Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Companies need to enhance cybersecurity amid the continuation of COVID-19 in 2021

By Robert R. Ackerman Jr.
cyber_lock
January 7, 2021

Cybercriminals love a good crisis. So it’s no surprise that they jumped at the opportunity to take advantage of the COVID-19 pandemic to exploit tens of millions of home-based workers who have provided new access points to malware, cyber viruses and phishing attacks. The attack surface for attackers has never been wider.

The assaults, of course, don’t stop here. Cybercriminals also use newly-implemented technologies to move to the next step and try to penetrate corporate systems.

Earlier this year, corporate chief information security officers (CISOs) pivoted from working on routine tasks and quickly instituted measures to maintain business continuity by monitoring soaring threat levels and patching remote systems over virtual private networks. But it hasn’t been enough.

This raises an obvious question. Is your company’s cybersecurity policy as effective as it should be amid these tumultuous times? And if you’re not an employee but the owner of a small business – typically someone with much less sophisticated cybersecurity protection – how does your online security stack up?

The answer: Cybersecurity has improved, but markedly more has to be done to secure networks in 2021, the second year of the pandemic. The number of cyberattacks has become staggering.

The FBI recently reported that the number of attack complaints in their Cyber Division has reached as many as 4,000 a day – a 400% increase from what it was seeing pre-COVID-19. Meanwhile, a study by CrowdStrike, a Silicon Valley cybersecurity vendor, showed more intrusion attempts on corporate networks in the first six months of 2020 than in all of 2019. Its threat-hunting team blocked 41,000 potential intrusions – compared with 35,000 in all of 2019. One of the biggest reasons behind the increase, the company said, was the rapid adoption of remote workforces, significantly expanding the attack surface at many corporations and other organizations.

Another problem has been the strain of resources experienced by many organizations, creating new security vulnerabilities. In recent months, for instance, some healthcare organizations have temporarily relaxed firewall rules to facilitate additional work-from-home capabilities or short-circuited vendor diligence protocols. They have also rapidly expanded telehealth capabilities or quickly erected temporary medical facilities lacking traditional security infrastructure.

It’s not that companies haven’t been trying to improve their security. Since the start of the COVID-19 pandemic, they have increasingly deployed customized proprietary security plans instead of generic plans and focused more on who is connecting into their infrastructure securely. More are also recognizing that relying solely on preventive measures without also employing offensive measures to curb attacks is insufficient. Many, however, have yet to follow suit.

“Companies will get breached,” says Robert Lee, the CEO of Dragos, an industrial cybersecurity firm. “Companies shouldn’t worry about that because they can’t stop all breaches. But if they don’t have the data they need to respond to an attack and know how to respond, they will fare much worse.”

Another reason for the surge in attacks – despite the enhanced security steps taken by organizations – is that many have been forced to rapidly develop and deploy ad- hoc continuity plans. This leads to rushed and incomplete solutions. While often functional, they typically are not secure enough for the long term. One way for companies to help combat this is to explore artificial intelligence-based methods to better protect their remote mobile workforce so that they can access any data or application required to be productive.

“To realize this benefit, companies have to deploy zero-trust solutions that ensure this improved way to work is truly secure,” says Charles Eagan, the chief technology officer of Canadian-based cybersecurity vendor Blackberry Cylance.

There are a number of even more important – and more basic – steps that companies and other organizations can take to mitigate cyber threats. Here they are:

  • Companies must make a point of teaching their employees how to be on the look-out for signs of malicious activity, and how to react if they are suspicious. Applying maximum skepticism of inbox security is crucial at all times.
  • Those with large work-from-home bases need to prioritize the purchase of services such as overall management of detection and response, managed endpoint and response, and vulnerability management services. Midsized enterprises, in particular, have traditionally invested security budgets mostly on preventive controls, such as firewalls and endpoint protection, leaving them underinvested in detection and response.
  • Update company software and systems. Make sure that the potpourri of devices in the hands of users are all updated with the latest versions of their operating systems. This typically requires embracing a “push” methodology, forcing new security updates onto a user’s device. This is better than a “pull” methodology, which notifies the user that new security patches are available to be downloaded but often never are.
  • Conduct top-to-bottom security audits. This audit will review the security practices and policies of your central IT systems, as well as your end-user departments and at the “edges” of the enterprise, such as IoT devices at manufacturing plants. The audit should also examine remote site compliance with security policies.
  • Demand regular audits from vendors and business partners, among the most significant threat vectors. Most sizable companies now see the cloud as integral to their technology, making audits of outside players even more important.
  • Perform regular data backups that work. A significant problem, unfortunately, is not that companies don’t perform regular backups but rather that they don’t always work properly. Data backups and disaster recovery measures need to be thoroughly tested at least once a year.

Meanwhile, what should small businesses do?

If they don’t have one already, small businesses must create a cybersecurity policy and train employees in their stipulations and install a firewall as a protective barrier between their data and cybercriminals. Businesses must also document a BYOD policy focused on security precautions. In addition, they would do well to adopt a managed security service, which provides round-the-clock monitoring and management of intrusion detection systems and firewalls.

The overriding message behind all these steps is abundantly clear. Businesses big and small need to continue strengthening their cyber protection. The COVID-19 pandemic is continuing in 2021, and no company wants a re-play of all the unprotected cyber threats that lie in wait if unaddressed.

 

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.

KEYWORDS: cyber security incident response information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bob ackerman

Robert R. Ackerman Jr. is founder and managing director of AllegisCyber Capital and co-founder of cyber startup foundry DataTribe. He was the first investor to create a venture fund focused exclusively on cybersecurity and data science and has been investing in cybersecurity for more than 15 years in the U.S. and select international markets. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • board of directors freepik

    Corporate boards are better at cybersecurity but still need improvement

    See More
  • test

    CISOs are changing their ways amid their toughest environment ever

    See More
  • digital-cyber

    Five tips for chief information security officers to increase their strategic value to the CEO and board of directors

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing