October 8, 2020
Pandemic and Cybersecurity
When the COVID-19 pandemic began sweeping across America earlier this year, it impacted life and business in innumerable ways. One saving grace was, and remains, the Internet. In some ways, though, it’s a cursed blessing. Although we’re able to conduct a lot of traditionally in-person activities online — school, business gatherings, shopping, worshipping — doing so leaves us open to cyber threats like never before. And more vulnerabilities means greater liability — especially for companies. According to a recently released survey by Information Systems Security Association (ISAA) and the Enterprise Strategy Group (ESG), “cybersecurity professionals saw a 63 percent increase in cyber-attacks related to the pandemic.”
And here’s why: “Processes that were quite locked down before — like showing your ID when visiting a company in person — are now all online, and the security systems are too weak to handle the volume,” says Mishaal Khan, Security Leader and Senior Solutions Architect at Mindsight. “Companies weren’t ready for this.”
Taxed to the max, video conferencing services are experiencing disruptive intrusions like never before, including graphic content that suddenly flashes on screen and pranksters who crash meetings. Khan says an effective remedy is stronger passwords. Automatically generated ones that use letters, characters and numbers are your best bet. Recycling ones that combine, say, a favorite pet’s name and your birthdate is discouraged. While Cujo1982 might be easy to remember, it’s also easy to guess. Two-factor authentication that employs either a code or a physical security key provides an extra layer of protection.
The pandemic-spurred online shift has also prompted a rise in data theft. Unlike with personal accounts, however, individuals have no control over how or even if their sensitive information is guarded by hospitals, corporations and the government. Despite a rash of breaches — at Adobe, Equifax and Marriott International, among many others — that happened well before and leading up to the pandemic, many organizations are still far too lax about cybersecurity. Even as cybercrime spikes, Khan says, they continue to take a reactive approach, relying on their insurers to cover consumer payouts when things go wrong. They either don’t realize or don’t care that breaches have long-term adverse consequences to brands and customers alike in the form of ruined reputations and additional attacks .
“They should be accountable,” Khan says. “What we have learned from this pandemic situation is that we’re not in control of our data, and more stringent privacy practices need to be in place.”
Keys to Effective Cybersecurity
The first step, he explains, is to perform a full security risk assessment. Part of that involves what’s called penetration (or pen) testing – assuming the mindset of a would-be cybercriminal and attempting to crack an organization’s defense system through various technological and psychological means, including different forms of deception known as social engineering. It is important for this assessment to be unbiased, so hiring an outside expert is often done.
It’s also a matter of educating every employee about cybersecurity. The more they know, the less they’ll succumb to trickery. “It’s going to take time,” Khan says, “but education is the way forward. You’re only as strong as your weakest link.”
And size doesn’t matter. Effective cybersecurity isn’t just for financially flush behemoths. Small and medium outfits also need to up their games — significantly in many cases. Yes, there’s a price, but it’s a steal compared to the alternative. As Khan puts it: “Are you willing to lose a million dollars a day if your factory closes because you didn’t spend $100,000 on cybersecurity?”
For most businesses, that’s a very easy question to answer. Step one is finding the right expert or team of experts to assess and manage your cybersecurity operations. That’s where virtual chief information security officers (vCISO) can help.
Mindsight is industry recognized for delivering secure IT solutions and thought leadership that address your infrastructure and communications needs. Our engineers are expert level only – and they’re known as the most respected and valued engineering team based in Chicago, serving emerging to enterprise organizations around the globe. That’s why clients trust Mindsight as an extension of their IT team.
Visit us at http://www.gomindsight.com.
About the Expert
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.