Why Is Cybersecurity Important in the Post-Pandemic World?

The world has changed, and cybersecurity needs to catch up. That’s a tall order, given the digital disruption that has accompanied the COVID-19 pandemic and that will continue to redefine many aspects of life and business in the years to come.

In a less than optimistic assessment, a leading management consulting firm recently declared, “The situation is likely to get worse before it gets better.” Companies need to innovate for the post-COVID era with built-in cyber resilience, EY explained, “but many have yet to address the deferred risks and potential vulnerabilities that were introduced during their transformation efforts at the height of the pandemic.”[1]

Expectations also ran pessimistic in Mimecast's State of Email Security 2021 survey of 1,225 IT professionals around the world. Looking ahead, 70% of survey respondents anticipated a disruption of their business due to online attacks. They reported that one cybercrime in particular — ransomware — came on stronger than ever during the pandemic as attackers exploited remote work, remote schooling and beleaguered healthcare systems.

On a brighter note, the security stresses encountered to date have made the need for cyber resilience an urgent action item among more business and government leaders. And two-thirds of technology executives surveyed by Gartner said they were planning to increase cybersecurity spending for 2022.[2]

The New Importance of Cybersecurity

As more workers became remote workers during the pandemic, so too more customers became remote customers. Consequently, maintaining a secure online environment has become doubly important for business. Any disruption due to a cyberattack can be devastating. 

Such interruptions can add to the challenge of doing business when supply chain and labor issues are already taking a toll. In turn, a cyberattack can cause damage to a company's reputation among customers and partners, as well as lost business and the threat of data loss. 

The pandemic itself has generated new opportunities for cybercriminals to prey on people's anxieties. Cybercrime has surged, often committed by criminals using COVID-19 related scams. Emails and websites offering misleading information about the virus or fake cures have often provided an entree for criminals to insert computer viruses in systems. And employees who are normally vigilant can be distracted by the new daily stresses everyone faces, making them more likely to fall for phishing scams and inadvertently divulge critical information like passwords. 

Remote work on home computers, which often don't have the same security software used at the office, has also made companies more vulnerable to attacks. Compounding the problem is the new demand for remote access to services from customers and clients. This fundamental shift has been aided by the move to cloud computing platforms and web apps — which, in turn, have to be monitored and protected.

Cybersecurity Facts and Statistics

The extent of the cybersecurity threat and how it has grown during the pandemic can be seen in the numbers. And the numbers are startling:

• Email attacks: These increased 64% in 2020, according to the Mimecast survey.
• Ransomware attacks: Sixty-one percent of companies in the survey said they experienced a ransomware attack last year.
• Ransoms: $40 million was paid by an insurance company in 2021, in one of the largest reported ransoms to date.[3] $11 million was paid to cybercriminals by a global meat supplier after plants were shut down last year.[4]
• Data breaches: The number of U.S. data breaches for the first three quarters of 2021 exceeded the full year total for 2020 by 17%.[5] The cost of a data breach, including downtime, recovery costs, rising insurance premiums and reputational damage, is averaging $4.24 million, and the cost of mega-breaches could be 100 times that.[6]

Impact of Cybercrime on Businesses and Enterprises

You keep information because it's valuable to your business and that makes your data valuable to cybercriminals, as well. Ransomware attackers, for example, can not only lock employees out of computer systems but also steal information and threaten to sell private data to the highest bidder or release it on the dark web. This crime is a potentially devastating threat that can result in the loss of hard-won intellectual property and present future threats to customers and clients. Many companies that store sensitive information, such as hospitals and insurance firms, have become particularly popular targets. 

But every company is susceptible to cybercrime. Consider last December's revelation that a networking software company had been hacked, infecting approximately 18,000 business customers including many Fortune 500 companies.[7] The attack gave criminals access to systems around the world for months before the incursion was detected.

Moreover, as financial transactions have become commonplace online, business email compromise (BEC) attacks have targeted funds transfers usually done with suppliers and contractors. Disguised as correspondence from familiar, legitimate business partners, such fraudulent transfers accounted for losses estimated to exceed $1.8 billion last year.[8]

Compliance and Legal Issues Increase Risk

In addition to potential revenue losses, companies face compliance risk. Data must be properly protected to comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) for medical data in the U.S. or the General Data Protection Regulation (GDPR) for personal data in Europe. Attacks that reveal such information can lead to fines for victim companies.

Cyberattacks can put businesses in further legal jeopardy. Business partners and customers harmed by ransomware or the loss of data may turn to the courts for redress. In a recent example, gas stations are suing a pipeline operator that shut down its system after a ransomware attack, cutting off their supply.[9]

Strategic Moves for CISOs Post-Pandemic

Some experts say that security executives need to go back to the drawing board to address the risks posed by their extended networks and their performance in such areas as testing.

“The crisis has highlighted weaknesses in cybersecurity and areas where improvement is required,” EY said. CISOs need to accelerate efforts to address security by design, impress upon their CEOs the integral role of security in supporting business transformation, and build stronger security cultures in their organizations.

Mimecast experts advise a multi-layered cybersecurity strategy that involves all employees, departments and third parties becoming more aware and proactive against potential threats. For example, companies should implement a zero-trust ethos in reviewing supply chain partners.

Tactics to Protect Against Internet Security Threats

Whether your business is still operating largely on a remote basis or the majority of your employees are back in the office, it's time to instill — or re-instill — best security practices. Recommendations include:

• Create cybersecurity awareness: Training employees regularly is essential. Make sure they know how to recognize the latest phishing scams and attacks.
• Limit data access: Restricting who has access to data can help reduce vulnerability to an attack. Such restrictions can be based on an employee's role or on an individual level.
• Update, update, update: The mantra to continually monitor IT systems and keep all software up to date has never been more important. Make sure your business sets aside time on a regular, frequent schedule to install updates on all systems, from back-office computers to web apps.
• Backup, backup, backup: To minimize disruptions, one of the best tools in any company's arsenal is a full backup. Ransomware attacks, for example, include extortion of payment to restore critical customer and internal data. A recent, complete backup can limit exposure to such threats.
• Use standard cybersecurity defenses: Deploying standard cybersecurity technology is just common sense. Firewalls, for example, help prevent breaches and intrusion detection alerts you when there's a threat. Other techniques such as multifactor authentication, which requires two or more credentials to confirm a remote user's identity, are now considered standard, as is the encryption of communications so that bad actors don't intercept sensitive information.

The Bottom Line

The post-pandemic world of cybersecurity has changed the way we will do business for years to come. The increased reliance on connected, online systems has made businesses more vulnerable to cyberattack while encouraging more cybercrime. Companies have to be more strategic, diligent and vigilant when it comes to maintaining best security practices. 

[1] “Cybersecurity: How Do You Rise Above the Waves of a Perfect Storm?”, EY

[2] “IT Budgets to Jump 3.6% in 2022,” CIO Dive 

[3] “CNA Financial Paid $40 Million in Ransom,” Bloomberg

[4] “JBS Paid $11 million in Ransom,” Washington Post

[5] “Number of Data Breaches in 2021 Surpasses All of 2020,” Identity Theft Resource Center

[6] “Cost of a Data Breach Hits Record High During Pandemic,” IBM

[7] “The US is Readying Sanctions,” Business Insider

[8] “BEC Losses Top $1.8B as Tactics Evolve,” Threatpost

[9]“Colonial Pipeline Data Breach Litigations: Where Are We Now?”, National Law Review