How Did COVID-19 Benefit Business Cybersecurity?

The early days of COVID were stressful for IT leaders, operators and those at the  helm of cybersecurity.  The task of granting employees access to company data via their own devices was forced on them by the need to work from home.

In reality, working remotely has long been common - it’s the natural evolution of the traveling sales rep or the jet-setting executive who needed to be in the loop. Thanks to the cloud, it’s simpler, safer and secure for most businesses to let teams collaborate and access files from home. However, scaling that for an entire workforce while defending the infrastructure and providing sufficient protected devices created many challenges that took creativity and effort to overcome.

The COVID-19 cybersecurity winners

COVID has boosted the visibility of cybersecurity; news coverage and industry focus have helped make it a priority, and budgets were allocated amid the rush to integrate remote working.

Security executives and operators found themselves dropping their existing workload in favor of securing new digital borders across a widely distributed workforce. This included installing VPNs on end-user devices, reconfiguring access to systems and migrating data to hybrid or public cloud services.

Cybersecurity vendors and operators also found a sense of community in the moment - practical advice, ad hoc collaboration and extra-mile support at all levels enabled people to get the job done and get everyone back to work. Governments provided plenty of advice, like the National Cyber Security Centre’s “Exercise in a Box,” but much of  it was at a personal or forum level, helping all interested parties, like the COVID-19 Cyber Threat Coalition. 

The cybersecurity landscape changed by COVID-19

Unfortunately, criminals saw the effect of COVID on businesses as an opportunity to escalate phishing attempts, fake user/executive fraud and other attacks.

Business workers were faced with a deluge of “security sensitive” files and convincing-but-fake COVID advice. Fortunately, most email services have had years of experience in identifying these risks, but it only takes one to get through to create a breach.

A more challenging and recent threat is messages or fake phone/video calls from a criminal posing as an employee and asking for account details or fund transfers, something that few businesses have practical experience of and that cybersecurity teams had to provide urgent training and awareness for.

Ransomware attacks also soared during the crisis, taking down educational institutions, critical health services and struggling businesses. With offices shut down, businesses were quick to acquire new smart AI-powered cybersecurity tools that monitor the whole threat landscape and respond to any new or unusual attempts at accessing a system or service.

COVID drives the rush to the cloud

While some businesses (banking, legal, health) are mandated by regulatory needs to operate on-premises services, many were simply reluctant to adopt the cloud. COVID became a very good reason to look at the cloud as a quick way to modernize operational business tools as well as security services.

The likes of DarkTrace, who offer a self-learning, AI-based cyber defense tool that monitors the workforce wherever they are and on any device, is just one example of a modern cybersecurity tool. These reduce the need for checking virus definition updates, firewall status checks and other security efforts.

Other cloud tools offer virtual honeypots to trap would-be breach efforts, live awareness training to keep workers on their toes and other complementary services to ensure any business can keep functioning.

Into the COVID future

The bad news is that COVID-19 isn’t going away anytime soon. What started as a temporary move to remote working may become permanent for many staff and the teams that support them.

Staying on top of cybersecurity requires constant vigilance among teams that have already been under significant stress.