While growth in other technology sectors is geared towards reaching optimal efficiency and productivity, the Cybersecurity Market is driven by cybercriminal activity. Just as it has reached into other industries, COVID-19 has impacted cybersecurity operations globally.
As executive leadership and CEOs continue to cope with the pandemic’s impact, cybercriminals persistently launch widespread attacks at businesses, governments, and individuals globally. We have not only seen an influx in cybercrime, but we are also facing new areas of information security vulnerability, and thus possible new attack vectors.
Phishing, malware, and ransomware attacks have been on the rise as cybercriminals capitalize on pandemic-related weaknesses. With targets such as e-commerce providers, healthcare systems, and the remote workforce, the tools and leadership needed to protect data and prevent information security breaches are constantly evolving.
The pandemic has triggered the following conversations around cybersecurity spending, threats, and leadership:
Spending
As threats arise, executive leadership must invest in the proper technologies to protect company data. The pandemic continues to impact individuals and organizations globally, and cybersecurity spending has shifted to account for business and lifestyle changes. According to a Gartner Study, while cybersecurity spending is down overall, there is an unprecedented uptick in spending around cloud-based security software, which is expected to grow 33% by 2021. This is due to the benefit of Cloud-based delivery models for the remote workforce to secure email and web gateways. Additionally, cloud-based security software helps to mobilize organizations’ remote IT employees, allowing for a more secure and swift response to ongoing threats than on-site facilities, ideal for lockdown times.
Threats
COVID-19 has altered the form of business operations across all industries. With these widespread changes comes new cybersecurity risks. Employees working from home generally have under-protected devices and are ill-equipped to recognize information security threats. Phishing attempts are well disguised, and employee security training may not be comprehensive.
Additionally, we have seen a recent explosion in sophisticated ransomware attacks, threatening businesses, governments, schools, and healthcare systems worldwide. According to Frank Luzsicza, CEO of Lodestone Security, during sophisticated attacks, data is not only at risk for being held ransom, but also for being manipulated. “They manipulate the data and change it in such a way that you don’t notice right away. To investigate and find where these changes have happened could take months or years”. This can cause major operational complications within those businesses and lead to future ransom attempts by cybercriminals to correct the data. A number of firms that have been attacked have found that malicious changes were made that still affect their systems today.
Leadership
As cybercriminal activity continues to evolve in form, target, and strategy, it is imperative that cybersecurity leadership is prepared to combat continued attacks. This requires the proper investments, observations, and readiness to respond.
For cybersecurity leadership, it is important to maintain an upper hand in the fight against cybercrime. According to Frank Luzsicza, this requires two crucial elements: visibility and defense. Visibility requires industry intelligence and observation that occurs before any risk exposures are detected. For instance, a major security breach at a close competitor is a good indication that your company could be a target as well. Cybersecurity defense must exist in all company devices and technologies from individual workstations and servers to the overall network perimeter and cloud resources.
Visibility and defense allow leadership to see attacks ahead of time and prepare for a possible breach. But ultimately, however prepared the business may be for a breach, increasingly creative cybercriminal forces might still succeed in accessing company devices. Thus, cybersecurity leadership must be prepared to respond to a breach to minimize damage and maintain business continuity.
As CEO’s and executive leadership teams continue to assess pandemic-related business changes, it is important to remember that cybercriminals are doing the same in order to identify exploitable vulnerabilities. While businesses are forced to cut staff to survive economic downturns, cybercriminals are ready to capitalize on these gaps. In the face of constantly evolving cybercriminal activity, cybersecurity leadership must not only be prepared, but poised to respond and maintain organizational resilience. Organizations globally must not only be prepared to respond to possible security threats today but be postured for a post-COVID-19 world.
Resources
A special thanks to Frank Luzsicza, CEO of Lodestone Security
https://www.gartner.com/en/newsroom/press-releases/2020-06-17-gartner-forecasts-worldwide-security-and-risk-managem
https://www.forbes.com/sites/louiscolumbus/2020/08/09/cybersecurity-spending-to-reach-123b-in-2020/#1af841c7705f
https://www.bbc.com/news/technology-53553576