IT Security: The long-term view post-COVID-19

The immediate impact of COVID-19 on business and, in particular, IT teams was clear for all to see. At the drop of a hat organisations had to enable homeworking for every eligible employee – causing major disruption to business-as-usual, creating a sudden shift in IT security focus, causing chaos to existing projects and IT budgets, and exposing serious security vulnerabilities. But, in the long-term, it’s predicted the challenged posed by COVID-19 might be fundamentally beneficial to organisations, with IT security now one of the most urgent agenda items at the boardroom table at time, at a time when malicious attacks are on the rise. It’s impossible to accurately predict how any industry will look going forward – but the cultural change caused by the COVID-19 pandemic means people must communicate differently both in their roles and with their organisation. Support with IT access is also being done remotely and so awareness of cyber security is even more important. Cyber criminals are using the coronavirus crisis to their advantage and recent research shows a sudden shift in IT security concerns. What is the industry saying? In SCC’s latest IT Insights Report, we asked 550 IT decision-makers from 11 different sectors about the impact of COVID-19 on IT security. Asked specifically what they believe the main threat will be to IT Security in five years’ time, the survey revealed a 52% increase in respondents highlighting resource theft as the biggest concern after COVID-19. There were also significant shifts in concerns when comparing views pre lockdown to post lockdown over ransomware (up 32%) and dependence on cloud services (up 24%), as organisations get used to the ‘new normal’ and changing threat landscape as a result of the pandemic. It’s predicted many organisations will look to continue supporting widespread homeworking in the long-term, even after social distancing measures are eased. The results in SCC’s IT Insights Report for IT Security support this, with homeworkers typically more susceptible to phishing and other cyber-attacks. Vulnerabilities to systems are also more exposed when more people are working from home and it’s both a short-term and long-term challenges all organisations face to ensure they are and remain protected. According to a recent report released by The International Information System Security Certification Consortium, (ISC)2, 96% of organisations had moved at least some of their staff to remote work, with nearly half of them shifting all employees out of the office. A subsequent Gartner survey found three-quarters of businesses expect at least 5% of their workforce who previously worked in company offices will become permanent work-from-home employees after the pandemic ends. This offers further evidence that the coronavirus crisis is also an opportunity to rethink overall IT security strategy and plans, including technology choices, collaboration, and security awareness and training. In a world of increased online and remote working IT directors have an immediate opportunity to demonstrate their teams value and get closer to their customers to create a greater awareness of IT security, enabling more effective cyber-transformation programmes in the future. As a result, the endpoint is becoming the first entry point target for cyber attacks and organisations are looking at securing these as priority. It is important organisations don’t just rely on traditional anti virus but move towards an end point detection and response (EDR) solution to alert and remediate on malware, ransomware and indicators of compromise (IOC’s). Email security is another area susceptible to outside threats. To reduce the risk of phishing and impersonation attacks it is important to be able to detect, contain and automatically remediate threats inside the email perimeter from internal cyber threats. The future In the long-term, the challenges of COVID-19 can lead to better integration of information security into design, change and procurement processes in the long term. This could then be the foundation of security-by-design processes in the organisation, something which IT security teams have had difficulty implementing previously. As people work from home and become more dependent on accessing information remotely, they can be supported to be more cyber-savvy to embed security in the minds of the whole organisation. This, alongside embedding security across IT platforms and infrastructure through firewalls, VPN, Multi Factor Authentication will make organisations far less prone to security attacks in the future. SCC’s approach to IT security is designed to protect organisations across all areas and the whole information and cyber security lifecycle, by understanding both specific threat levels and our customer’s current maturity before building solutions to match requirements, suitable now and into the future. Our approach is relevant pre- and post-COVID-19, with IT security crucial to all organisations and the coronavirus situation helping many to see threats that have always existed but have not always been a priority. Find out more about SCC’s security solutions here. If you would like to have a chat about your IT security needs, then please complete the form below:

Related articles: SCC Security Brochure – Managing the security impact of COVID-19 UK businesses committed to IT security despite COVID-19 challenges IT Security: 6 ways to protect your business from within IT security priorities in the aftermath of COVID-19