Top 4 Cybersecurity Concerns in the Post-Pandemic World and How to Tackle Them
Jul 21, 2020 | 42Gears Team
Why Cybersecurity is Essential
The COVID-19 pandemic has altered the way businesses function. As organizations transitioned to remote work models at the start of the pandemic, many had to hastily revamp their existing IT and digital infrastructures. This led some organizations to adopt policies that encouraged risky practices, creating vulnerabilities. Now, as organizations adapt to the new normal, Chief Information Security Officers (CISOs) must scrutinize the IT and cybersecurity decisions they made over the last few months.
Research by Gartner indicates that a majority of legal and compliance leaders believe the pandemic has increased the risk of cybersecurity incidents and data breaches- and yet, many IT enterprises often lag behind in complying with cybersecurity rules and regulations. For example, at many major companies, employees frequently access work data from their personal devices, which may not be secure.
This, in turn, gives rise to phishing and social engineering attacks.
1. Cybersecurity Concerns Related to Remote Work
Employees need to access business applications and data. Consciously or unconsciously, employees may risk exposing critical data by using unsecured networks or unapproved devices to access the data.
How Should CISOs Respond?
Companies are realizing that they must secure and protect remote access to enterprise resources. After the pandemic, security pros must consider deploying VPN clients as a way to allow remote employees to privately access enterprise applications and systems. Implementing a Mobile Threat Defense (MTD) solution also helps by providing an easy way for IT admins to remotely detect threats and flag vulnerabilities.
2. Unsecured Business Tools
Remote employees need many tools to coordinate and remain productive, including email, office productivity tools, and video conferencing software. Each of these tools can introduce new vulnerabilities that neither employees nor IT admins know how to resolve.
How Should CISOs Respond?
Security pros must educate employees about the risks that come with using each new tool. For example, employees must recognize COVID-19 themed email scams, fraud, and phishing attacks, and report them to IT admins right away.
3. Employees Working on Unapproved Devices/Flawed BYOD Policies
Organizations that have allowed employees to work from their own devices must integrate proper protocols to supervise and secure business data on those devices. Employees attending sales calls from their own devices, or accessing emails and cloud-based applications from an array of unapproved devices, may pose a risk to corporate data by causing data leakage.
How Should CISOs Respond?
CISOs must audit BYOD practices and ensure only approved employee-owned devices can access corporate data. Embracing a BYOD policy in conjunction with a mobile device management (MDM) solution can secure corporate data, separating personal and professional data without infringing on any personal component of an employee device. The right MDM solution will also provide security leaders with the necessary tools to monitor and enforce responsible device use and data access.
4. Threats Lurking Behind Perimeters
Now that perimeters have dissolved and traditional security frameworks will no longer function the way they used to, enterprise data is at risk. Threat actors continue to target devices that are not updated. Cybercriminals exploit careless employee behavior during the pandemic. Through social engineering, they target employees to compromise business emails.
How Should CISOs Respond?
CISOs must take steps to alert employees about different modes of attack such as emails or text-based messages. They must implement capabilities to identify unauthorized activity on business devices, employ strict password policies, and secure mobile device browsers. At this point in time, any CISO’s ultimate goal should be to manage identity and access for a remote workforce while meeting corporate security requirements.
Businesses must prepare for the possibility of a global cyber-threat- a digital equivalent of COVID-19. Analysts predict a cyber threat of this magnitude is likely to occur, and when it does, it will spread like a wildfire, with an equal or greater economic impact to that of COVID-19.
Security pros must share the lessons they have learned from the crisis. They must prioritize supporting remote workers with secure infrastructure to enable them to work wherever they are, and whenever they want.
Security leaders must consider building their infrastructure around comprehensive management technologies such as SureMDM, in order to remotely secure and manage a vast range of endpoints. SureMDM provides built-in threat detection along with the visibility and easy-to-use controls needed to secure, manage, and monitor any corporate or employee-owned mobile device or desktop that accesses business-critical data.
Gartner Disclaimer
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.