2020 is the year when corporate cybersecurity gained a completely new dimension
The COVID-19 pandemic and the measures governments took to fight it provoked us to completely redefine our lives and the things that unit recently we took for granted, from travelling to meeting friends to the psychological challenge of the lockdown.
One of the lessons we learnt has two sides.
On one hand, our technology-defined civilisation realised how dependent it was on something analogue, invisible, imperceptibly small: a virus. We realised how important for our mental wellbeing were simple things such as the ability to feel the sun's caress on our faces, the sand of the beach under our feet, the physical presence of our loved ones. The ability to pack some clothes, to leave home and to head wherever we like in Bulgaria or abroad.
On the other hand, while we stood lockdowned at our homes, we sought high technologies as a way to continue with our old lives as painlessly as possible. Sometimes successfully and sometimes not, the Internet replaced our usual ways to meet family, friends and business partners, to study, work, have fun and travel. Our desktop monitors and smartphone screens became our windows to the world.
But the digital world with its endless opportunities to entertain us and to allow us to work from distance is far from a utopia where peace and universal goodwill prevail. On the contrary. The risks that both ordinary users and companies experienced in digitisation and transformation of work processes from the office to the home became more serious than ever. The pandemic proved to be a golden time and opportunity for individual and organised groups of high technology criminals eager to use companies' and individuals' security breaches for their nefarious acts.
Cybersecurity specialists were quick to recognise the new threat. In only a week of April, for example, Google registered 18 million daily malware and phishing attacks connected to COVID-19.
According to an April survey by security companies Tripwire and Dimensional Research among 345 international cybersecurity specialists, the impressive 94% of respondents were concerned with security during the pandemic. During the social isolation measures and the transformation towards distance working, 58% of respondents registered security problems connected to home office activities. For most of the organisations, the COVID-19 pandemic played the role of a stress test for the adequacy of their cybersecurity protocols and policies. Among the most common problems that companies faced were breaches of security of employees' home Wi-Fi networks and the increase of ransomware, phishing and socially engineered attacks, and of long-distance attacks. For 89% of the respondents working from distance has caused problems with securing the used devices. Problems with implementation of VPN systems experienced 38% of the companies.
Employees became a major point of failure for a company's cybersecurity. To what extent are they conscientious and strict in keeping up with the company's cybersecurity when working from home? A survey by the cybersecurity company Tessian showed that 52% of respondent employees admitted of being more careless when working from home. For example, they admitted sharing confidential information via e-mail instead of on more secure and trusted channels. A significant number preferred working on their personal devices, instead on corporate ones. They shared they felt calmer when working far from the eagle-eyed professionals at the IT and cybersecurity department. Other factors influencing employees' alertness and ability to keep up with cybersecurity protocols when working from home were care for the household and the children.
But these do not exhaust the list of employee-connected problems. The COVID-19 pandemic inevitably increased the threat of dishonest employees spying for outside organisations and stealing sensitive corporate information.
The pandemic's new realities provided the companies with two challenges. On the one hand, they need to secure trouble-free work for their employees and their overall activities. On the other hand they need to do all possible to protect their cybersecurity.
In this respect, companies and the constant and increasingly more sophisticated cyberattacks they are exposed to are like the military attacks we know from history, when for example an army besieges a fortress, and the attacks of viruses and bacteria on the human organism that aim to overtake it and use it for their own goals.
For millennia, generals and military commanders have specialised developing defensive and offensive tactics and strategies. Medicine has fought with viruses and bacteria with variable success. But how can companies deal with a relatively recent threat, such as cyberattacks? Sadly, the practice has shown that even large companies with significant financial and human resources do not understand correctly what to do in order to secure their trouble-free work. They make mistakes that can cost them millions.
"Mistake number one is that companies confuse IT responsibilities with the responsibilities of cybersecurity experts," says Alexander Sverdlov, founder of Atlant Security (www.atlantsecurity.com). "IT administrators can have some knowledge in the field, just as architects and construction workers have knowledge of physical security. However, we have SWAT teams, police and military, which carry out this activity in the country. In business it is the same, protection must be provided by people who have dedicated their lives to it. A police officer investigating burglaries every day for 10-15 years will give very different security advice than that of the seller of locks in a locksmith shop or the architect of the building. Then why do I keep hearing from companies 'we don't need a cyber security consultant, our IT department handles that'? The second mistake companies do is to buy security solutions without having the necessary level of maturity to use them. The rule here is this: build maturity first, namely human resources, knowledge, architectural and logical solutions as a foundation. Only then we start buying commercial solutions, only then these solutions can perform their functions well."
Just like viruses that constantly mutate to adapt to the environment and their hosts' resistance, and like an army constantly seeking new technologies and means to break into the besieged fortress, cybercrime is in a constant change under the influence of new technologies and new needs. However, the attacked evolve along with the attackers. Hosts develop new immune responses against viruses. Defenders seek new ways to protect the besieged fortress, and cybersecurity specialists – to repel specialised attacks. The field is developing dynamically and the question on how the COVID-19 pandemic will reflect on future cybersecurity remains open. Some changes are already a fact, and specialists discuss opportunities that until recently sounded like from a sci-fi movie. Implementation of quantum computers, that looks increasingly close in the future, will bring security of information encryption to a whole new level. The vulnerability of people who can easily become the victim of a socially engineered or phishing attack can be evaded with the implementation of systems in which machines protect themselves from breaches by bots or unauthorised users.
However, as the surprising appearance of the COVID-19 outbreak has shown, it is difficult to predict the future. We can be only sure that we will need to radically rethink our relationship with cybersecurity.
"The day after" the COVID-19 era seems unpredictable," says Lyubomir Tulev, CCISO, ECSA, CEH, CHFI, CEI, Senior Cyber Security Architect and Business Information Security Consultant at BULPROS (Sofia, Business Park Sofia, Building 15A, fl. 5, phone: +359 889 584 032, www.bulpros.com) and Trainer at International Cybercrime Investigations Training Academy (Sofia, 7 Trayanovi Vrata St, fl. 2, ap. 4, phone: +359 887 303 289, www.e-cremeacademy.com). "The crisis is likely to be with us for a while and will change our lives forever with new work styles, new cybersecurity issues, new proposed policies, personal hygiene, and so on. We will face new risks and challenges, but we need to ensure the security of our networks, devices, and data in order to ensure our digital future. The demand for cybersecurity will dominate in the priorities of every organization now on as each adapts to the new realities. And although nobody can be absolutely confident what and how our near future will look like, one is certain: in the post-COVID-19 world, cybersecurity is as critical as Internet access itself."
The new environment, which the world is currently inhabiting, provoked companies to adapt quickly with taking proactive stance towards their cybersecurity. Here we do not talk only about implementation of technological solutions, but also about a radical change in the philosophy of cybersecurity solutions.
"The security solutions are constantly evolving and getting better and better in preventing cyberattacks," says Ralitsa Karamfilova, Strategic Development Manager at Lirex, a company for IT solutions (Central Office: Sofia, Mladost 3, block 306, phone: +359 2 9 691 691; www.lirex.com). "However, I think it is more interesting that the focus has been shifting from trying not to get a security breach at all, to how to detect and respond to a breach when it happens in the fastest and most adequate way. Important here is the integration between various types of security solutions that have not previously been able to communicate with each other, and the increased importance of security information and event management (SIEM) systems. This has driven the increased demand for Security Operation Centers where the focus is namely on the fast detection and response, plus investigation of security incidents. This gives the organizations better understanding of how the breach happened and where they need to strengthen their security."
What should a company do to be sure that its protection is optimised? Education of people – from the rank and file employee to the cybersecurity specialists, should not be underestimated. "Update your systems on a regular basis, follow strict cyberhygiene, stay informed, trust experts," is the advice of Kaloyan Vasilev, manager of CyberSecurity, a Bulgarian company for complex solutions (www.киберсигурност.бг). "Cybersecurity is a responsibility toward our relatives and family, friends and colleagues, the company we work at, and to ourselves. By protecting ourselves, we reduce the risk of all these people getting scammed, discredited and lose their jobs."
Technological solutions and education do not exhaust the capabilities of a company to protect itself and its clients from loss of data, breaches and cyberattacks. Just like the other risks connected to its activity, the savvy company should think about concluding a suitable cybersecurity insurance. However, it is crucial that such important decision is well thought-over in order to be effective.
"Most companies offer just insurance against cyber dangers, but this will not solve the problem. Here is why Lev Ins stands out – we provide preventive protection," says Pavel Dimitrov, CEO of Board of Directors of Lev Ins (phone: 0800 10 200, lev-ins.com). "Thanks to our strategy for proactive corporate security, which we implement in all of our insurance products, our clients can benefit from innovative technological security solutions and the opportunity to have their own cyber security department without the need to invest in trained employees and expensive equipment."
Cybersecurity insurance might look like a unnecessary expense, but this is far from true. On the contrary – the new post-COVID-19 realities make it of vital importance for companies that value their information, activity, employees and clients. Cyberrisk insurances cover events such as accidental or provoked loss of data, hacking, ransom, personal data theft and phishing, and cover third-party damages. Like all other types of insurance policies, risks should be evaluated not only on the basis of the most common threats, but also on the basis of the company's specific activity.
"А good cybersecurity insurance policy should reflect each client's specific needs," says Stilian Milanov, Managing Partner at Broks Innovations (Sofia, 2 Nikolay Haytov St, ent. 2, fl. 7, phone: +359 876 007 717, www.broxio.eu). "Otherwise the insurance might not address some of the potential risks, leaving them uncovered. On the other hand, it is entirely possible to buy coverage of marginal risks that would, however, affect the insurance premium. Specifically for this type of narrowly-specialised products, it is highly recommendable to use the help of an insurance broker who can understand best the specific needs of each client. In all cases, the good cyber insurance should provide coverage for both the company's own expenses in case of a cyber event, and arising financial liabilities following third-party claims."
The world after the COVID-19 pandemic will never be the same. This notion has already turned into a cliche. To what extent it will turn out true in regard of normal relationships between friends and families and lifestyle is yet to be seen. But is it crystal clear that the pandemic already changed the way the global economy moves, companies function and people work. In this radically changed environment will succeed and prosper only the ones who not only do not underestimate the dangers of the digital world, but who also know the most sensible and effective ways to protect themselves.
The good news is that contemporary technologies and professionals allow companies and individual users to benefit from reliable and trusted means of protection.