COVID-19’s Impact on Cybersecurity

While millions of people have lost their jobs worldwide due to businesses shutting their doors, many have adapted to the remote-work culture. The increasing reliance on working remotely through the internet has brought more substantial risks to cybersecurity.

The international response has continuously developed throughout the year to tackle the challenges presented by the novel coronavirus. Companies have had to enact significant changes in a short amount of time in terms of their operational procedures and financial allocation. Without the right considerations, there is a fundamental risk of increasing cybersecurity attacks.

Deloitte recently published that it found a spike in phishing attacks amid the pandemic. Additionally, it has observed an increase in Malspams and ransomware attacks. Cybercriminals are using COVID-19 as bait to impersonate brands, mislead employees and customers, and gain unwarranted access to information. In fact, 22% of all data breaches in 2020 involved phishing attacks.

There is a greater likelihood of more personal computers and phones becoming compromised by cybercriminals and other malpractitioners. Cybersecurity threats before the pandemic would focus more on the end users like clients of companies. With an increasing number of employees working remotely, organizations need to instill better practices among their staff and customers to avoid becoming cybersecurity risks.

Here are some of the most prominent impacts of COVID-19 on cybersecurity in 2020.

Increased security risks from remote work

With an increasing number of employees working from home on unsecured internet connections, there is a greater risk of data breaches at the hands of cybercriminals. Enterprise-level Virtual Private Network (VPN) servers are becoming more crucial for organizations. The security and availability of VPNs are critical to maintain organizational integrity and prevent devastating security breaches.

Organizations that are prioritizing VPNs and better cybersecurity measures to ensure their online security are enjoying relative security. Companies need to maintain adequate measures and quality control in configuring VPNs to avoid exposing sensitive information on the internet.

Delays in detecting cyberattacks and appropriate response

The functioning of many security teams has been impaired due to the pandemic, making it next to impossible to detect and respond adequately to malicious activities being carried out by cybercriminals. An alarming statistic regarding phishing attacks in 2020 is that 97% of users cannot recognize sophisticated phishing emails. There is a chance that companies are unable to detect security breaches much later after the fact.

Companies need to reprioritize their cybersecurity measures and increase their focus on preventive measures. Managed IT services that also provide cybersecurity consultancy and other similar services are becoming increasingly important for companies of all sizes.

Potential increase in cybercriminals

The pandemic and subsequent lockdowns resulted in a complete shift in the global economy, with millions of people losing their jobs due to cost-cutting measures. The move is speculated by Deloitte to have led to an influx of cybercriminals. People who are idle, with no income and access to the internet may see cybercrime as an opportunity to earn income during the pandemic.

Organizations that are still considering laying off staff should enforce proper exit plans. Individuals losing their jobs due to the effects of the pandemic on the economy should consider taking on lessons to learn profitable skills that they can use to secure other means of income.

A change in the approach to Business Continuity Plans

Businesses worldwide have business continuity plans in case of devastating circumstances. However, the unprecedented situation caused by the pandemic was not considered in many business continuity plans. With the widespread impact of the pandemic, organizations are being forced to revisit their business continuity programs and incident response plans.

A revised risk assessment for various critical operational processes to identify the options that organizations can take to make sure these processes can be maintained at an acceptable level.

Increased physical security risks

Due to the work-from-home policies enacted by organizations for their employees, there is a greater chance that company staff may have to spend more on their electricity and their internet connections. Organizations should ensure better facilities are provided to their employees, perhaps even measures to provide them adequate internet connections to facilitate the work from home model.

Suppose employees are forced to utilize the internet from public spaces with free internet facilities. In that case, it can expose the company network to the theft of confidential information by cybercriminals using public internet connections. Companies should provide proper guidelines to their employees regarding how they handle sensitive information outside the office. Working from public spaces should be restricted, and organizations should deploy better measures to ensure that confidential information remains secure.

Shifts in Industry-Wise Cybersecurity Spending Due to COVID-19

Industries across the economy are expected to implement varying changes in their cybersecurity spending, depending on the need for better security in the new normal and their economic impact.

Industries that have taken the brunt of the economic impact of COVID-19 are expecting their budgets to drop. It means smaller businesses are likelier to cut their spending on cybersecurity measures compared to larger enterprises with wider financial moats.

McKinsey & Co. is a global management consulting company that has made several predictions regarding the changes in cybersecurity spending in terms of industry and product category. Here are some of their predictions for the next 12 months.

• Healthcare Systems and Services: Enterprise-level businesses will increase cybersecurity spending while small- and medium-level businesses (SMBs) will slightly increase their spending.
• Banking and Financial Services: Large financial institutions and SMBs in the industry will both increase their cybersecurity spending.
• Tech, Media, and Telecom: Both large enterprises and SMBs will increase their cybersecurity spending.
• Public and Social Sectors: Large enterprises are likely to increase cybersecurity spending with no change with SMBs.
• Global Energy and Materials: Both large enterprises and SMBs in the sector are expected to decrease their cybersecurity spending.
• Travel, Transport, and Leisure: Both large enterprises and SMBs in the sector are expected to decrease their cybersecurity spending.

Of the industries enacting changes to their cybersecurity spending, McKinsey & Co. expects an increase in spending on network security, endpoint security, identity and access management, and messaging security. Large businesses are expected to increase their spending on managed security services to bolster their cybersecurity measures as well.

It is no secret that the COVID-19 pandemic has led to several permanent changes in how businesses operate. The increasing reliance on the work from home model may be exposing companies to greater cybersecurity risks. However, taking proactive measures to improve cybersecurity can mitigate the risks for companies moving forward.