How COVID-19 Has Changed Business Cybersecurity Priorities Forever

For much of this year, IT professionals all over the globe
have had their hands full, finding ways to help businesses cope
with the fallout of the coronavirus (COVID-19) pandemic. In many
cases, it involved a rapid rollout of significant remote work
infrastructure. That infrastructure was called into service with
little to no warning and even less opportunity for testing.
Needless to say, the situation wasn’t ideal from a cybersecurity
standpoint.

And hackers all over the world knew it. Almost immediately,
Google reported a significant
increase^[1] in malicious activity,
and Microsoft noted
trends^[2] that appeared to back
that up. The good news is that the wave of cyberattacks unleashed
by the pandemic peaked in April and has since died down.
Fortunately, that’s allowing IT professionals and network
administrators everywhere to take a deep breath and take stock of
the new security environment they’re now operating in.

The trouble is, there’s still so much uncertainty surrounding
when – or even if – businesses are going to revert to their
pre-pandemic operating norms. That new reality is upending many of
the assumptions that IT
planners^[3] made about what their
cybersecurity priorities were going to be heading into 2020.

With that in mind, here are some of the ways that COVID-19 has
reshaped the threat landscape and where the new cybersecurity
priorities lay.

An Externalized Attack Surface

The most obvious way that the pandemic has reshaped the threat
landscape is that it has created vast new attack surfaces for IT
organizations to defend. The significance of this shift can’t be
overstated. For much of the past few decades, business network
threat defenses have revolved around perimeter defense hardware,
internal network monitoring,
and strict user access controls. The general idea revolved around
the notion that it was simpler to prevent network penetrations than
to harden every internal networked device against attack.

Now that much of the world’s workforce is connecting to business
resources remotely – and using their own hardware to do it – that
approach is all but useless. It means organizations now have to
rethink their entire network security apparatus and come at the
task from a new perspective. In practice, that’s going to elevate
new security paradigms like software-defined
perimeters^[5] to the fore, as
businesses look to protect IT assets both on-site and in the
cloud.

Workforce Threat Education Now Mission-Critical

It isn’t just employee devices that have become vulnerable because
of the coronavirus-induced shift to remote work. It’s the employees
themselves that will now have to play a much more active role in
maintaining their business’s cybersecurity. One needs only to look
at the recent breach of Twitter’s
systems to understand why this is so.

Although the details of the attack are still far from clear,
Twitter has indicated that the breach was made possible using
social engineering tactics to trick employees into handing over
access to internal administrative tools.

It is those exact kinds of attacks that make large-scale remote
work policies so inherently dangerous. Studies have shown that
employees tend to let their guard down when outside of the
traditional office environment, increasing the risk that they’ll
fall victim to a social engineering scheme.

That means cybersecurity awareness education for every employee
in every organization just became mission-critical. Whereas IT
organizations had been moving toward reliance on highly-trained
cybersecurity experts^[7]
to defend their pre-pandemic networks, they will now have to make
sure all employees know how to keep business data and systems safe
from inappropriate access no matter where they’re working.

New Access Control Systems Needed

The coronavirus pandemic has also demonstrated to IT organizations
that they need to take the consolidation of access control
platforms much more seriously than they have in the past. That’s
because one of the consequences of the need to arrange for mass
remote access to varied systems was that it became clear that
managing user credentials across a panoply of on-premises and cloud
assets was near-impossible outside of privileged networks.

The issue with that is twofold. First, making sure that employee
access always follows the principle of least
privilege^[8] (PoLP) is only possible
when there’s a centralized way to visualize user rights. Second,
maintaining access controls in a piecemeal fashion is an invitation
to create security vulnerabilities. For those reasons, it’s all but
certain that businesses are going to ramp up their investments into
single-sign-on (SSO) solutions and things like encrypted hardware
keys as a means of cleaning up after the mess that their hurried
remote rollouts made of their access control systems.

A Brave New World

The reason it’s clear that the three items mentioned here are
certain to be central features of post-coronavirus cybersecurity
planning is simple. There’s a very specific through-line that runs
through all three. It is that all of these new areas of focus will
simultaneously accomplish two major cybersecurity goals –
preserving the access flexibility that businesses now realize is
essential to their continued operation and doing it in a way that
achieves maximum protection for both on-premises and cloud-based
systems.

That’s not to say any of this will be easy. Small businesses, in
particular, face major
budgetary constraints^[9]
that will make it hard for them to pivot toward these new security
priorities. The good news on that front is that the cybersecurity
market should soon adjust to the new environment and start offering
down-market solutions that help them adopt these new security
norms.

Any way you look at it, though, the IT community sure has its
work cut out for it in the coming months. And when you consider
that there are still four months to go in what’s been a challenging
year, here’s hoping that nothing more gets added to their
plates.

^[4][6]