The World Economic Forum mainly concerns itself with high-level macroeconomic issues such as global recessions and world economic development. That’s why it was significant this week when the WEF cited cybersecurity as one of its “Top 10 Fallout” issues from COVID-19 in its Global Risks report.
Nearly 38 percent of those surveyed say changing work patterns will lead to increases in cybersecurity and fraud incidents.
“The constant flow of information on the virus, accompanied by fear, confusion and even the boredom of confinement, have multiplied opportunities for cybercriminals to deliver malware, ransomware and phishing scams,” said Algirde Pipikaite, the WEF’s project lead in its Center for Cybersecurity.
Pipikaite added that the corporate digital infrastructure that normally protects most organizations with multiple layers of security has become much tougher to manage while the majority of employees work from home. A blurring of the line separating corporate and personal systems heightens the risk of exposing sensitive information not appropriately secured and monitored on personal devices and home networks.
“Insider threat-associated risks are also increasing as they can be motivated by resentment from layoffs and cost-cutting measures,” said Pipikaite.
Tom Fuhrman, managing director, cybersecurity consulting and advisory services at Marsh & McLennan, added that long before the COVID-19 pandemic, cyber risks were top-of-mind for many executives.
“The rapid move to a remote workforce and online operations during the COVID-19 pandemic has just made a complex environment even more complex,” Fuhrman said. “Companies are working to secure their new IT environments at that same time hackers are seeking to exploit the stresses and distractions brought by COVID-19.”
Jon Oltsik, a senior principal analyst who focuses on security at the Enterprise Strategy Group, said while some companies are struggling, he thinks most companies have fared well rolling out work-from-home capabilities.
“Roughly half the people at most companies already had a work-from-home capability prior to the pandemic,” Oltsik said. “It was just a matter of having to scale it out some more. If this had happened 10 or 12 years ago when remote access was just for salespeople or field service people it would have been a different story.”
However, other COVID-19 research released this week by ISACA found that not everyone has full confidence in their cybersecurity team’s ability to manage the increased challenges from COVID-19.
Brennan P. Baybeck, ISACA board chair and vice president and CISO for customer services at Oracle, said the ISACA study found while a clear majority are fairly confident in their cybersecurity teams, some 40% or more have reservations. Only 51 percent of respondents believe their cybersecurity teams are ready to detect and respond to cybersecurity attacks caused by COVID-19; and just 59 percent said their cybersecurity team has the necessary tools and resources at home to perform their jobs effectively.
“These numbers should give us pause,” Baybeck said. “During this period of pivoting to a new reality, individuals, organizations and industries are needing to adapt as never before. Malicious actors will always take advantage of situations in which people are vulnerable, and we have been seeing them do so to a greater extent during the current COVID-19 crisis, including with coin mining, sophisticated phishing and ransomware attacks, and disruption attacks from nation- states.”
Tom Fuhrman of Marsh & McLennan offered three trends security pros should take note of as a result of the COVID-19 pandemic:
- Sharpen e-commerce. Many businesses are likely to develop or refine their e-commerce strategies and increase their online business channels.
- Focus on mobile data apps. Increasing digitization of personal data will be part of many existing and new business models and will attract hackers who can leverage or sell PII. This may include public health-related mobile apps that collect and analyze data for contact tracing, individual COVID-19 exposure and vaccination status, and the blending of business data with personal data on personal mobile and computing devices.
- Move to the cloud. More companies will migrate enterprise data to cloud services. The cloud has become a target of hackers because companies often do not implement appropriate security measures for their data in the cloud, and, need better cloud services management controls in place.
