regulate the sending of emails or other content to private email addresses and/or cloud storage.
  • Home network security. Employees should ensure that their home Wi-Fi is protected by a strong password.
  • Identify weak spots. All IT systems have weaknesses. Companies should run tests to identify them and patch the most critical vulnerabilities as soon as possible. This can take the form of vulnerability scanning, or various type of penetration testing exercises. Additionally hardening of components of the technical infrastructure should be performed.

More advanced measures that can be taken include:

  • Prepare for attacks. In these high-risk times, companies are advised to carry out frequent cyber crisis simulation exercises to prepare their response to a cyberattack.
  • Zero Trust. CISOs and CIOs should consider implementing a zero trust approach to cybersecurity. This is a security model where only authenticated and authorized users and devices are permitted access to applications and data. It challenges the concept of “access granted by defaultâ€�.
  • Apply new technology and tools. Companies can use advanced tools such as host checking (a tool to check the security posture of an endpoint before authorizing access to corporate information systems) to reinforce the security of remote working.
  • Risk management. Businesses can apply governance, risk and compliance (GRC) solutions for improved risk management. GRC solutions provide a detailed view of the company’s risk exposure and help link together the various risk disciplines (e.g. cybersecurity, operational risks, business continuity).

Conclusion

Companies should be proactive in addressing the threats, and plan ways of preventing successful cyberattacks rather than responding when they occur. However although prevention measures are important, there is also a need for cyberattack detection, response and recovery capabilities.

There are ways to reduce the possibility and impact of a cyberattack, but it requires focused action and planning. Companies need to make their remote working practices resilient to cyberattacks and enhance their development and application of security measures.

References:
Cyber Security after the Pandemic. 2021. Patrick Donegan, Principal Analyst, HardenStanc.
Impact of Covid-19 On Cyber Security. 2021. https://www2.Deloitte.com