The COVID-19 pandemic has affected many tech career fields. Learn how it has impacted cybersecurity professionals, and how to help.
Virtually all career fields have been affected by the coronavirus pandemic, some in positive ways and others in not-so-positive ways. As a system administrator who now works from home exclusively, I can attest I’ve been far busier than ever before, in part due to my 24×7 availability, in part due to the desire from management to obtain verifiable results from a remote workforce, and in part due to project initiatives intended to keep the organization moving forward in challenging economic times.
There’s no doubt that this pandemic will impact future security endeavors and cybersecurity professionals should educate themselves on what to expect. But there’s plenty to worry about now. Dark Reading reports that “US and UK cybersecurity officials warn that state-backed hackers and online criminals are taking advantage of people’s anxiety over COVID-19 to lure them into clicking on links and downloading attachments in phishing emails that contain malware or ransomware.” Furthermore, Tripwire said a survey it conducted found “81% of respondents say compliance is more difficult because of COVID-19.”
I spoke about how the COVID-19 is affecting cybersecurity workloads with several industry experts: Jack Hamm, CISO at Gigamon, a network analytics company; Jon Check, senior director of Cyber Protection Solutions at Raytheon Intelligence & Space; Stephen Cavey, co-founder and chief evangelist at Ground Labs, a data discovery platform; Bindu Sundaresan, director at AT&T Cybersecurity; and Dr. Humayun Zafar, an associate professor of information security and assurance at Kennesaw State University.
Scott Matteson: What are the challenges cybersecurity professionals are facing during the pandemic?
Jack Hamm: Overnight our potential attack surface expanded exponentially as our workforce transitioned out of the office. This sudden shift forced digital transformation initiative timelines to be condensed from years down to months and even weeks in some cases. The urgency and high-profile nature of this shift has put security professionals under more scrutiny than ever before.
We’re seeing increased pressure on existing IT systems that were never designed for this scenario, as well as enthusiastic threat actors that have jumped at the opportunities expanded attack surfaces create. Not to mention addressing the needs and concerns of the workforce as they attempt to remain productive in these uncertain times. And as businesses ask their employees to do more with less amid economic uncertainty, simultaneously, network operations and security teams face the challenge of lowering risk and removing blindspots as traffic patterns change—all while maintaining network performance, security, and a positive end-user experience.
Humayun Zafar: Simply put, the attack surface has increased since everyone is working remotely and is employing different technologies. Some of the technologies, especially personal ones (e.g. mobile devices) may not be secure. Some may not be patched. Some may also be completely outdated. Cybersecurity professionals need to take into consideration challenges that are arising because of these factors, while also maintaining a high level of security preparedness. This truly is a challenge that I doubt they were ever prepared for.
Jon Check: Attacks have greatly increased since the pandemic started. Cyber adversaries have always used natural disasters as a cover for cyberattacks–taking advantage of people focused on recovery activities.
Bindu Sundaresan: For cybersecurity teams across the globe, COVID-19 has presented a real-world stress test of how well their security controls as well as response strategies are working and also how effective they are in terms of providing the resilience needed by organizations today. Security teams are having to step in more than ever during this overnight digital transformation that has occurred for organizations and are caught in the wake of disruptive changes as a result of technology adoption (i.e. cloud), changes in operational paradigms as well as with maintaining regulatory/compliance. They are also on the front lines of helping to fight cybercrime that has escalated while also considering the revised attack surface given the remote workforce.
Stephen Cavey: The COVID-19 pandemic, and society’s phased re-entry into the new normal, has caused immense stress for cybersecurity professionals. With some employees returning back to the physical office in the coming weeks, while others are remaining remote until the foreseeable future, data management has become increasingly complex and problematic. Making matters worse, traditional security policies are being broken, as the pandemic has forced most organizations to combine personal and company devices (i.e. home routers, printers, etc.) in an effort to streamline employee productivity in a remote setting.
As a result, cybersecurity teams now have more ground to cover, as they try to keep pace with where, when, and how sensitive company data is being stored worldwide. Pair this with the fact that cybercriminals are taking advantage of the pandemic in their latest tactics–ranging from spear phishing to hacking home routers–and cybersecurity professionals have found themselves busier than ever before.
Scott Matteson: How is work from home impacting those challenges (for good or bad)?
Humayun Zafar: The main positive is that work from home allows a business to have a certain degree of continuity of operations while also keeping employees safe. The challenges on the negative front are plenty. Phishing campaigns related to COVID-19 have seen a steady uptick since the early part of the year. Due to the pressing nature of the issue, a high proportion of users have fallen victim to the scam. In addition to this, the use of unprotected devices could lead to data loss, privacy breaches, and systems held for ransom.
Jon Check: Cybersecurity professionals are very dedicated, and working from home makes it even harder for them to take good mental health breaks to combat burnout. There are no longer any artificial boundaries or other social cues that say it’s time to go home or take a break, so burnout is a real problem that needs to be addressed.
A lot of cybersecurity teams work together physically so the move to remote work has really put a damper on the collaboration that a lot of teams thrive on. Chat rooms and phone calls only go so far in replicating the ability of teams to use whiteboards and collaborate in a physical sense.
The other issue in the move to remote work is that remote communication capabilities actually introduced a blind spot in an organization’s ability to monitor for potential issues. You can’t monitor video conference calls in terms of data being leaked–either on purpose or inadvertently. If an organization implemented something like zero trust, which is great technology–but it offers a very different picture in terms of the data in their logs and how they work. It could cause security teams to chase a bunch of ghosts until they learn what the normal behavior is of these technologies.
Scott Matteson: What are some unique risks or threats associated with the pandemic?
Humayun Zafar: In addition to the multitude of threats faced, it is important for employees to understand that even though not everyone is an “essential” employee, it is essential that each employee understands that he or she plays a part in protecting their organization’s data, privacy, and infrastructure. Not having that mindset can easily result in an attacker breaching unsecured internet-connected home devices and inserting monitoring tools to capture credentials and other sensitive information.
Scott Matteson: What are some recommended strategies?
Dr. Humayun Zafar: There are quite a few options, ranging from the managerial to the technical.
- Enable multi-factor authentication (MFA).
- Ensure that VPN configurations, policies, and software/hardware are correctly configured and patched.
- Have a clear Bring Your Own Device (BYOD) policy for access to corporate assets, which includes antivirus, handling of sensitive information, etc.
- Ensure that identity and access management fully processes secure third-party access to company networks.
- Remind and train employees of the types of information they need to safeguard.
- Sensitive information—such as certain types of personal data that are stored on or sent to or from remote devices—should be encrypted in transit and at rest on the device and removable media used by the device (e.g., personnel records, medical records, financial records).
All of the above steps are useful even in situations not related to a pandemic.
Jon Check: Keeping employees healthy should be a company’s top priority. They can encourage frequent breaks, exercise and provide necessary technology for employees to be successful. At Raytheon Technologies, we’ve been encouraging our employees to take time off even if it’s a staycation. We also provide a variety of resources from counseling to free online workouts, as well as live, daily relaxation sessions.
Stephen Cavey: To reduce the IT security team workload, it’s important to leverage solutions and processes that can automate tasks and reduce manual workload for the entire team. Today, the most critical requirement for any tool being used by a CISO or IT security manager is automation–look for tools that have a strong API (application programming interface) capability, which allows all critical functions normally available through a point-and-click GUI to be available programmatically for other applications and platforms to trigger. Additionally, only consider platforms to be controlled in a systematic way and be triggered to perform specific tasks when events are identified in complementary or adjacent solutions–instead of raising alerts with your security team for manual review and button pushing. Automation will be key to reducing the stress and workload of often understaffed cybersecurity teams.
Scott Matteson: How are things looking for the future of remote cybersecurity work?
Humayun Zafar: Cybersecurity work even before the pandemic did not really have a traditional workweek. Threats did not vanish just because it was after hours or it was the weekend. However, the pandemic has brought to the forefront challenges faced in protecting an attack area that is inherently complex due to a mix of corporate and home-based networks and devices. There is no doubt that a lot of companies may have realized the importance of having resilient incident response and contingency plans.
Scott Matteson: How should cybersecurity pros prepare themselves for the transitions ahead?
Humayun Zafar: It is important for cybersecurity professionals to communicate to top management some of the challenges they have faced. Some may have had to deal with resource constraints, which is natural since 100% remote work is not a normal thing. It is also important for them to highlight any changes to policies that may need to be made in light of COVID-19. There is an organic quality to cybersecurity and its challenges, since both are continuously evolving.