Back in December of 2019, when COVID-19 first started to erupt in the Wuhan province of China, the first thought was it would stay there, and not spread too far. But two years later, the world has been literally turned upside down, and changed in ways that were not even thinkable. This is especially true for Cybersecurity. Many lessons have been learned and are now being applied going forward. This is the focal point of this article.
The Cybersecurity Measures Now
- The use of the VPN:
This tool has long been the trusted source for securing the network lines of communication between a remote worker and the shared resources that he or she was trying to access from the server. But, it was designed to handle a certain amount of remote workers, not the near 99% we are seeing now. Thus, it has reached its breaking point, and because of that, many Cyberattackers have preyed upon this weakness in order to infect the VPNs with malicious payloads. As a result, many businesses are now using the Next Generation Firewall. This is considered to be a much more advanced version of the traditional VPN, and it is designed to handle the rigors of a large remote workforce, like we are seeing now.
- The end of Perimeter Security:
This has been the methodology used to a protect a business for a long time. In theory, there is one circle of defense that surrounds the entire organization, and all of the security tools and technologies should be deployed here. While you have may a strong armor, but it is just one layer. If this is broken, the Cyberattacker can again access to anything they want to. Also, there was a certain level of trust that was implied in this model with employees, contractors, and key stakeholders. But this is now a thing of the past. Many businesses have either deployed or are planning to implement what is the known as the Zero Trust Framework. Rather than viewing the IT/Network Infrastructure as a whole, it is now broken up into different segments or layers, with each one of them having own line of defense. This can be further specified as using at least three or more different types of authentication mechanisms. For example, a combination like this could be a One Time Password (OTP), a challenge/answer response, a Biometric modality, such as that of Fingerprint and/or Iris Recognition. Also, as its name implies, nobody can trusted. Everybody has to go through and pass each layer of defense, with no exceptions being made, whatsoever.
- The migration to the Cloud:
Before COVID-19 hit, many organizations had a brick-and-mortar office, with their IT/Network Infrastructure being On Premises. However, when the rush to scramble employees into a remote working environment started to occur, many IT Security teams simply could not give out security hardened device to each and every worker. As a result, many of them started to use their own personal devices in order to do their daily job tasks. Not only did this pose a serious threat, but now there was now the intermingling of both the home and business networks, which left many backdoors wide open. Once things started to settle down a bit, many businesses started to realize the advantages and benefits of making a full migration to the Cloud, such as that of the AWS or Azure. With this kind of deployment, IT Security teams do not have to be concerned about issuing company devices, as all shared resources can now be accessed in a relatively safe manner. But even here, there can be issues. For example, the initial thinking was that since you are in the Cloud all is secure, with no further efforts being needed. While this is true to a certain extent, it is up to the business to make sure that whatever configurations are being used they meet your own security requirements. In other words, don’t simply rely on the default settings. Businesses are now making this a high priority, in order to avoid any data leakage issues.
- The need for Incident and Disaster Planning:
While this was on the back of the minds of many CISOs, many of them simply took a knee jerk reaction before the pandemic hit. For example, “Why bother with creating this sort of documentation when we have never been breached before?” Well, COVID-19 changed all of that. While there are still many businesses that are lacking formal Incident and Response Plans, CISOs are now starting to realize the full importance of it, and thus, it has become a high priority, even for the Board of Directors.
- The use of Third Parties:
Long before even COVID-19 made its impact, many organizations did not vet their third-party suppliers carefully. There was a lot of trust that was involved here, and a simple contract was suffice enough. But with the world now gone mostly digital, it is simply hard to trust anybody after meeting over a Zoom or Teams video conference. Therefore, many businesses are now taking a much proactive approach when it comes to selecting these entities. For example, many of them have now adopted a full vetting process, which even involves conducting a security audit of their IT/Network Infrastructure. The process is now much more time consuming and exhaustive, but the pay off is now that you will be working with a supplier in which you can trust. After all there is a lot at stake here. Depending on what you procure or outsource, more than likely you will be sharing confidential information. If there was a data leakage which included this, the supplier will not be held responsible, but you will be. Not only that, but you could also come under the scrutinization of the GDPR and the CCPA, and face expensive audits with hefty financial penalties.
As the world braces for new hurdles to be faced, it is quite likely there will be even newer Cyber lessons to be learned. But the key thing for any CISO and their IT Security team is to remember the lessons of the past, and apply that to the future, no matter what the obstacles might be.