“I really think that if we change our own approach and thinking about what we have available to us, that is what will unlock our ability to truly excel in security. It’s a perspectives exercise. What would it look like if abundance were the reality and not resource constraint?” — Greg York
The whole world is experiencing a new era of digitalization. With the advent of the 5G internet to the advancements in AI, digital transformation is at the pinnacle of its prowess. However, while the increase in technological adaptions may have its benefits, some disadvantages may outweigh them. Among these is the increase in cybersecurity concerns.
Many organizations have been victims of increasing risks of cybercrimes in recent years, but the situation worsened after the COVID-19 outbreak. The rise in remote work has led to an increased number of security attacks targeted at businesses, government records, celebrities, and the healthcare industry. It was reported that cyberattacks in the healthcare industry alone increased by 150% in the last few months. This rapid rise in data security concerns added fuel to the fire as several organizations were already facing hardship in the post-COVID times.
The COVID-19 pandemic has fundamentally transformed the threats that businesses are now facing. Since virtual business operations have become a part of the new normal, remote access tools have made systems vulnerable to cyberattacks. With businesses looking to cover the losses concurred during the peak pandemic, cybersecurity concerns can alter their plans significantly.
There’s a good chance that the concept of remote working is the main culprit behind the rise in cybercrimes. However, working from home has become a cultural change for much of the workforce. Furthermore, organizations aren’t aware of the best cyber-hygiene practices when working from an untrusted work environment, making them easy targets. They are also surrounded by fear and uncertainty and have doubts about their wellbeing during crises, making them more prone to being tricked.
Stephen Nappo once said, “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.” Experts have repeatedly discussed that cybercrimes are uncertain, and they can hit anyone on any day. However, looking back on how the last two years have passed, it was certain that nobody expected a pandemic to halt the world. Unfortunately, cyber threats may be unprecedented, just like the COVID-19 outbreak.
In his book, Christian Espinosa, the founder of Alpine Security and Managing Director of Cerberus Sentinel, discusses that the global pandemic showed us that even the best of practices could become obsolete on any given day. He states, “The only thing certain is uncertainty”, in his book The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity. “Even the Secure Methodology is uncertain because different people will have a different response to it.”
Espinosa’s stance is quite clear, given the circumstances. He highlighted that the COVID-19 exposed the false sense of security business leaders had for decades. However, it doesn’t mean that business leaders can’t seize the moment and improve their cybersecurity measures. In his book, Espinosa identifies how business leaders must consistently evolve to win the cybersecurity war. They need to embrace uncertainty and use the change to grow and become more adaptable.
In today’s business world, leaders need to have the right tools for resilience and the tendency to learn. However, in a crisis like a pandemic, choosing battles wisely is imperative. CISOs identify that considering that cyber risks are evolving virtually on a daily basis, compliance-driven approaches have become obsolete. Instead, it’s time to become risk-driven and understand the landscape of cyber risks. Further, leaders must also focus on using their pandemic-compromised resources where the value-at-risk is the highest.
Espinosa also pointed out that business leaders are currently facing the fear of failure. That’s a major concern considering the rapid rise of cybercrimes in today’s business world. He believes that several professionals lack the confidence to approach severely complex cyberattacks that have surfaced after the pandemic struck. Not to mention the concern of stepping outside of the comfort zone to try something new that also exists.
It’s a common notion that technical professionals aren’t eager to try something new and often rely on conventional methods to get the job done. Espinosa suggests that it’s time to break the shackles of habit and become adaptable to different work environments. After all, nobody thought remote work would work out, but it did, so the best course of action is to embrace it and get aligned with it.