What is cyber security after COVID-19?
We have now passed the stage of emergency policies and procedures being implemented, new technology being procured outside a normal tender and we have determined our businesses tasks that cannot be performed remotely since they require strict supervision. There were a few hiccups, lessons learned, but we are there now! In this blog post, we will look at how some of these major shifts will impact the three pillars of cyber security: People, Process, and Technology.
What does the post lockdown business world look like?
The expected cloud transformation over the next years has been accelerated, however, it has done so in a way that encompasses remote working at its core — which definitely wasn’t predictable. Indeed, corporate VPNs that were expected to manage the traffic of no more than 20% of employees have been insufficient. Companies have either expanded these or moved to cloud VPNs to access corporate information. In addition, cloud online meetings and collaboration tools had to be bought by many companies, in part due to the network constraints on existing VPN technology.
Certain employers who did not provide the option of remote working, have been forced to implement it. Desktops were shipped to employees’ residencies when new laptops couldn’t be bought and in certain cases, personal devices were employed (a prime example of an increased attack surface!).
Also, as offices emptied, so did the justification for expensive MPLS routes between them. Redundancies and furloughing within organisations created resentment. Simply its risk to employees in a difficult job market has created fear, which leads to unpredictability.
How does this new world change cyber security needs?
The key changes to the People pillar are the increased risk of insider threats. Indeed, staff behaving in a legitimate fashion will still act abnormally in the eyes of the security tools (which don’t have “pandemic behaviour” data), and therefore any system employing UBA should be adjusted.
Moreover, without face-to-face interactions, it will be difficult to spot resentment amongst employees at a time when redundancies and salary reductions are rampant. Policies and procedures around insider threats that would revoke access and hold devices pending an investigation would not be possible with remote working. For this reason alone, it is recommended to have staff come to the office periodically, to not arise suspicion that an investigation is underway.
Processes have clearly changed due to the new constraints. The obvious ones are remote working and hiring/firing procedures. As mentioned in the paragraph above, justify the need for periodic office working (even if simply once a week).
Technology has shifted towards a zero-trust architecture where cloud Identity & Access Management is key instead of network segmentation/segregation. The shift will lead to different skill sets being required within a company and potentially less IT personnel (which again would be difficult to make redundant in a secure manner in the current climate).
What can businesses do to adapt to these new needs?
Fortunately, cyber security standards and guidance were not dependent on employees working from offices, these were designed to be flexible. Below are three key recommendations:
- First, always remember to get your IT infrastructure penetration tested following any major changes, now might be a good time!
- Next, ensure your new processes are incorporated into your policies (particularly BYOD and access control procedures). Don’t have them? Then it might a good time to create and implement them. Particularly as businesses may be looking for new suppliers post-pandemic and proof that you are implementing a comprehensive information security management system (such as ISO 27001) might improve your looks to them.
- Finally, review any actions taken in an “emergency fashion” which bypassed standard procedures, this may include new technology or processes. In short – review the decisions you made under pressure to ensure they were appropriate and cost-effective.
The pandemic has accelerated the expected cloud migration but with an unexpected constraint. Several decisions were made outside the normal processes, these changes can increase the risk of cyber attack, and therefore it is recommended to verify they are secure. People’s behaviours have also changed from this pandemic and it may be more difficult to spot the malicious actors within your organisation and to remove them.
Stay safe. Stay secure.