Experienced outdoor athletes understand that with winter on the horizon, the key to success is to protect the core. That is, the body’s core temperature is maintained through layering, wicking, and a slew of ever-improving technical fabrics that keep the cold, snow, and ice at bay.
The same is true for cybersecurity. As organizations and workers enter the ninth month of COVID-19, the time has come to prepare as the threat of cyberattacks grows more dangerous.
Cybersecurity experts predict that every 11 seconds in 2021, a cyberattack will occur. This is nearly twice as frequent as it was in 2019 (every 19 seconds), and four times as frequent as it was five years ago (every 40 seconds in 2016). Cybercrime is expected to cost the global economy $6.1 trillion per year, making it the world’s third-largest economy, trailing only the United States and China.
As a result of the ongoing pandemic, a larger segment of the population is working from home — with all of the attendant distractions — and the situation is ripe for exploitation. The humble home router has become the target of choice, and the harried, hurried, tired, and stressed employee has become the surface attack. It’s no surprise that over 4,000 malicious COVID sites appeared on the internet within months of the pandemic’s initial lockdown.
The pandemic has compelled organizations to innovate and adapt even faster. COVID-19 has had a profound impact on a variety of industries, including education, medicine, travel, retail, and food services. Unfortunately, innovation and security rarely coexist.
So, what can businesses do to prepare? It all comes down to protecting the organization’s most important assets: its people, processes, and data.
Keeping people safe
People bring their habits into their professional lives, both good and bad. People who reuse passwords for multiple online shopping sites or use weak, easily remembered passwords (pet names, anyone?) are more likely to be careless when creating or using enterprise passwords and databases. They have clicked on phishing emails and engaged (innocently or not) in potentially destructive practices.
Winterization for them entails ongoing formal training programs and monitoring to reduce the likelihood of accidental disclosures or malicious uploads. If they happen to be in sensitive positions with access to sensitive data, it means an extra layer of vigilance, as well as possible restrictions and advanced tools like multi-factor authentication. It means ensuring that executives and directors are familiar with and comply with privacy and other regulations.
To summarize, organizations must devote even more time to their remote employees, not less.
Process Safeguarding
The fact that organizations should allocate resources to their priorities appears to be a self-evident statement. But, if the business model has completely changed, have organizational processes led or lagged? In times of rapid change, processes frequently lag, allowing ad hoc ones to emerge. It is difficult to understand risks without first identifying them. As a result, an organization’s information technology (IT) department must constantly monitor, review, and update procedures.
Shadow IT refers to applications or software installed on a computer by an individual without the knowledge or approval of IT services, such as a game or a shopping browser extension. At best, nothing out of the ordinary occurs. In the worst-case scenario, the unvetted software crashes the system or allows surveillance software or malicious code to be uploaded.
Shadow IT may be unavoidable, especially since computers are used by many people in the home for a variety of reasons; however, known vulnerabilities can and should be monitored by the organization and communicated to all employees.
It could also imply that organizations provide home-bound employees with secure and locked computers that prevent them from installing software.
Data Safeguarding
Data protection The final and most important area to safeguard is the organization’s data. Managers, executives, and directors must have a firm understanding of the data that the organization owns, processes, and distributes.
According to a recent study, businesses share confidential and sensitive information with over 500 third parties. The first step in protecting yourself is to inventory and, if necessary, parse these third parties.
Second, organizations must stay current on industry cybersecurity benchmarks, such as trends in the frequency, changing nature, and severity of attacks. They can then compare themselves to one another and adjust their resources accordingly. This includes tracking three critical metrics: the time it takes to detect an attack, the time it takes to respond to it, and the time it takes to repair any damage.
Finally, discussions about cybersecurity must move beyond the fatalistic discourses that characterize most discussions, particularly during the dark days of winter. Investments in cyber-resilience, like a warm coat or winter tires, can foster growth and positive performance.
Cyberattacks are becoming more common. Organizations, like athletes who dress and prepare for the weather, can be proactive in continuously strengthening people, processes, and data.