IT Security in a Post-Pandemic World
Building IT Security for a Post-Pandemic World
As majority of people in recent months moved economic and social life to the online world, having frauds and criminals operating this sphere this year does not come as a surprise. While there was a decline in violent crimes as a result of less mobility, according to Europol, Cyber crimes has been on rise.
During the Pandemic, the phishing campaigns have been at forefront used as ransomware attacks. DDoS attacks have increased together with videocalls misuse.
The Never-Ending story
The expert community mostly agrees that there won’t be cyber crime decline even after the end of pandemic. The main reason is digital transformation acceleration. ‘Corona-crisis’ has completely shifted home-office and video-conference uses to another level. With the arrival of technologies such as 5G and IoT, as well as greater AI availability, the opportunities for hackers and fraudsters have significantly increased.
As an example, we can mention the attack on Garmin company, which based on unverified information, paid 10 mil USD in exchange of regaining the access to data and system operations.
Naturally, alongside the organisation digitization, there is an increased demand for professionals monitoring technology, networks and data security. Last year, way before there was a sudden panic to finally start on ( long delayed and unrecognised) digitization, there was an increase in deficiency of IT security specialists in Europe by 100 folds to 300 thousand people by year. According to (ISC)2, around ⅔ of respondents reported to be missing IT security specialists last year.
The paradigm shift
It is evident today that companies and offices have to reconsider their security stance in postpandemic future- perhaps even completely change it.
Firstly, they have to realise that from all the possible threads and risks, vectors and attacks will be at the forefront. Hackers have sophisticated defence mechanisms and their strategies, techniques and tactics are always changing.
That’s why the traditional security measures like firewalls, antiviruses, proxy servers or web gateways are not suffcient enough for organisations. There is a need for more sophisticated tools based on advanced data flow analysis and machine learning- allowing for computer networks behaviours reports and anomalies or suspicious events notifications, namely huge rapid data downloads or unusual capacity overlad.
It is especially important to setup this monitoring due to increase in remote working and video conferences. The unprecedented surge in traffic overload usually leads to different functional and security issues.
There are people behind everything
Second important area is concerned with regular employees as well as IT Departments specialists. Employees have always been the weakest element of efficient IT security and data. Nowadays, they are subjected to more stress and frustration than before; consequently becoming a target to social engineering fraudsters; as well as in respect to Covid-19. This is why a part of a good strategy should be regular user education and awareness.
Second necessary part of new IT security strategy is to unburden people responsible for security, who already feel rightly overburden by new incident sources (IoT, remote user connection from home office, video conferences, etc.) Managers must think of ways to automate most of time-consuming workload, which specialists have to comply with in regards to security systems and data as well as legistalive obligations- as some organisations must report any security incidents. With the increasing gap between supply and demand of specialists on the market, automation need will become even more urgent.
The good news is that most managers are aware of the inevitable changes and associated investments beside its complex circumnstances. In this year’s national survey comducted by companies Flowmon Networks, Synapsa Networks, QuBit Conference and SecTec, more than half of respondents from different industries and public adminstration sector expressed that slight (10%) or stronger increase in operational security budget is to be expected.