These unprecedented times have pushed us to adapt distinctive lifestyles contrary to what we’ve been used to for a millenia. Industries like finance, law, banking and the public sector where culture has traditionally frowned upon working-from-home, are compelled to succumb to such mandates out of necessity. As much rampant the unfortunate layoffs, hiring freezes, and budget cuts across travel and hospitality industries are, And this is an important observation that we can’t afford to overlook. data breaches have been on a steady rise. Increased reliance on digital technology, VPNs and network infrastructure calls for a greater need to protect them, lest one drew attention from adversaries. To dig deeper into the reality of the 'new normal', I decided to interview over a dozen businesses and security experts asking for their insight into  the matter. Here's what businesses and security experts have to say: “It’s no secret that most businesses struggled with IT security before the COVID-19 crisis. Many lacked the infrastructure and security required to handle the shift to remote working while keeping critical systems secure,” says , CEO of , a leading provider of secure digital identity management solutions. “Working from home has accelerated the number of connection points in the network and the certificates and keys they rely on. Ensuring visibility to and the security of those connections is mission critical – lack of adequate management can lead to systems disruptions, outages and even breaches.” Jordan Rackie Keyfactor , VP of Innovation at managed services provider notes, “[We have] seen a huge increase in demand for VPN connections since working from home began (peak of 762% on April 6), as well as a 100% increase in the number of abuse email notifications sent.” They’ve been busy helping clients navigate how to modernize current IT structures with a focus on security. Ray Watson Masergy Then there’s the never-ending series of data breaches impacting major players and making headlines. From , , and other breaches, to the hacked representing big names like and , there’s chaos all over. Not to forget, a second wave of ransomware attack (‘Maze’) that got the postal tech giant And, the dating app breach impacting some 3.6M users. And lastly, the return of Thunderbolt data extraction flaw, dubbed “ ” this time around: Ghost DigiCert SaltStack law firm Lady Gaga Madonna Pitney Bowes. MobiFriends thunderspy all within a thirty day span, and at a time when businesses are most vulnerable. Business, budgets, and cuts From an executive and managerial standpoint, cutting immediate losses in these unforeseen times seems to be the pragmatic step, and is often necessary. However, looking at the bigger picture, one must be careful that any such step undertaken with the objective of curbing spending doesn’t backfire, resulting in even bigger problems in near future.  And is often the paramount issue when organisations scrutinise their security budgets, and contemplate cuts. that “We have definitely had to cut our cybersecurity budget. Unfortunately right now it comes down to paying payroll, or making temporary cuts where we can. Cybersecurity was the last of these cuts,” says , President, . “We’re not without any protection [and] we take security risks very seriously. Every employee has to be more accountable now, as a [breach] will almost certainly fall on our shoulders.” Bailey hopes the disruption would be ephemeral and intends to reinstate the necessary resources immediately, once the funds allow for it. Dan Bailey WikiLawn On the contrary, , Director of states his company has had to augment their budgets: “Cybersecurity has been one of our big concerns, since we had to transition everyone to full-time remote. We did increase our cyber-security budget, and we provided everyone with training and software, to limit our vulnerability as much as possible. Our research shows that at least half of these kinds of attacks happen because of employee breaches, so we’re on top of it. Obviously, we’re relying on our website more than ever, and the last thing we need is an attack.” Sean Nguyen Internet Advisor Surely, temptation arises to put aside that cash cushion and halt any activities deemed unnecessary. But that is a risk too big to take, when discussing information security—effectively a tangible form of insurance your infrastructure thrives on. “Enterprises should make sure cyber security remains a top priority and not let their guard down,” says , head of the at Juniper Networks. “It doesn’t take much for a threat actor to infiltrate a network, once a vulnerability is exposed. Sometimes, it means reaching beyond the corporate perimeter to top employees’ homes to help them have the correct set up. A Wi-Fi access point with cloud management capability goes a long way towards securing the access your C-suite needs to have from home, for example.” Mounir Hahad Juniper Threat Labs Insider and outsider threats With increased dependency on a totally remote workforce more so than ever, and no immediate plans to return to the office, there’s a lot at stake for businesses. There’s the obvious risks of employees falling for ransomware and phishing scams. But now, unless a company’s security controls can extend to an employee’s home-office setup, there is little visibility into the possibility of insider threats, such as data exfiltration and insider trading. , VP of Product Management at California-based cybersecurity firm suggests, “investing into automation of laborious tasks, such as change auditing and user behavior analytics, so the IT team could focus on more strategic areas. Moreover, such solutions will speed up detection and investigation of potential incidents, and if you set alerts on suspicious user behavior patterns, you will be able to quickly address security issues without sacrificing other IT tasks.” Ilia Sotnikov Netwrix An increased attack surface also favours malicious actors preying on the weakest link, and opens up doorway to remote attacks geared towards unsavvy employees. “The simple fact is that the likelihood of data breaches will only increase as systems become more interconnected, employees continue to decentralise and work remotely, and bad actors become more sophisticated in capitalising on security weaknesses,” notes , CEO of , a secure collaboration platform. Morten Brøgger Wire Brøgger stresses, “Not only can a data breach or cyber attack inflict severe financial damage, it can freeze up digital assets which are the lifeblood of an organisation. Without them, there is no product, no service, no sales.” Leveraging existing resources which don’t cost a fortune, or a penny “It’s not necessarily about spending more, but spending smarter. Many solutions require a lot of set up and manual intervention to keep current, which is not sustainable and forces artificial choices between security and affordability. Newer, smarter solutions, however, automate the implementation of security to eradicate the need to choose. If companies can deploy these newer solutions, they can often strengthen their security within their budget constraints,” suggests , CEO and cofounder, . Benny Lakunishok Zero Networks Security awareness trainings “People are still responsible for operating, whether it’s local or in the cloud, and humans make mistakes. Even if they can’t invest in security software due to tight budgets, a company’s leadership should dedicate time each month in security awareness training, such as how to spot an email that could potentially be a phishing scam,” says , CEO and Founder of , the creators of “security awareness trainings your employees will love.” Nick Santora Curricula Additionally, , a cybersecurity expert and CEO of suggests running phishing simulation exercises. “There are a number of organizations that offer free online courses that cover best practices that you can implement for your business.  I recommend taking this a step further, and running simulated phishing tests for your staff.  That will identify your staff members that need additional security awareness training.” Courtney H. Jackson Paragon Cyber Solutions Network security and open source solutions of Guidepost Solutions had some practical tips to share on the networking front. “Companies can increase their network security without impacting their spending, through several tactics: if possible, move [your] services to a robust and secured cloud solution, implement layer 1-4 TCP/IP model network security best practices, utilise multi-factor authentication, encrypt all types of data communication, and [lastly,] install and update antivirus and antispyware on all machines.” Ahmad Zoua In the open source scene, there are a plethora of “community editions” and free versions of popular security products that can be leveraged by IT professionals and developers alike. And they often cost nothing. “With all the focus on changes introduced by work from home, it’s easy to lose sight of the fact that most prominent attacks these days focus on deployed applications. Those applications can have latent vulnerabilities sitting in the open source components that comprise about 80% of the code base these days. It’s easy to do an assessment to find out what’s lurking inside your applications,” says , CTO of , the company behind : “a free catalogue of open source components and scanning tools to help developers identify vulnerabilities, understand risk, and keep their software safe.” Brian Fox Sonatype OSS Index , Senior Manager and Head of Cyber Security at additionally offered insight into some free tools businesses can adopt: “There are a surplus of phenomenal open source tools, such as (network monitoring), (intrusion prevention and detection), (full network packet capture), and (open source incident management platform). Most importantly, use this time to level up your employees. Employees are the first line of defense and a force multiplier when it comes to security. Simple things like teaching strong and effective password hygiene as well as running phishing simulations will increase security awareness with little to no cost.” Tyler Young Relativity Bro Snort Moloch The Hive In conclusion, there is no end to strengthening security at an organisation, and never a guarantee that a business is immune to cyber attacks despite best efforts. After all, businesses are made up of people and the element remains the weakest link in the game. Implementing the aforementioned security measures, however, provides a substantial relief and can deter hackers by a long shot for your business. human © 2020. ( ). All Rights Reserved. Ax Sharma Twitter Author’s Note: Thank you to all the businesses and experts from the security community who responded to requests for comment and interviews. I received over five dozen pitches, and while I regrettably couldn’t feature all of them, I sincerely thank everyone for their valuable time and insight.

Twitter

☢️ Dissecting DEFENSOR - An Android Malware That Affects Your Banking Apps

The ZEE5 User Data Leak That The Media Didn't Report On

My other blog: Security Report

Book a call

Read My Stories

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

Experts Warn: Amidst Budget Cuts, The Pandemic Calls for Stepping Up Security Efforts

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Improving Open-source Software Security for Java Developers

100 Stories To Learn About Remote

10 Non-Influencers redefining Influence. Opportunity: $1 Million USD Funding to fight COVID-19

121 Stories To Learn About Coronavirus Impact On Business

278 Stories To Learn About Covid 19

Improving Open-source Software Security for Java Developers

100 Stories To Learn About Remote

10 Non-Influencers redefining Influence. Opportunity: $1 Million USD Funding to fight COVID-19

121 Stories To Learn About Coronavirus Impact On Business

278 Stories To Learn About Covid 19

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps