The pandemic’s effects on health, businesses, and infrastructure led to disaster for many. Entire societies were affected as deaths and response policies combined to completely change the very idea of day-to-day living. Many individuals felt the loss of loved ones, while many others lost their employment or businesses.
Through all of this, while most legitimate businesses struggled en masse, cybercriminals enjoyed an economic boom. Mass confusion, changes to patterns of behavior, increased reliance on remote workers, and other factors made 2020 ripe for their “trade”.
The numbers are quite stunning. Reports of cybercrime increased by nearly 70% in the US compared to 2019. The UK saw a 31% increase over the previous year. What we’re seeing is not just a rise in frequency, but an increase in damage and aftermath. If you’ve been following the news, you’ve likely noticed that some of the most devastating cyberattacks and data breaches to date were carried out during the pandemic.
These increases are attributed mostly to the migration of workers from secure on-site networks to their own home offices where unsecured devices and networks were the norm. While remote work was largely successful in terms of keeping the economy alive, this measure made businesses extremely vulnerable.
The changes we’re seeing aren’t expected to simply revert to a “pre-2020 state of normal”. Our world is forever altered, and the future of cybersecurity will likely be tumultuous in kind. While there is always a measure of unpredictability in something as complex as information security, we are expecting a few trends to carry on for some time:
- Home offices will continue to serve as prime targets for cybercrime. Remote workers are far more likely to operate unsecured devices and unpatched software, making them an opportune gateway into corporate or government networks.
- Ongoing concerns over public health, vaccinations, and contact tracing lay fertile ground for advanced phishing campaigns and other forms of social engineering.
- Hybrid environments making use of the cloud will be a risk for some organizations. As data spreads across multiple locations, it is exposed to greater risk. While some hybrid and cloud solutions are well secured, others leave much to be desired. Many cloud solutions, particularly Software-as-a-Service, use APIs that are vulnerable to attack and leave data-in-motion exposed and unprotected.
- Patching and security updates will need to be carried out with lightning speed as cybercriminals become better at finding and sharing vulnerabilities in enterprise software.
As I write this, social distancing and other pandemic response protocols are already abating. Even so, we are all learning to adapt to a “new normal” — businesses included.
Now is the time for organizations to recover from the rapid changes made to their IT strategies, many of which likely included stopgap measures and jury-rigged solutions. Some COVID response measures may need to be institutionalized; others may need to be replaced with more secure and permanent solutions.
When we look at businesses in the United States, we see a definite shift in focus toward shoring up these defenses, making strategic adjustments to IT architectures, cybersecurity controls, and business processes. This concern is warranted and ideal, because IT policy often lags behind reality — and the past two years have shown us that there is no more room for dawdling when it comes to information security.