Security Lessons from the Pandemic
If fortune and misfortune were to come together in a bizarre setting, 2020 may go down in history as a harbinger of each. While the COVID-19 pandemic brought heavy costs for all, it’s important to look at what we have learned and how we can become more resilient as a result. During a time when everyday life was so different, each day brought new lessons for people, corporations, societies and nations, some of which came across clearly, including:
- Face to face isn’t as necessary to business as we thought. Aside from getting a haircut, it turns out we don’t necessarily need to meet in person to conduct business. The pandemic pushed previously hesitant people and organizations online, ultimately driving digital transformation exponentially faster than it had been moving.
- The new normal is here to stay. If we thought we were going back to the good ol’ ways of doing things (remember fax machines, landlines and business flights?), that isn’t happening anytime soon.
- The digital divide is larger and sharper than ever before. Be it companies, people, or nations, those that had the digital tools ready were able to take on and surmount pandemic challenges, while those without only fell further behind. No longer can anyone afford to stay away from digital.
- Agile is the new buzzword. No matter how large the company, those that were quick, clever and adaptable were clear winners — whether it was in adapting ways of working or agile solutions for addressing this new world.
While these lessons could apply to any part of the business, as a risk, compliance, and security professional, there were additional lessons learned from looking closely at companies that have thrived through the pandemic.
Business continuity planning became a major differentiator.
Those organizations that had a tested and exercised business continuity plan sailed through. Perhaps with some hiccups, but with a lot more grace than others that had none. They quickly pivoted to business online, with contactless deliveries added and managed through technology and safety measures. Those that were unprepared suffered the most — through loss of customers, valuations, and more.
Secure planning and quick implementation were key to success.
Cyber threats are everywhere and with hackers at every doorstep, defenses also had to be multi-pronged. As workforces quickly shifted away from offices, and online platforms became essential to every aspect of our lives, a multitude of security threats followed suit.
As an example, cyber criminals increasingly used fake online domains for their phishing activity. In fact, around 2,500 new meeting-related domains were registered. Considering Zoom as a case study from January 2020 to date, a total of 6,576 Zoom-related domains had been registered globally. As a result, defenses also had to be top notch, both locally and remotely. Yet again, those that had already planned for secure home working — with laptops, VPNs, and home set-ups in place — were well-poised to gain, even as rivals may have stumbled.
The digital divide has to be addressed, aggressively.
Companies that invested in digital awareness — not just for employees, but for customers too — helped close the gap, to a degree. After all, what use is a well-designed digital product if customers are not using it to its full extent? The need of the hour is for companies to provide resources, education, digital training, and share responsibility to educate consumers, especially those who may not have easy access to digital resources.
Savvy organizations go even further to improve the technical awareness of the public at large, through partnerships with governments, educational institutions, and volunteer organizations. Supporting non-traditional paths to careers in STEM and cybersecurity makes it easier for underrepresented groups to join the digital revolution. This diversity creates a large impact by increasing the base of leaders, managers, and diverse viewpoints in the cybersecurity sphere.
Risk management needs more out-of-the-box thinking, to identify and prepare for unexpected threats.
Who could have forecasted a pandemic of this proportion? If a good risk management and security plan is in place, it is possibly the best armor to tackle unpredictability. Pandemics might be rare events that don’t usually come to mind when looking at security threats, but since they carry such a high impact, the risk is critical. There may be several such other threats that look remote, but need higher scrutiny. Sharing information and joining hands across nations to fight cybercrime is another tool that can be used by organizations to mitigate this risk.
The Silver Lining
One way to look at the pandemic is to think of the silver lining that it brought, with lessons for all. Not just companies, but we, as individuals, also need to reflect. Do we have a business continuity plan for ourselves? Have we done a risk assessment of our life, family, belongings, and more? Have we planned for mental and physical resilience in the face of adversity?
As security professionals, would we panic if something untoward struck or would we be well-prepared? And most importantly, have we safeguarded ourselves with the right security defenses? Some simple things any of us can do — whether we’re security professionals or not — include:
- Securing our home networks, with anti-virus software, firewalls, IP whitelists and similar, to protect against hackers
- Securely backing up our data in case of a ransomware attack
- Using strong, unique passwords and staying alert of fake domains and phishing attempts
- Staying ahead by tracking threat and vulnerability advisories
- Implementing patching as soon as it’s available
- Protecting our social media accounts with privacy guards and minimum sharing
- Ordering goods from authentic sources (go directly to a retailer’s page rather than clicking on ad links) and only using secure online payment processing
- Securing all endpoints and monitoring them rigorously
- Teaching our families and communities about the importance of good security hygiene
Ultimately it is the unrelenting force of digital, and the response from nations, people, communities and organizations, all acting together, drawing on lessons learned from the pandemic, that can ensure a stronger and more resilient cyber world for generations to come.