3 min read  | Cybercrime

How vulnerability management is changing in a post-pandemic security environment

With the important role cybersecurity services play in the business landscape, companies are striving to find more efficient and cost-effective solutions to gain a competitive edge. 

Today, this is precisely where vulnerability management comes in. With its ability to help enterprises improve risk management, data security, and malware intelligence, there’s plenty of scope for this activity in modern business operations. 

In fact, global security and vulnerability management is valued at over twelve billion dollars and is predicted to grow at a rate of 4.5% until 2027. 

The pandemic has led to many changes in nearly all aspects of the world, our lives and businesses. A whole new set of risks and vulnerabilities now threaten cybersecurity. 

Has the pandemic created new cybersecurity risks?  

According to a survey conducted by the ISSA and ESG, there has been a 63% increase in cyber attacks since the beginning of the pandemic. These statistics also conclude that as a result, the majority of businesses have seen an improvement in coordination between business, IT and cybersecurity executives.

That said, COVID-19 has also provided cybercriminals with a new platform and vantage point to operate from. 

  • Scammers today send phishing messages that don’t ask for Bitcoin, for example, but are now more pandemic-related.
  • Hackers have started to target collaboration platforms—with COVID-19 forcing employees to WFH, these platforms have become a source of very valuable information that can be leveraged and held at ransom. 
  • Hackers are embedding malware codes on fraudulent websites they create with the facade of providing legitimate information about the Coronavirus. These websites are created with the purpose of stealing information and appear like genuine sources of information.
  • Cybercriminals are creating ransomware and malware with COVID-19 in their name so it looks important. The downloaded file then encrypts personal or business data. 
  • Employees working from home may be working off unsecured networks—this may allow hackers to access video conference links and passwords. These can then be used to hack the company’s network. 

Has the Coronavirus fast-tracked digital transformation?  

With the sudden shift to work from home, companies have been forced to accelerate digital transformation. The biggest threat and risk in this situation is the increase in collaboration with third parties. 

A number of vulnerabilities can arise when employees WFH. 

Are they using a personal or shared network or are they sharing work devices? If each device and system is not vetted carefully, a single point of vulnerability is all that’s needed for the whole network to be compromised. 

This is one aspect of the pandemic that has increased the necessity of vulnerability management and tripled the workload of cybersecurity and IT professionals. 

Here are some strategies that may prove useful:

  • Educate your non-IT employees about the risks of cyber breaches. Ask them to be cautious of requests for information and to always verify the source. This could include unexpected emails or calls from co-workers. 
  • Consider adopting dual or multi-factor authentication. 
  • Update work-related laptops, mobile devices and apps, and install necessary patches.   

How can vulnerability management and cybersecurity services improve and adapt to the pandemic?  

If anything, COVID-19 has shown companies the necessity to adopt a zero-trust architecture. Cybersecurity services should operate under the assumption that devices and apps can’t be trusted and need authentication and verification on a regular basis, even on a task-by-task basis. 

Employers and vulnerability management personnel should conduct semi-regular bait-phishing exercises. 

This can be a double-edged sword, however, and needs to be done with a well-thought-out plan. 

With lockdowns and the fear and uncertainty still present, the pandemic has placed a lot of stress and emotional pressure on just about everyone. Bait-phishing can alienate employees, so you need to be careful about how this is executed.

Will COVID-19 impact cybersecurity priorities? 

Today, the focus of analysts and executives seems to be on addressing the unique challenges presented by the pandemic. 

Industry leaders do believe that the Coronavirus has been a wake-up call and businesses need to recognise that it is powerful cybersecurity that allows them to remain operational. 

We can predict, however, that companies that do use the pandemic as an opportunity to prioritise cybersecurity will emerge as the leaders of the next wave of process innovation and best practices.