2 years later: 7 facts on how Covid-19 has affected global cybersecurity
Covid-19 affected organizations of any size
Covid-19 has affected every organization, from a family business to a large enterprise. In almost all cases, we have seen that most employees work from home. This in itself meant expanding the corporate network to home offices. To ensure security, organizations needed to provide each employee with the same level of security that they would have if they worked in an office.
To this it should be added that every day of work from home was "the day when you need to bring the children to work." When this happened in the hard times, children used the corporate network not for studying, but for surfing on social networks and gaming, which could compromise the network without even suspecting it. This left gaps in home networks that were more susceptible to attacks. After all, it is likely that parents have ever taken corporate security awareness courses, and children most likely have not.
Cybersecurity is much more than just a technology. When it comes to protecting your network, we must not forget about the human factor
The human factor is crucial for cybersecurity. Your network needs to be secure, but people in your organization need to have proper security training so that your network can be called truly secure. Organizations should understand that if, for example, they have 3,000 employees, then this is 3,000 potential gaps in their network.
At Fortinet, we are seeing a high demand for end-user-oriented training. We are not talking only about the IT department, but rather about the people who work in the organization as a whole. They need security training and positive reinforcement so that cyberspace awareness becomes part of the corporate culture. There are some great solutions that cover the basic information about phishing attacks and ransomware that your employees need to know. Some of them, such as those offered by Fortinet, are completely free for organizations.
The model of working from home or hybrid work helps to increase the number of employees, but there are still not enough people in the industry to fill the gap in cybersecurity skills
Along with technical skills, communication and collaboration skills are more important than ever. Last year, organizations from many sectors and countries were forced to work 100% remotely, without the creative environment that a face-to-face brainstorming session naturally creates. If a person has these soft skills, he has a much better chance of success.
Regardless of the ability to hire employees around the world, the cybersecurity industry still needs a much larger number of professionals to bridge the gap of 3.12 million required cybersecurity employees, as outlined in the ISC study. The Fortinet NSE Training Institute and the TAA Initiative help our clients and partners recruit qualified professionals through various programs, including an educational program with a focus on women, veterans and non-profit organizations working to attract people to the industry, train them and are certified so that they can enter the field of cybersecurity. There is also our Security Academy program, which is focused on working with educational institutions around the world and aims to include cybersecurity in curricula.
Cybersecurity jobs are not just for engineers
When we think about roles in the cybersecurity industry, we tend to focus on technical roles. But, as in other industries, cybersecurity organizations require a variety of employees. In addition to technical and non-technical roles, there are vacancies for entry-level, intermediate-level and even management-level positions. Every department needs qualified specialists, and every person in the organization is responsible for the success and safety of the organization.
The Board of Directors is primarily responsible
While each employee has a role to play in ensuring cybersecurity, the Board of Directors has primary responsibility. According to the Principles and Tools for Enhancing Cyber Resilience of the World Economic Forum, "The Board as a whole has full responsibility for overseeing cyber risks and resilience." Depending on what industry you work in and what types of cyber attacks your organization is most vulnerable to, your information security director may report at different levels in the organization. If a cyberattack can harm your organization, then your information security director should have a direct line of reporting to the CEO with a direct channel of communication with the board of directors.
Cybersecurity is constantly evolving and adapting
Attacks are becoming more sophisticated and frequent. The Fortinet 2021 Global Threat Landscape Report reports a 10.7-fold increase in the number of ransomware programs over the past 12 months. The report says that these threats have not only become more widespread, but have also become more destructive due to attacks that have damaged the supply chain of companies such as Colonial Pipeline and JBS.
The good news is that cyber solutions are also evolving. We are seeing a surge in the introduction of machine learning and artificial intelligence. Since the number of attacks is growing at such a huge pace, we cannot rely only on people who monitor new incoming threats.
Advanced security Awareness techniques matter
The most important thing that employees working at home should realize is that they are an extension of their company's network. And if you are part of the network, you can also become a potential entry point for intruders. A good password policy is just as important at home as it is in the office. As well as ensuring the safety of the workplace. This means that you should not allow other family members to use your work devices and should not leave confidential information in front of others.
The Fortinet 2021 Global Threat Landscape Report states: "However, an even greater concern for corporate security programs is the possibility of attacks from the home network of a remote employee. Think about how many devices are between an employee working from home and the corporate applications and data needed to do his job. Now think about what attackers can do if they compromise these devices. You can be sure that the attackers are also thinking about it."
Organizations also need to actively invest in security training services and extend them to all employees, but especially to those who work from home. Employees should understand what attacks look like, what forms they can take, how complex they have become, what are the consequences of an attack and what should be done if a person suspects that he has become the target of an attack. People working from home should also make sure their families have a basic understanding of cybersecurity.