That COVID-19 has greatly affected the world goes without saying. And the way organizations are now being run may be one of the most apparent exemplifications of just how big the impact of COVID-19 is, as everyone – as in everyone – find and/or embrace newer practices to stay afloat, or, if they can at all, manage to thrive.
This should come as no surprise.
When it released a special report on “COVID-19 Pandemic Crisis and its Implications on Cybersecurity” on November 30, the Information Security Journal quipped: “The COVID-19 crisis has strengthened and reshaped our society’s dependency on ICT and the Internet due to the more widely adopted remote working and distance learning practices. The malicious actors have rapidly adapted to these changes, and this, in turn, has led to some shifts in attack surfaces and methods.”
Heck, even the World Health Organization (WHO) released a statement on cyber security.
“Hackers and cyber scammers are taking advantage of the coronavirus disease (COVID-19) pandemic by sending fraudulent email and WhatsApp messages that attempt to trick you into clicking on malicious links or opening attachments,” the WHO stated.
CYBERCRIMES GALORE
Various studies have actually already started to surface on this.
According to the Cyberchology: The Human Element, for instance, cybercrime increased by 63% since the COVID-19 lockdown was introduced; and – sadly – human error has been the biggest cybersecurity challenge during the COVID-19 pandemic, according to CISOs. What may be more worrisome is that only a quarter of businesses consider their remote working strategy effective, with 47% of people concerned about their ability to manage stress during the coronavirus crisis.
More specific to the Philippines, CrowdStrike 2020 APJ State of Cybersecurity Report found that “organizations in Philippines expect increased technology budgets to support escalated digital transformation in today’s new business normal.”
A big chunk of local organizations (at least those surveyed) reported “digital transformation at an unprecedented pace and scale” to adapt to the changes and challenges posed by COVID-19. Specifically, 81% of local business leaders expect technology budgets to increase; 46% said the pandemic accelerated their move to cloud solutions; and 95% said COVID-19 changed the way they interact or deliver products and services to customers.
“These results indicate a strong shift and rapid investment into transformation projects that move from traditional on-premises security solutions to next generation cloud-native solutions as organizations look to protect today’s distributed workforce and digitally driven business models,” CrowdStrike 2020 APJ State of Cybersecurity Report stressed.
FOCUS: CYBER SECURITY
COVID-19 brought tech-specific changes; and here, cybersecurity is one of the main focus.
This is not entirely surprising, since – as stated in CrowdStrike 2020 APJ State of Cybersecurity Report – 86% of organizations list the enhancement of cybersecurity measures as a top priority.
The CrowdStrike 2020 APJ State of Cybersecurity Report similarly noted that 3 in 4 of business leaders in Philippines consider cyber-attacks to be among the top three threats to their business over the next six months, even more so than current trade tensions and climate change. The top cybersecurity challenges expected in the next 18 months include remote workforce (70%), new regulation (66%) and costs of compliance (60%) .
According to Sherif El Nabawi, Vice President, Engineering, APJ, CrowdStrike: “Organizations must therefore update their cybersecurity policies to factor in remote or hybrid working. This includes planning for the use of personal devices, secure access for Bring Your Own Device (BYOD) on corporate networks and leveraging VPNs to protect sensitive data accessed through insecure Wi-Fi. Keeping employees educated on cyber-threats brought about by remote or hybrid working situations and educating them on cyber hygiene are important for minimising exposure.”
he added that organizations must “remain well-prepared, with crisis management and incident response plans that can be easily executed at a moment’s notice through effective remote collaboration tools. Lastly, having cloud-native cybersecurity technology for advanced endpoint detection is crucial, so organizations’ cybersecurity teams can centrally isolate and remediate any threats that emerge from an employee’s device or personal network, well before the threat can break out of its initial beachhead and proceed to infect other users or systems throughout the entire network.”
With mounting cyber threats in this changing world, KPMG listed down eight key cyber security considerations.
PROVIDER RESPONSES
But COVID-19 did not only affect businesses; it also affected those servicing businesses.
Writing for McKinsey & Company, Venky Anant, Jeffrey Caso and Andreas Schwarz (https://www.mckinsey.com/business-functions/risk/our-insights/covid-19-crisis-shifts-cybersecurity-priorities-and-budgets) aptly stated: “To succeed in the post-COVID-19 era, technology providers must rethink their strategies and offerings to accommodate a new security landscape. And they must continue to monitor customers’ needs and adjust sales, service, and training accordingly.”
In a response to Upgrade Magazine, Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, said: “What we have seen is that this situation has forced everyone to make accelerated shifts in life and work. I can say the best lesson that companies/businesses can learn from this experience is to be honest about their capabilities and to speed up their digital transformation.”
Kaspersky, for instance, sees that “targets for which continuity of operations and data protection is extremely critical are healthcare organizations. Apart from keeping the medical equipment and data constantly available for medical personnel, hospitals and medical institutions are also protecting the privacy of their patients’ critical information.”
This is why Kaspersky is offering solutions specific to this sector – e.g. Kaspersky Endpoint Security for Business Advanced and Kaspersky Hybrid Cloud Security, Kaspersky Endpoint Security Cloud Plus (SaaS endpoint protection) and Kaspersky Security for Microsoft Office 365 (protection for MS Office 365).
For his part, Louie Castaneda, Fortinet Philippines Country Manager, said that “the COVID-19 pandemic is different from any other crises because everyone is similarly impacted, and potentially for the long term. Other previous crises like the tech-driven Y2K bug or natural disasters are somewhat localized in terms of geography or sector and do not have the same global scale as the current pandemic. In those instances, people can physically move to another location, either in another province or region and try to start anew, find jobs, and/or start new businesses in a place with better prospects.”
Castaneda noted that in terms of tech-use, COVID-19 has “merely accelerated tech trends, such as BYOD, digital banking, online government services, e-commerce. These shifts are signs of digital convergence enabled by IoT, mobile devices, and high-speed mobile networks 4G/LTE and the upcoming 5G. These trends are referred to as ‘Digitalization,’ ‘Digital Transformation,’ and’Digital Modernization,’ which are buzzwords that have been used for years.”
For its part, at least, Fortinet’s remote work solutions offerings (that respond to the demands imposed by COVID-19) is comprised of two things: the FortiGate next-generation firewall (NGFW), and the FortiClient agent for VPN support. These are supported by the Fortinet Security Fabric, which enables round-the-clock protection and easy management.
CHANGED WORLD
For Karrie Ilagan, managing director of Cisco Philippines, COVID-19 has changed the world in ways few could have anticipated just a few months ago. “Unfortunately, this rapid change has also exposed potential security weaknesses, as well as new or increased opportunities for attackers and adversaries.” Particularly, as certain tools have now become ‘business critical’, they are being tested in ways previously overlooked and businesses are needing to consider whether they can stand up to this increased scrutiny.
Some of the Cisco’s solutions that allow businesses to continue despite global disruptions and their usage throughout the pandemic are Cisco Security, and Webex.
Ramon Karingal, Chief InfoSec and Risk Advocate for Asia Pacific and Japan of RSA Security, said there are some security-related tips for companies/businesses as they move forward for them to successfully navigate or face similar pandemics like COVID-19. These include: providing employees with the capability to securely access the corporate network when working either in the office and/or remotely from location outside the office; providing continuous education and reminders to employees on cybersecurity aware and safety, especially on phishing and identity thefts; and improving organization capability to detect and respond to any cybersecurity-related incidents by either building inhouse cybersecurity capabilities or subscribing to managed services.
To this end, RSA Security’s offerings include: SecurID Suite, NetWitness Platform, Archer Integrated Risk Management, and Fraud & Risk Intelligence Suite. The RSA brand is being carried by VST ECS Phils., Inc, the largest ICT distribution company in the country.
In the end, “the key is to accept that these changes are here to stay, and organizations need to assess the gaps in their operations that can be addressed by early investments in technology. At the same time, organizations should not be pressured to adopt all kinds of innovation that are out in the market. The important factor is to innovate with the right technology that serves specifically what the organization needs, and complement with the necessary training for all the users to maximize potential of these tools. After all, technology is only as good as the people who use it,” Ilagan said.
To further discuss tech security at the time of COVID-19, Upgrade Magazine discusses the issue – and more importantly, what business can/should do to face the “new normal” – with some of tech world’s brightest minds.
For Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky: “Never have we experienced a sudden transitioning of the global workforce from working in office spaces to working from home. This current state of affairs does not appear to be reverting back to the pre-Covid setup soon. And so we encourage organizations to pause and reflect on their network structure, make the necessary changes as quickly as they can, and get help from the experts. At this point and with this current circumstances that we all are in the goal should be about building both the resilience of their employees and the organization as a whole.”
Louie Castaneda, Fortinet Philippines Country Manager, said that “organizations need to ensure that their business continuity/disaster recovery (BCDR) plans are updated so they are ready to quickly ‘flip the switch’ to teleworking in the future – whether due to the next pandemic, a major weather event, or some other unforeseen event. Organizations need to rethink what networks and a digital workforce look like in the 21st century—this should include bolstering the network edge, which has faced increased risk ever since the prioritization of mobility, IoT, and 5G.”
“The pandemic has incited tremendous changes in the consumption habits of our consumers, as well as in the way we work. Arguably, the most important lesson that many businesses have learned is in the importance of ensuring business continuity at a time when physical business presence is limited, or even impossible, for an extended period. This involves being able to operate, connect and offer solutions and services to customers virtually and as smoothly as possible,” said Frederic Ho, Vice President, APAC, Jumio Corporation
For Karrie Ilagan, managing director of Cisco Philippines, as certain tools have now become ‘business critical’, they are being tested in ways previously overlooked and businesses are needing to consider whether they can stand up to this increased scrutiny.
“Disruptions demand everyone’s attention, and if they extend over a long period of time, the risk of not achieving business objectives can create strategic risk,” said Ramon Karingal, Chief InfoSec and Risk Advocate for Asia Pacific and Japan of RSA Security. “It is critical to ensure your risk management program enables you to continue to identify new risks, evaluate and measure critical risks, take appropriate steps to manage the risks within acceptable tolerance levels, and advise executives on decisions they need to make.”
“This pandemic has taught many businesses the hard way that disruption can happen to any business and industry, no matter how big or small they are. Whether it’s caused by a physical human virus or an electronic one, disruption can come when you least expect it,” said Sumit Bansal, Senior Director of ASEAN and Korea, Sophos. “Therefore, organizations need to adopt a ‘when’ not ‘if’ approach to their crisis planning.”
“While it’s not surprising that cybercriminals are seizing this opportunity to exploit the pandemic for their personal gain, it’s clear the criminals who profit from cybercrime are going to any extent to succeed and are in it for the long haul,” said Oscar Visaya, country manager for Philippines, Palo Alto Networks. And so “we’re continuing to monitor and protect against these threats, but it’s important to note that these shifts in behavior highlight that cybercriminals are investing time and resources to bolster their attacks.”
