Advertisment

Cybersecurity in the Year of COVID-19: A Recap

Here is a recap of some of the most important cybersecurity lessons in 2020 that CISOs have learnt from Rajesh Maurya, RVP, India & SAARC, Fortinet.

author-image
CIOL Bureau
New Update
Operational Technology Leaders Continue to Face Security Challenges: Fortinet

2020 was one of the most unpredictable years in the history of cybersecurity – and also one of the most vulnerable. We saw spikes in cyberattacks against remote workers, online classrooms, and workplaces as networks expanded due to a widespread shift to remote working – something that nobody could have fully anticipated or prepared for. CISOs had to rapidly adjust their security strategies to these increased threats and new work realities, with little room for error.

Advertisment

There have been ups and downs, but no tough moment comes without a lesson. With that in mind, here is a recap of some of the most important cybersecurity lessons in 2020 that CISOs have learnt from.

Common Threats Gain New Life

Two main effects during the pandemic in 2020 led to increased phishing and malware attacks. The first was the increase in employees working from home, often on personal devices with minimal security. The second was that human emotional vulnerability, which phishing attacks have long relied on, was amplified by stressors related to the pandemic and the shift in the work environment. The 2020 Remote Workforce Cybersecurity Report showed that nearly two-thirds of respondents saw an increase in breach attempts, with 34% of those surveyed had experienced a breach during the shift to telework.

Advertisment

Unsecured Home Networks

Within the confines of a corporate office, one can easily safeguard company IT infrastructure against threats. But more people working from home introduces personal computers, tablets, and phones, as well as various internet of things (IoT) devices on home networks into the larger corporate network. This creates a host of vulnerabilities bad actors can exploit that they did not previously have access to. Because of this, CISOs suddenly found themselves seated at the table. They have to involve in decisions that have become more and more strategic. CISOs had to coordinate a culture of security throughout all departments of the company, including advising the CEO and the Board.

Social Engineering

Advertisment

Phishing has long relied on social engineering tactics geared toward exploiting the weakest link in a network – humans. Appealing to intense emotions makes it much more likely that someone will click on a link that leads to a malware attack. Besides, cybercriminals are now making use of basic AI-ML to refine their traditional “spray and pray” tactics. By measuring which types of attacks, which messages, and which links and attachments targets were more likely to get clicked, cybercriminals have been able to modify and optimize phishing emails to ensure maximum impact.

Reflecting on Critical Cyberthreat Trends from 2020

A recent Global Threat Landscape Report from FortiGuard Labs illustrates many of the trends that have emerged or shifted so far this year. While the pandemic is identified as a driving factor, other new threats have emerged as well. Key takeaways for CISOs include:

Advertisment

• As mentioned previously, the coronavirus led to pandemic-themed phishing attacks and scams that employees should be made aware of.

• Web-based malware used in phishing and other attacks also increased. While this was on the rise before the pandemic, as more people surf the internet from home devices these types of attacks are gaining a stronger foothold.

• Consumer-grade routers and IoT devices were a common point of exploitation due to an increase in employees working from home and connecting to the enterprise network from personal devices.

• Currently, 2020 is on track to shatter the record for disclosed vulnerabilities, though the ratio of vulnerabilities with active exploits remains low.

Solutions for Structuring a Secure Telework Business Model

Just as COVID-19 shows no sign of going away anytime soon, neither does working from home. In fact, Global Workplace Analytics predicts that telework will remain a trend even after the pandemic subsides. This is due to the flexibility and convenience it provides. Because of this shift, CISOs must work to understand new traffic patterns, set new baselines, and build new alerting and reporting guidelines to keep their workforce secure.

Advertisment

As such, lessons learned during the early days of the pandemic can inform solutions for secure telework moving forward. Many teams implemented critical baseline solutions when remote work first became widespread in 2020. Now, CISOs should plan for additional security solutions in their 2021 strategies.

These include taking the following measures:

Multifactor authentication (MFA) provides another layer of protection as it requires additional verification of end-users. One method for achieving multifactor authentication is through tokens - hardware or software. It features a time-based password generator. The identity of end-users can also be established using a tool that provides access management and single sign-on.

Advertisment

Endpoint detection and response (EDR) is another critical security factor that provides proactive identification of threats on endpoint devices. EDR systems actively monitor data in real-time, identifying threat patterns and automatically responding. Advanced EDR solutions not only respond automatically to incidents but also utilize AI-based technology to predict and prevent threats.

Network Access Control (NAC) allows IT teams to view all devices on a corporate network and control them using dynamic and automated responses. This enables the network to quarantine or simply refuse access to non-compliant devices. It also provides critical access controls for businesses whose users need to work from home on personal devices. Thus providing a scalable solution that simplifies the onboarding process for remote users.

Secure SD-WAN helps companies to rapidly and securely choose the best communication path for their users at any given time. This strategy supports the changing communications patterns of remote workers, especially as telecommuting becomes more commonplace.

Advertisment

Create a Human Firewall by Educating Remote Workers

Implementing a robust security strategy may lay the foundation for safe remote work. Yet, we must note that the human factor has long been the weakest link against phishing and malware attacks. This is of particular concern now. Not only has the pandemic led to heightened fears and emotions that are easily preyed upon using these techniques, but with so many new people working from home, especially those also seeing a huge increase in messages from company leadership, it has become increasingly difficult for users to determine whether or not an email is legitimate.

One of the most important tools in combatting phishing is an educated workforce. By prioritizing cyber awareness training; creating partnerships between security teams and other departments; establishing easy-to-follow best practices; CISOs can help their employees understand their impact on cybersecurity within the enterprise. They can provide them with the tools and training they need to protect themselves and the organization.

Building a Culture of Security

The shift to remote work has created a more complex security landscape. These will require significant focus and resources moving forward. One of the biggest tasks ahead for CISOs in the coming months is going to be to work closely with other parts of the organization to instil a real culture of security. Adaptability, innovation, and open minds are key as CISOs look to further secure their networks heading into 2021.

cybersecurity