3 must-ask questions for CISOs in the pandemic era

The coronavirus pandemic has accelerated several trends in emerging tech, but none more immediately disruptive than the proliferation of cybersecurity threats. The sudden uptick in both our reliance on digital, as well as widespread uncertainties have ripened the landscape for cyber criminals, resulting in a 600% increase in attacks, according to the UN. The total volume of coronavirus-related lures and threats marked the largest collection of attack types exploiting a single theme in decades, and possibly ever, according to another analysis.

From phishing ploys on remote workers, to fraudulent scams, to sophisticated targeting of healthcare infrastructure, pandemic-related cyberattacks mark (another) pernicious and invisible threat to people and organizations world over. Information security professionals find themselves on the front lines of a different invisible battle, one in which urgent questions are demanding solutions. What follows are three such questions security professionals must consider.

  1. How can we support our end users and clients?  

It is well known that cybercriminals capitalize on heightened emotional states and vulnerabilities to execute attacks. Social engineering, which uses psychological manipulation to prompt people to take certain actions or divulge certain information, powers the majority of cyberattacks– some say as many as 98%! Thus, the mental health impacts of the coronavirus pandemic have greater implications for enterprise security than one might think. Consider the convergence of factors:

  • Widespread fears, concern for loved ones, desire for answers and hope
  • Expanded demographics now working remotely, relying on digital platforms not only to work, but to find information and communicate
  • Many workers new to remote working (never mind its cybersecurity implications), and whether new employees or workers taking on new roles, research finds new hires are more susceptible to socially engineered attacks
  • 600% increase in cyberthreats, across both enterprise and consumer exploits (phishing, malware, remote user credential theft, weaponized email attacks, fraudulent actors posing as trusted sources, data and network penetration, and beyond)

Key takeaway: Focus on improving cyber hygiene across the enterprise 

The pandemic doesn’t just call for shifts in our social behavior and physical hygiene practices, it demands cybersecurity professionals engage in dedicated campaigns to safeguard online behavior and our cyber hygiene as well. The majority of organizations take a piecemeal approach to cybersecurity training, education, and support. Because people are the common exploit to penetrate systemic defenses, focus on employees, executives, contractors, partners, and any other human “node.” Communicate clearly about general best practices, existing enterprise programs and protocols, VPN policies, explanations for security mandates, how to verify trusted information sources from the enterprise, and how to identify and report suspicious interactions.

To see the questions #2 and #3, check out this article in SearchSecurity where it was originally published.

Leave a Reply

Your email address will not be published. Required fields are marked *