COVID-19 has Driven Forward Change in Cybersecurity. Here’s Why.

Sep 2, 2020

The COVID-19 pandemic will be remembered as one of those profound before-and-after era-defining moments that litter history. No doubt we will be spending the next few years unpicking exactly how the world has changed in the wake of it.

We’re already getting glimpses of just how far-reaching the impact will be on business and technology. According to research from Microsoft, the pandemic has triggered a significant uptick in cybersecurity investment, which coincides with a switch in strategic direction in terms of the types of security protocols companies are putting in place.

The reasons why are pretty straightforward to understand. The impact lockdown has had on working practices is well documented. With places of work shut to try to control the spread of the virus, millions of people were asked to work from home. With social distancing measures still a high priority, many have still not returned to the office full time, and may not do so for some time yet – if at all.

In the wake of COVID, remote working looks here to stay. And that has caused the cybersecurity landscape to shift.

The security impact of remote working

Microsoft carried out a poll of 800 business leaders across four countries (UK, US, India and Germany) to ask them what had changed in terms of the digital security threat landscape since the start of the pandemic, and how they were responding to that.

Amongst the headline findings, their data shows that more than half of organisations (58%) have increased their cybersecurity budgets since the start of the pandemic. In addition, an eye-catching 82% said they were planning on adding more recruits to cybersecurity roles, suggesting that companies expect the changes to be long-term.

Given the rapid increase in remote and home working triggered by lockdown, it is no surprise that the biggest challenge cited by respondents was “providing secure remote access to resources, apps, and data”. As Microsoft points out, firms have been used to the majority of staff operating safely behind an office firewall using company devices. While remote working is by no means a new trend, the relatively small numbers of staff operating beyond that familiar cybersecurity bubble pre-pandemic meant the increased risks could be handled without too much trouble.

However, that all changed for companies which, in the early weeks of the pandemic, were only able to keep functioning with all staff members working from home. Domestic WiFi, personal laptops and smartphones, a lack of direct oversight of online behaviours and so on all meant businesses were suddenly dealing with very different, and often much larger threat vectors.

How businesses are responding

The way businesses have responded to this shift is illustrated by what they have been spending their increased cybersecurity budgets on since the start of the pandemic. In the top five cybersecurity solutions companies have invested in this year, Microsoft found endpoint device protections (17% of respondents), VPNs (14%) and end-user security education (12%) – clear evidence that firms recognise the urgent need to make home workers self-starters when it comes to cybersecurity.

Interestingly, the most common security protocol businesses have been investing in is multi-factor authentication (MFA), mentioned by 20% of survey participants. Cloud computing is a cornerstone technology in making home working possible, providing the foundations for remote system access, while colleagues also use platforms like Zoom and Slack to keep in touch and collaborate over distance.

One of the biggest cybersecurity risk factors with cloud systems is poor password management. All it takes is a staff member to use the same password from a hacked email account to get on their work system from home, or reset their password on a device with malicious tracking malware installed, and cybercriminals have what they need to trick their way in impersonating a known user. Put simply, passwords just cannot be trusted to protect sensitive systems accessed from home, which is why we’re seeing MFA adoption increase.

Beyond access and authentication, the pandemic has put cloud security in general at the top of the pile when it comes to where firms are focusing their cybersecurity energies. More than a third (39%) of companies Microsoft spoke to expect cloud security to be their biggest investment focus to the end of 2020. This also suggests a shift away from viewing cybersecurity as a standalone discipline served by over-the-top solutions. When we are talking cloud security, we are talking integrated protocols built into applications themselves.