How has COVID changed cybersecurity?

Priorities have shifted a bit as COVID drastically changed the way work is being done for so many organizations.  Now that it’s become clear that it will not be as short-term a change as we first thought, how does this impact cybersecurity?  Based on our insights and input from clients and prospects, here are 10 of the changes (in no particular order).

1. Budgets have been impacted.  Spending on technology refreshes is largely on hold as funds were reallocated to implement remote working solutions.
2. Cybersecurity posture was likely impacted as well.  In the rush to enable remote work, productivity took precedence over security.  Now that most organizations are continuing to provide remote working alternatives, it is critical to take a closer look at the changes that were made to tighten up any holes before they become easy access to a hacker.  Implement Virtual Private Network (VPN), Multi-Factor Authentication (MFA) and zero trust access where possible.
3. You may have fallen out of compliance.  For organizations who fall under regulatory compliance(s) to protect data, a re-assessment of the mandatory requirements is in order.  Failure to do this not only puts the data at risk, but greatly increases your liability for fines, litigation and possibly being unable to make an insurance claim in the event of a data breach.
4. Staff should be given additional cybersecurity training. Staff cybersecurity awareness is more important than ever now that they are no longer protected by the technology that safeguards your perimeter.
5. Data could be leaking.  Are your remote workers still saving data to systems within your network that are encrypted, protected and backed up, or is some data being saved locally?
6. Faster adoption of cloud-based vs locally hosted services.  This can mean greater protections are in place for remote workers, but it is critical to read the cloud provider’s agreement very carefully to understand what they do and more importantly DON’T provide to protect the data that your organization is still ultimately responsible to keep private.
7. Threat intelligence is no longer a “nice to have”.  With threats evolving to exploit the vulnerabilities from remote working, being able to proactively identify patterns and prevent or detect threats as quickly as possible can save you from a very costly data breach.
8. Incident response resources must be considered.  Your incident response plan may need a major overhaul if the configuration of your network changed and resources are now geographically disbursed for remote working. What resource(s) will you need if an incident occurs that requires additional cyber expertise or manpower?
9. Business risk needs to be evaluated with the entire C-team, not just IT.  What impact do the changes for remote workers have on the cybersecurity posture of the organization, and then the cybersecurity budget and priorities can be based on factors like the value of the data, how much it costs to be offline per day, how much insurance coverage is in place to cover losses, and the potential for reputational damage.
10. Outside help may be needed.  A virtual CISO can ask the pertinent questions of the C-team and IT to bring clarity to prioritization to minimize business risk.  Outside testing/assessment can uncover vulnerabilities that you aren’t aware of and more importantly, recommended remedies to remediate them.  Internal staff may lack the resources and training to monitor the network for threats 24/7/365.