The COVID-19 pandemic continues to have a huge impact on businesses across the globe.
One of the biggest priorities for security leaders has been ensuring a smooth and secure transition for employees working remotely. And while many governments are urging a gradual return to the workplace to help boost the economy, a number of major brands including banking group RBS have said they do not expect their staff to be back in the office anytime soon.
As is to be expected with a sudden increase in remote workers, hackers have been targeting home IT systems, and specifically vulnerable routers. There have been reports of attackers breaking into people’s routers and changing DNS settings in order to point unsuspecting device users to coronavirus-related sites pushing malware.
Organisations have also been directly targeted. The UK, US and Canada security services believe a hacking group called APT29 has targeted various firms involved in COVID-19 vaccine development, with the likely intention of stealing information.
Pandemic-related threats are not the only issues playing on the minds of those with data-protection responsibilities. The recent invalidation of the EU-US ‘Privacy Shield’ data-protection agreement could have major ramifications for UK organisations’ legal responsibilities.
So, what does this all mean for security leaders? What is the ‘new normal’?
In a complex and evolving landscape, telling the difference between 'perceived' and 'genuine' threats is very difficult. However, one thing we can be certain of is the growing awareness among employees and consumers about the value of their data and the importance of making sure it doesn’t end up in the wrong hands.
The introduction of GDPR and widespread media coverage of the topic in recent years has enhanced understanding and concern about data privacy issues. Recent events will reinforce this trend, with greater transparency being demanded from users so that they can make informed decisions on what data they will share with organisations. It doesn’t mean that they won’t share their data, but they will need to understand the trade-offs (what’s in it for them), so we may to see a much more informed user group emerge as the next normal.
Organisations will be expected to provide a duty of care to their customers/users with regard to safeguarding data. We can expect to see greater scrutiny of organisations, but it is important to recognise they do not need to do this alone, and can benefit from greater visibility and economies of scale by working with a dedicated cyber security partner.
Political dimensions will continue to be influential factors (as they have always been). From a cyberdefense perspective these powerful geopolitical forces are like the weather. They have an enormous impact on our daily reality. While we can study these forces and even attempt to predict them, we have no real way of controlling
them. Our only choice here is to observe and orient our own strategies accordingly.
Finally, new techniques will be required to combat the war on cybercrime. It’s not just the technology layer that will be important – implementation and the fusing of business objectives and the security needed to make it sustainable will be a key consideration as cyber security becomes tightly wrapped into all business processes.
Successful cyber security specialists in the new normal will be those who work in true partnership with their clients - understanding their business needs and how to appropriately address the associated cyber challenges to enable them to play their role in creating a safer digital society.