5 technological lessons that the pandemic has left
It has been 2 years since the world has lived with a virus that has changed the history of humanity and, consequently, of technology.
It seems that with the Ômicron variant and the increase in cases around the world, it will still take some time to put an end to the pandemic. Against this background, DigiCert reflects on the lessons learned so far in the technological universe.
Cybersecurity has never been more important
Successful attacks around the world have already accounted for global losses estimated at between US$1 trillion in 2020 and US$6 trillion in 2021, reports the International Telecommunications Union. The need for a safe cyberspace has become very important given the increasing dependence that people and companies have on the Internet. Institutions that have already been victims of criminals and those that fear adding to this statistic seek to be forewarned, acquiring more security services and sharing information.
The increase in the demand for cybersecurity translates into the results of the sector. In 2020, the information security market earned $156.2 billion globally, and is expected to reach $352.2 billion by 2026, according to a survey by consultancy Mordor Intelligence. In Latin America, the sector was valued at US$4.84 billion last year and is expected to reach US$9.57 billion in 2026.
A survey conducted by Fudo Security of a diverse group of senior cybersecurity executives in the United States, Europe, Asia, and the Middle East and North Africa found that 42% of CISOs around the world agree that the pandemic has changed its cyber security priorities. In part, the blame lies with the increase in attacks that use COVID as a hook for their scams. Although progress is being made, the cybersecurity battle is far from over. Unfortunately, as businesses return to the office in some capacity, some issues may remain.
Remote work security is essential
Millions of people around the world have started working from home instead of going to offices and other workplaces during the pandemic. The pandemic has shown that this type of work does not reduce productivity and has made many companies abandon their resistance to adopting it.
In a global survey of more than 200,000 people in 190 countries, Boston Consulting found that 89% of people expected to be able to work from home at least a few times a week after the pandemic ended. This is a considerable increase from the pre-pandemic rate: only 31% of people had this desire.
While working from home has its merits, such as lower costs for businesses, this meteoric rise has led to some worrying IT security issues that businesses have learned so far:
- Transition to the cloud. Since the pandemic, remote access solutions are preferred and organizations are gradually moving critical business processes to the cloud. However, relying more and more on the cloud and building cloud agility could create more vulnerabilities if not properly secured. Microsoft found that 39% of companies prioritize cloud security investments over data and information security or even network security. PKI can help secure the cloud and provide strong authentication and operational integrity at scale.
- Email phishing. Email phishing during the pandemic skyrocketed. There is a higher priority to educate workers and prepare them to recognize and know how to deal with threats from the pandemic and to develop best practices for secure email access.
- Various remote devices. Mobile devices need their own unique security protection. But 52% of organizations find it difficult to protect mobile devices from cybersecurity issues. A critical first step in resolving this is to implement an effective mobile device management (MDM) policy.
- No cybersecurity in the office. The company is more vulnerable when its staff cannot use office computer security measures, such as firewalls. Fortunately, with tools like DigiCert’s Enterprise PKI Manager, you can increase security and provide remote workers with secure VPN access.
- Password protection. Employees should be trained on password policy best practices, and your organization should implement multi-factor authentication. Also, with staff working from home, they may be tempted to share work passwords with friends or family to help them with certain work tasks. Obviously this is a safety issue and needs to be addressed with proper training for all staff.
Social engineering attacks just got more complex
According to the Verizon Data Breach Investigations Report for 2021, social engineering is a top attack vector for hackers. Threat actors have taken great advantage of free COVID-19 tests in the last two years. Scammers have used social engineering to trick users into providing a mailing address, phone number, and credit card number with the promise of charging 25 cents to verify their information and qualify for a free trial offer. COVID-19.
Offering bogus and “government-approved” cutting-edge technologies to fight COVID and take the temperature of people nearby tricked users into downloading malicious apps on their smart devices that threat actors leveraged for nefarious activities. For this reason, it is important for users to be aware of and not click on social media links and to be on the lookout for fraudulent emails that ask to click on links or reveal personal data. It is always important to check the legitimacy of the site in question, either by looking beyond the lock and checking their TSL/SSL certificates.
Focus on automation solutions and efficiency in the security market
As organizations worked to keep the lights on and examine the bottom line, there was a resulting push for efficiency in security technologies. There was also an emphasis on technologies that enabled organizations to do more with less, with automation playing a major role in terms of security innovation.
Security investments focus on immediate value, quantum computing continues to advance. As quantum computing enables tasks to be more efficient, organizations are prioritizing its continued development.
The new normal
This situation resulted in increased travel and a transition for workers to return to the office, leading to attacks on workers.
“Scammers looking to take advantage of the new normal targeting vacation-hungry travelers looking for great deals online or by email. Phishing attacks were the tool of choice and scammers successfully took advantage of it. For this reason, it is important to be careful when browsing, whether on websites, social networks or applications. It is recommended that you do not open or download files from unknown or suspicious websites or click on any links posted on social networks or messaging applications. Another tip is to keep your devices up to date with antivirus software,” said Dean Coclin, senior director of business development at DigiCert.
Telehealth providers opened themselves up to cyberattacks on an unprecedented scale. The value of a single health record is high, and this has become a growing target for scammers looking to take advantage of this situation. Healthcare providers must scramble to set up systems and keep up with telehealth appointments, while hackers hunt for soft, high-value targets. For this reason, protecting patient information is a high priority in healthcare today. By not encrypting communications from one networked medical device to another, a hacker could steal a healthcare employee’s login credentials, log into a hospital’s connected ecosystem, and exfiltrate PPI, which is sold to a higher price on the black market than credit card credentials. These data breaches are time consuming and can be financially devastating to a healthcare organization.