There is no business, regardless of size or industry, that has not been impacted in some way by the COVID-19 pandemic. Retailers struggle with store closures, inventory challenges, and eCommerce. Educators struggle with online learning and how best to address the digital divide. Healthcare providers struggle to secure enough beds and supplies to care for the influx of patients.
As the primary threat of the COVID virus now subsides in some countries, businesses struggle with adjusting to the ‘new normal’ – how to get back to some sense of normalcy, while ensuring the health and safety of their employees and customers.
Adding to these struggles is the increased frequency of cyber-attacks. Since the COVID-19 pandemic began, the World Health Organization has reported an increase in cyberattacks, going so far as to issue a warning that hackers and cyber scammers are taking advantage of the pandemic to send fraudulent email and messages.
Any change in routine creates new opportunities for hackers and cybercriminals have been capitalizing on the vastly different world we all live in:
Since the pandemic became, much attention has been placed on good personal hygiene to prevent the spread of the virus. Also important is maintaining good cyber-security hygiene and practices. It is essential that businesses protect themselves, their employees, and their customers from cyber-attacks during this time.
Even before the new security risks of COVID-19 appeared, businesses already needed to do more to enhance their cybersecurity processes, as illustrated by a recently published Global Survey from Extreme Networks that revealed that businesses security precautions are falling flat. Survey results are summarized in the infographic below.
What does good cyber-security hygiene involve? Implementing network security best practices, while concurrently addressing the emerging threats that COVID-19 brings.
While the world may have changed, security principles and fundamentals have not. The State of Network Security in 2020 webinar highlighted four simple steps organizations can take to bolster network security.
Getting the basics right includes security training, patch management, password controls, and off-line back-ups – ‘table-stake’ measures all organizations should take to reduce exposure.
The challenge in the current COVID environment is that IT departments are stretched. They are now tasked with enabling remote access to hundreds or thousands of employees; or extending network infrastructure to accommodate student learning or pop-up care facilities; and unfortunately, the basics can fall by the wayside.
This is the time where ‘getting the basics right’ is more important than ever. Given the increased number of cyber-attacks, organizations need to ramp up education and phishing awareness campaigns; and ensure that patches and security updates are done as soon as possible. Many organizations, such as Zoom, are working around the clock to address new vulnerabilities as they arise and introduce patches. The onus is on all of us to ensure we remain current.
While there is no one-size-fits-all strategy when it comes to network security, organizations need to enforce the appropriate network security best practices that are appropriate for their business. This may include policy-based access control, network segmentation, regulatory compliance, IoT security, and more.
During COVID-19, extra attention needs to be directed to areas such as remote access, IoT, network access control, and user privacy. For example, remote employees may use personal devices to connect to their corporate network – devices that lack the security controls of company-provided hardware. Adding to the risk, is users are increasingly turning to cloud-services and bypassing corporate VPNs. Organizations need to ramp up endpoint inspection, traffic inspection, segmentation, and remediation/isolation. Data privacy also needs to be top of mind as contact tracing is introduced, to ensure user’s personal data is protected.
In addition to the wealth of cyber-security industry resources that previously existed (e.g. CISecurity Controls, Mitre Atta&ck, the Cloud Security Alliance), there are now many COVID-19 specific resources, including CISA Covid-19 resources, World Economic Forum blogs, and the Federal Trade Commission Coronavirus resources.
Lastly, every business must pay extra vigilance over their environment during this time. Now, more than ever, is not the time to ignore suspicious behavior or decide you will “get to it tomorrow”. Don’t wait when you see anomalies – early detection and intervention are key to addressing security issues and preventing propagation and more widespread damage.
Learn more
To learn more about the impact of COVID-19 on Cyber-Security, register now for Extreme’s Security Threats & Privacy Considerations for COVID-19 and the New Normal webinar.
Ed Koehler, a distinguished principal Engineer and Cybersecurity expert at Extreme Networks, and Phil Swain, the Chief Information Security Officer at Extreme Networks, will share their insights on the changes taking place in the cybersecurity industry and what organizations need to look out for.