Cybersecurity and cyber resilience challenges during and after COVID-19

As the COVID-19 coronavirus pandemic with its various variants continues to spread worldwide, cyber threat actors are attempting to capitalize on the global health crisis by developing malware or launching COVID-19-themed attacks. Cyber-attackers perceive the pandemic as an opportunity to intensify their criminal activities by exploiting the vulnerability of employees working from home and capitalizing on people’s keen interest in coronavirus-related news (e.g., fake malicious websites dealing with the coronavirus). Another important consideration is that (according to the IBM Cost of a Data Breach 2020 report), the average cost of a data breach resulting from remote work can be as high as $137,000 [1].

When the crisis ends, companies will face a security and compliance debt due to the impacts of the crisis: urgent changes to infrastructure, deviations and breaches of security policy, and lax controls [2]. Besides, the impending economic crisis will put significant pressure on cyber budgets in several companies.

• Cybersecurity and cyber resilience challenges

In this emergency, the main challenge for cybersecurity departments is to ensure optimal protection of the company against cyber threats and failures that endanger the continuity of its activities [3]. Cybersecurity challenges during and after COVID-19 can be classified into three main categories:

• Resilience: The challenge is to protect the company and its users against cyber attackers taking advantage of the crisis context (phishing, ransomware, etc.). The organization and the continuity and crisis management measures must be adapted to ensure the continuity of activities if a new crisis occurs [4].
• Recovery: The challenge is to ensure that the return to usual working methods (face-to-face, connection to the company’s local network) occurs under acceptable cybersecurity conditions and that breaches of security rules are remedied. It is also essential to ensure that the cybersecurity function regains sufficient operational capabilities adapted to the context of uncertainty, particularly by learning from the lessons of the past months.
• New realities: The challenge is to adapt the roadmap and the operating model of cybersecurity to fully meet the needs of business and customer expectations (especially in digital transformation projects) and consider the economic impacts on the resources allocated to cybersecurity.

Resilience: Maintain activity during the crisis by managing risks

Ensure the resilience and security of infrastructures and critical applications accessible on the Internet (VPN, mail servers, videoconferencing, file sharing, security tools, business applications, etc.).

• Evaluate the scalability and load-bearing capacity (hardware, licenses) of the infrastructure. If necessary, increase or reallocate capacities, study alternative solutions (with the change of suppliers if required), and renegotiate contracts with suppliers and service providers
• Test the security level of environments accessible from the Internet (penetration tests, vulnerability scans, configuration reviews, architecture reviews, etc.)
• Strengthen the security of newly opened Internet environments (strong authentication, access control, monitoring, etc.
• Adapt operational procedures for managing and supervising cybersecurity (patches, backups, anti-virus, monitoring) to the crisis context (remote work, reduced staff)
• Track deviations and breaches of the IS security policy to control risks and maintain compliance
• Monitor the company’s exposure on the Internet, including the infrastructures deployed infrastructure (cloud and Shadow IT)

Manage new risks and avoid over-incidents

• Reassess IT and cyber risks 1 in light of the Covid-19 crisis (cyber attacks, failure of critical IT systems, absence of key personnel)
• Analyze response capabilities to new crises: backups and restorations, availability of people and tools, adequacy of procedures, SLA of suppliers
• Update the IT and business continuity plans, checking, in particular, the capacity for remote deployment

Raise awareness and help employees

• Make employees aware of the risks and best practices related to the crisis context (best practices sheets, e-learning, phishing campaign)
• Help employees to secure their practices in a teleworking context, within some cases, the use of non-professional equipment and services

Ensure the exit of the crisis and re-establish an adapted cybersecurity system

Prepare and manage the return to the nominal state of the information system and the cybersecurity posture

• Evaluate the extent of the cybersecurity/privacy debt that has built up during the health crisis
• Perform a cybersecurity “health check” of the systems in a context of nominal activity resumption (employee workstations and smartphones, business applications, external infrastructures, security tools)
• Analyze and scan all equipment before reconnecting them to the company’s internal network
• Restart any temporarily interrupted cyber processes (backups, patches, authorizations, etc.), adapting them to a context that remains degraded compared to the previous situation
• Check the backups (in particular by performing restoration tests)
• Review IT and Cyber suppliers to take into account incapacities and shortcomings
• Repatriate data stored outside the company’s systems (personal computers, cloud storage, private USB keys)
• Search for undetected intrusion traces in the IS (threat hunting)

Draw lessons from the health crisis

• Analyze the past months of the Covid-19 crisis and identify the business, security, compliance, and privacy needs to which the degraded working methods could not sufficiently respond during the crisis (remote work, communication and collaboration solutions, dematerialized exchanges with customers and partners, online payments, sales and invoicing, access to business applications, etc.)
• Adapt the organization, policies, operational procedures, and continuity plans, taking into account the experiences acquired during the crisis (key systems and people, continuity of teams and cybersecurity systems, maintenance of a minimum-security base, management of a remote crisis)
• Evaluate the applications and solutions, especially collaborative ones, acquired and deployed in an emergency to confirm, replace, or to secure them

Adapt to the post-crisis world and ensure alignment with the company’s strategy

Transform the cybersecurity chain within the company to adapt to new realities

• Review the mapping of cyber risks in light of the new context, and identify priority risk areas
• Reassess the cyber project portfolio in terms of its contribution to risk management and its alignment with the company’s new strategy
• Adapt the cybersecurity posture to the new context, notably in terms of roadmap, security operating model, and security measures with the objective of rationalization
• Rationalize the catalog of technical, procedural, and organizational security measures, with a view to effectiveness and efficiency
• Automate security activities (vulnerability and patch management, attack detection, and processing), notably developing AI capabilities.
• Study the possibility of outsourcing security operations: cloud, managed services
• Selecting priority cyber CAPEX/OPEX in a context of solid cost pressure
• Adapt reporting to demonstrate the effectiveness of cyber investments and alignment with the company’s strategy

Support the company’s resilience programs in the face of health or other crises

• Integrate the cybersecurity domain into the company’s operational resilience program
• Prepare and simulate cyber crises in multi-crisis contexts
• Evaluate the adequacy of cyber insurance coverage
• Strengthen controls on suppliers and subcontractors: cybersecurity, resilience, ability to deliver

Conclusion

The post-coronavirus period may be a unique opportunity to build a real digital industry finally. This health crisis has revealed the importance of digital in our lives, our economies, and the extent of our dependence.

It is up to companies to implement the means to protect themselves. In this sense, cybersecurity responds to this challenge of protection and confidence to ensure the appropriate level of investment that covers cyber risks. It is considered part of a comprehensive approach to integrated management.

In conclusion, it is up to the company to use the solutions available to it against cybercrime, which are often very accessible, protect itself effectively and guarantee real security against possible cyber threats. The post-pandemic recovery and preparedness period is an opportunity for organizations to rebuild to a new normal, with business resiliency as a pervasive goal.

 

References

[1] https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html

[2] JIM et al. Cybersecurity After COVID-19: 10 Ways to Protect Your Business and Refocus on Resilience, Marsh McLennan, May 2020

[3] https://home.kpmg/xx/en/home/insights/2020/05/preparing-for-the-post-covid-19-era.html

[4] Kallberg, Jan, and Stephen S. Hamilton. “What COVID-19 can teach us about cyber resilience.” Fifth domain (2020)

 

About the Author

Yassine Maleh is a cybersecurity professor and practitioner with industry and academic experience. He is a Ph.D. degree in Computer Sciences. Since 2019, He working as a professor of cybersecurity at Sultan Moulay Slimane University, Morocco. He was working for the National Port agency (ANP) in Morocco as a Senior Security Analyst from 2012 to 2019. He is senior member of IEEE, member of the International Association of Engineers and the Machine Intelligence Research Labs. Dr. Maleh has made contributions in the fields of information security and privacy, Internet of Things security, and wireless and constrained networks security. His research interests include information security and privacy, Internet of Things, networks security, information system and IT governance. He has published over 60 papers (book chapters, international journals, and conferences/workshops), 7 edited books, and 2 authored books. He is the editor in chief of the International Journal of Smart Security Technologies. He serves as an associate editor for IEEE Access (2019 Impact Factor 4.098), the International Journal of Digital Crime and Forensics, and the International Journal of Information Security and Privacy. He was also a guest editor of a special issue on ‘Recent Advances on Cyber Security and Privacy for Cloud-of-Things’ of the International Journal of Digital Crime and Forensics, Volume 10, Issue 3, July-September 2019. He has served and continues to serve on executive and technical program committees and as a reviewer of numerous international conferences and journals such as Elsevier Ad Hoc Networks, IEEE Network Magazine, IEEE Sensor Journal, ICT Express, and Springer Cluster Computing. He was the publicity chair of BCCA 2019 and the general chair of the MLBDACP 19 symposium and ICI2C 21 Conference.