The unfolding COVID-19 crisis has been the most significant test of the world’s internet infrastructure to date. With employers and schools moving to remote environments, the expectation was that the expanded use of Software-as-a-Service (SaaS) tools like video conferencing would lead to crippling levels of web traffic. On top of that, experts anticipated the increase in internet use would prompt a corresponding rise in network attacks from cybercriminals. Many in the industry were concerned that the internet would not be able to sustain these unseen levels of duress.
As many employees transfer back to a more traditional business setting from remote work environments, adjustments to cybersecurity protocols are going to be necessary. Organizations will need to evaluate any temporary provisions that were put into place during the COVID-19 pandemic, including any shortcuts that were taken and processes that were circumvented, and whether such protocols should be reversed or enhanced.
Digital transformation with Internet of Things (IoT) devices provides many organizations a way forward, but optimizing the strategy needs to start with security.
Across industries, organizations seek to embrace Internet of Things (IoT) devices to reduce manual tasks and promote social distancing. However, IoT devices often lack basic security controls which lead to new cybersecurity risks across the IT stack. A comprehensive solution for managing IoT as part of organizations’ growth plans must also incorporate establishing best practices for moving forward securely.
The Cybersecurity and Infrastructure Security Agency (CISA) released an update to its Essential Critical Infrastructure Workers Guidance. Version 4.0 provides guidance on how jurisdictions and critical infrastructure owners can use the list to assist in prioritizing the ability of essential workers to work safely while supporting ongoing infrastructure operations across the nation.
Contact tracing for COVID-19 is critical to returning our nation to some semblance of normalcy, but we are far from a consensus on what effective, secure, cost-feasible and scalable contact tracing looks like. There are several documented, meaningful automated contact tracing efforts across the globe - not to mention more than 150 apps and initiatives in various stages of development. Getting contact tracing off the ground in the US is fraught with obstacles that are formidable, but not insurmountable. Among the thorniest is data privacy: if we can’t convince citizens that it’s safe and non-invasive to share information about who they’ve been in touch with, contact tracing will fail.
Over the past few months, millions of workers have turned their homes into their new, remote office, including state government employees, which brought a host of risks through use of unsecured Wi-Fi and poor access controls. This shift toward home as well as the underlying panic brought on by COVID-19 altered hackers’ focus and targets aimed at the remote worker. Chief Information Security Officers (CISO) preparing their companies for this change require time, training for employees and the right technology, as well as increased cooperation between the security teams and IT/network operations groups.
When it comes to PKI, leaders have two options: build it or move it to the cloud. PKI as-a-Service (PKIaaS) platforms are becoming a popular investment choice that provide all the benefits of a privately rooted PKI, but without the cost and complexity of running it in-house. PKIaaS providers can deliver a much more effective, and ultimately more secure, PKI than most enterprises can achieve on their own. Regardless of whether the choice is to build or buy, teams must consider six key requirements to ensure in-house or out-sourced PKI success – and digital identity security.
The COVID-19 driven shift to remote working coupled with accelerated digital transformation poses significant challenges to enterprise cybersecurity operations, widening the threat landscape and exposing enterprise networks, devices and data to increasing cybersecurity risk. Unmanaged devices, shadow IT and rapidly deployed remote access networks have all introduced emerging vulnerabilities that are being exploited by cybercriminals, making securing the enterprise even more difficult for CSOs and their teams.
COVID-19 has initiated a whole new host of cybersecurity threats. Twitter was one of the latest victims, its employees allegedly being targeted so that hackers should take over the accounts of certain verified users. And just before that, a June 25 story in The New York Times detailed the way in which a foreign entity is attempting to infiltrate American business by taking advantage of remote employees whose organizations – more than 400 million worldwide – use virtual private networks (VPNs).