For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the situation wasn’t ideal from a cybersecurity standpoint.
And hackers all over the world knew it. Almost immediately, Google reported a significant increase in malicious activity, and Microsoft noted trends that appeared to back that up. The good news is that the wave of cyberattacks unleashed by the pandemic peaked in April and has since died down. Fortunately, that’s allowing IT professionals and network administrators everywhere to take a deep breath and take stock of the new security environment they’re now operating in.
The trouble is, there’s still so much uncertainty surrounding when – or even if – businesses are going to revert to their pre-pandemic operating norms. That new reality is upending many of the assumptions that IT planners made about what their cybersecurity priorities were going to be heading into 2020.
With that in mind, here are some of the ways that COVID-19 has reshaped the threat landscape and where the new cybersecurity priorities lay.
An Externalised Attack Surface
The most obvious way that the pandemic has reshaped the threat landscape is that it has created vast new attack surfaces for IT organisations to defend. The significance of this shift can’t be overstated. For much of the past few decades, business network threat defenses have revolved around perimeter defense hardware, internal network monitoring, and strict user access controls. The general idea revolved around the notion that it was simpler to prevent network penetrations than to harden every internal networked device against attack.
Now that much of the world’s workforce is connecting to business resources remotely – and using their own hardware to do it – that approach is all but useless. It means organisations now have to rethink their entire network security apparatus and come at the task from a new perspective. In practice, that’s going to elevate new security paradigms like software-defined perimeters to the fore, as businesses look to protect IT assets both on-site and in the cloud.
Workforce Threat Education Now Mission-Critical
It isn’t just employee devices that have become vulnerable because of the coronavirus-induced shift to remote work. It’s the employees themselves that will now have to play a much more active role in maintaining their business’s cybersecurity. One needs only to look at the recent breach of Twitter’s systems to understand why this is so.
Although the details of the attack are still far from clear, Twitter has indicated that the breach was made possible using social engineering tactics to trick employees into handing over access to internal administrative tools.
It is those exact kinds of attacks that make large-scale remote work policies so inherently dangerous. Studies have shown that employees tend to let their guard down when outside of the traditional office environment, increasing the risk that they’ll fall victim to a social engineering scheme.
That means cybersecurity awareness education for every employee in every organisation just became mission-critical. Whereas IT organisations had been moving toward reliance on highly-trained cybersecurity experts to defend their pre-pandemic networks, they will now have to make sure all employees know how to keep business data and systems safe from inappropriate access no matter where they’re working.
New Access Control Systems Needed
The coronavirus pandemic has also demonstrated to IT organisations that they need to take the consolidation of access control platforms much more seriously than they have in the past. That’s because one of the consequences of the need to arrange for mass remote access to varied systems was that it became clear that managing user credentials across a panoply of on-premises and cloud assets was near-impossible outside of privileged networks.
The issue with that is twofold. First, making sure that employee access always follows the principle of least privilege (PoLP) is only possible when there’s a centralised way to visualize user rights. Second, maintaining access controls in a piecemeal fashion is an invitation to create security vulnerabilities. For those reasons, it’s all but certain that businesses are going to ramp up their investments into single-sign-on (SSO) solutions and things like encrypted hardware keys as a means of cleaning up after the mess that their hurried remote rollouts made of their access control systems.
A Brave New World
The reason it’s clear that the three items mentioned here are certain to be central features of post-coronavirus cybersecurity planning is simple. There’s a very specific through-line that runs through all three. It is that all of these new areas of focus will simultaneously accomplish two major cybersecurity goals – preserving the access flexibility that businesses now realise is essential to their continued operation and doing it in a way that achieves maximum protection for both on-premises and cloud-based systems.
That’s not to say any of this will be easy. Small businesses, in particular, face major budgetary constraints that will make it hard for them to pivot toward these new security priorities. The good news on that front is that the cybersecurity market should soon adjust to the new environment and start offering down-market solutions that help them adopt these new security norms.
Any way you look at it, though, the IT community sure has its work cut out for it in the coming months. And when you consider that there are still four months to go in what’s been a challenging year, here’s hoping that nothing more gets added to their plates.
images from Hacker News