Cybersecurity and cyber resilience challenges during and after COVID-19

1-  Introduction

As the COVID-19 coronavirus pandemic with its various variants continues to spread worldwide, cyber threat actors are attempting to capitalize on the global health crisis by developing malware or launching COVID-19-themed attacks. Cyber-attackers perceive the pandemic as an opportunity to intensify their criminal activities by exploiting the vulnerability of employees working from home and capitalizing on people’s keen interest in coronavirus-related news (e.g., fake malicious websites dealing with the coronavirus). Another important consideration is that (according to the IBM Cost of a Data Breach 2020 report), the average cost of a data breach resulting from remote work can be as high as $137,000 [1].

When the crisis ends, companies will face a security and compliance debt due to the impacts of the crisis: urgent changes to infrastructure, deviations and breaches of security policy, and lax controls [2]. Besides, the impending economic crisis will put significant pressure on cyber budgets in several companies.

2-   Cybersecurity and cyber resilience challenges

In this emergency, the main challenge for cybersecurity departments is to ensure optimal protection of the company against cyber threats and failures that endanger the continuity of its activities [3]. Cybersecurity challenges during and after COVID-19 can be classified into three main categories:

• Resilience: The challenge is to protect the company and its users against cyber attackers taking advantage of the crisis context (phishing, ransomware, etc.). The organization and the continuity and crisis management measures must be adapted to ensure the continuity of activities if a new crisis occurs [4].
• Recovery: The challenge is to ensure that the return to usual working methods (face-to-face, connection to the company’s local network) occurs under acceptable cybersecurity conditions and that breaches of security rules are remedied. It is also essential to ensure that the cybersecurity function regains sufficient operational capabilities adapted to the context of uncertainty, particularly by learning from the lessons of the past months.
• New realities: The challenge is to adapt the roadmap and the operating model of cybersecurity to fully meet the needs of business and customer expectations (especially in digital transformation projects) and consider the economic impacts on the resources allocated to cybersecurity.

2.1 Resilience: Maintain activity during the crisis by managing risks

Ensure the resilience and security of infrastructures and critical applications accessible on the Internet (VPN, mail servers, videoconferencing, file sharing, security tools, business applications, etc.).

• Evaluate the scalability and load-bearing capacity (hardware, licenses) of the infrastructure. If necessary, increase or reallocate capacities, study alternative solutions (with the change of suppliers if required), and renegotiate contracts with suppliers and service providers
• Test the security level of environments accessible from the Internet (penetration tests, vulnerability scans, configuration reviews, architecture reviews, etc.)
• Strengthen the security of newly opened Internet environments (strong authentication, access control, monitoring, etc.
• Adapt operational procedures for managing and supervising cybersecurity (patches, backups, anti-virus, monitoring) to the crisis context (remote work, reduced staff)
• Track deviations and breaches of the IS security policy to control risks and maintain compliance
• Monitor the company’s exposure to the Internet, including the infrastructures deployed infrastructure (cloud and Shadow IT)

Manage new risks and avoid over-incidents

• Reassess IT and cyber risks 1 in light of the Covid-19 crisis (cyber attacks, failure of critical IT systems, absence of key personnel)
• Analyze response capabilities to new crises: backups and restorations, availability of people and tools, adequacy of procedures, SLA of suppliers
• Update the IT and business continuity plans, checking, in particular, the capacity for remote deployment

Raise awareness and help employees

• Make employees aware of the risks and best practices related to the crisis context (best practices sheets, e-learning, phishing campaign)
• Help employees to secure their practices in a teleworking context, within some cases, the use of non-professional equipment and services

2.2 Ensure the exit of the crisis and re-establish an adapted cybersecurity system

Prepare and manage the return to the nominal state of the information system and the cybersecurity posture

• Evaluate the extent of the cybersecurity/privacy debt that has built up during the health crisis
• Perform a cybersecurity “health check” of the systems in a context of nominal activity resumption (employee workstations and smartphones, business applications, external infrastructures, security tools)
• Analyze and scan all equipment before reconnecting them to the company’s internal network
• Restart any temporarily interrupted cyber processes (backups, patches, authorizations, etc.), adapting them to a context that remains degraded compared to the previous situation
• Check the backups (in particular by performing restoration tests)
• Review IT and Cyber suppliers to take into account incapacities and shortcomings
• Repatriate data stored outside the company’s systems (personal computers, cloud storage, private USB keys)
• Search for undetected intrusion traces in the IS (threat hunting)

Draw lessons from the health crisis

• Analyze the past months of the Covid-19 crisis and identify the business, security, compliance, and privacy needs to which the degraded working methods could not sufficiently respond during the crisis (remote work, communication and collaboration solutions, dematerialized exchanges with customers and partners, online payments, sales and invoicing, access to business applications, etc.)
• Adapt the organization, policies, operational procedures, and continuity plans, taking into account the experiences acquired during the crisis (key systems and people, continuity of teams and cybersecurity systems, maintenance of a minimum-security base, management of a remote crisis)
• Evaluate the applications and solutions, especially collaborative ones, acquired and deployed in an emergency to confirm, replace, or to secure them

2.3 Adapt to the post-crisis world and ensure alignment with the company’s strategy

Transform the cybersecurity chain within the company to adapt to new realities

• Review the mapping of cyber risks in light of the new context and identify priority risk areas
• Reassess the cyber project portfolio in terms of its contribution to risk management and its alignment with the company’s new strategy
• Adapt the cybersecurity posture to the new context, notably in terms of roadmap, security operating model, and security measures with the objective of rationalization
• Rationalize the catalog of technical, procedural, and organizational security measures, with a view to effectiveness and efficiency
• Automate security activities (vulnerability and patch management, attack detection, and processing), notably developing AI capabilities.
• Study the possibility of outsourcing security operations: cloud, managed services
• Selecting priority cyber CAPEX/OPEX in a context of solid cost pressure
• Adapt reporting to demonstrate the effectiveness of cyber investments and alignment with the company’s strategy

Support the company’s resilience programs in the face of health or other crises

• Integrate the cybersecurity domain into the company’s operational resilience program
• Prepare and simulate cyber crises in multi-crisis contexts
• Evaluate the adequacy of cyber insurance coverage
• Strengthen controls on suppliers and subcontractors: cybersecurity, resilience, ability to deliver

3-   Conclusion

The post-coronavirus period may be a unique opportunity to build a real digital industry finally. This health crisis has revealed the importance of digital in our lives, our economies, and the extent of our dependence.

It is up to companies to implement the means to protect themselves. In this sense, cybersecurity responds to this challenge of protection and confidence to ensure the appropriate level of investment that covers cyber risks. It is considered part of a comprehensive approach to integrated management.

In conclusion, it is up to the company to use the solutions available to it against cybercrime, which are often very accessible, protect itself effectively and guarantee real security against possible cyber threats. The post-pandemic recovery and preparedness period is an opportunity for organizations to rebuild to a new normal, with business resiliency as a pervasive goal.

References

[1] https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html

[2] JIM et al. Cybersecurity After COVID-19: 10 Ways to Protect Your Business and Refocus on Resilience, Marsh McLennan, May 2020

[3] https://home.kpmg/xx/en/home/insights/2020/05/preparing-for-the-post-covid-19-era.html

[4] Kallberg, Jan, and Stephen S. Hamilton. “What COVID-19 can teach us about cyber resilience.” Fifth domain (2020)

Tags:COVIDCyber ResilienceCybersecurity