by Vikas Choudhary, Head of Europe – Cyber Security Practice, and Veerji Wangoo Sales & Solutions Lead, CBO
COVID-19 has simultaneously made the world much more digitally connected and much more vulnerable.
Not only has the huge increase in remote working created new opportunities for cyber criminals to attack business systems, but fraudsters have also become more sophisticated in their approach.
However, the learnings implemented during this challenging period will help future-proof businesses against other unexpected events, helping organizations across the world become more resilient.
A sudden expansion
As the pandemic hit, office workers across large swathes of Europe were instructed to work from home wherever possible. For the majority of firms, this was highly unusual.
One major corporation, an industry leader based in Italy, is an example of just how difficult this was.
Although the company’s virtual private network (VPN) was designed to support up to 4,000 concurrent users, fewer than 600 employees had actually logged in on most days before the pandemic.
But on the first day of mass remote working in March, some 5,000 people tried to log in, causing the connection to falter. In subsequent days, 8,000 users were expected – more than the system could handle. A technology problem suddenly escalated into a critical business continuity issue.
Companies across the world have faced similar challenges after being forced into distributed teams in the space of a few days.
The scale of remote working isn’t the only problem: The entry points for hackers multiply significantly when entire workforces are accessing company systems remotely. In addition, some companies need to grant access to a wider group of partners and collaborators as well as employees.
Cyber criminals are taking advantage of the explosion in remote working by using COVID-19 themed attacks designed to exploit vulnerabilities, human as well as technological. For example, one study reported a 667% rise in coronavirus-related global phishing attacks in March this year, when compared to the previous month.
Meanwhile, some collaboration software, deployed to allow teams to continue to function, has also been hacked: The very software that makes companies adaptable also contains risk, and rapid patch deployment is needed.
In search of solutions
All these increased challenges require an enormous effort to ensure organizations are protected in the months and years ahead.
At the most basic level, technology measures need to start with perimeter security using surveillance and risk analysis tools that combat threats and alert security teams to potential vulnerabilities. It’s important to use agile technologies that can adapt as threats change.
And with such a significant proportion of the global workforce working remotely, all alerts should be scanned, irrespective of severity, while data should be encrypted as it moves from a user’s home office network to corporate networks or cloud applications.
Moving systems to the cloud will increase resilience and improve protection with access verified by multi-factor authentication, including biometrics. Cloud-based applications also have the advantage of being faster to develop and easier to scale up.
At the same time, cloud-based secure desktop services make it easier to respond to threats where employees are using their own devices by giving IT teams remote access to deal with issues quickly.
During the crisis, TCS has been able to protect its customers and services through its Enterprise Cyber Security Framework, offering protection across multiple sectors including banking, financial services, energy, transport and hospitality.
Once lockdown restrictions are eased, companies should audit the access rights granted during the pandemic and test the ability of critical business systems to withstand the new threats that have emerged during lockdown.
A company is only as good as its people
It’s also important to remember that keeping organizations safe from cyber-attack is about people as much as technology.
Humans are the weakest link in any organization’s security so it’s important to launch awareness programmes through desktop wallpapers, emails and phishing simulations.
Returning to the Italian example, a cyber-security team from Tata Consultancy Services (TCS) moved into the company’s offices to work alongside the in-house IT team to make sure that capacity was increased without compromising security.
But they also reached out to users with guidance on smart-working best practices and advice on bandwidth usage so that they could play their part in optimizing the use of existing technology resources.
Security awareness education – especially around threats specific to COVID-19 – using e-learning and online training, is a vital part of the cyber-security armoury. Communication is a key priority, keeping employees and customers up to date with the latest threats and how to avoid them.
All this means that the pandemic is ushering in a new era of cyber-security. The organizations that are able to demonstrate cyber resilience will be crucial players in the economic recovery.