5 technological lessons left by the pandemic

It appears that with the Ômicron variant and the increase in cases worldwide, it will still take some time to end the pandemic. Given this panorama DigiCert reflects on the lessons learned so far in the technological universe.

Cybersecurity has never been more important

Successful attacks worldwide have already represented estimated global losses between US$ 1 trillion in 2020 and US$ 6 trillion in 2021, according to the International Telecommunication Union. The need for a secure cyberspace has become increasingly important given the growing dependence that people and businesses have on the internet. Institutions that have already been victims of criminals and those who fear joining this statistic seek to be prepared by acquiring more security services and sharing information. The increased demand for cybersecurity translates into sector results. In 2020, the information security market gained US$ 156.2 billion globally, and is expected to reach US$ 352.2 billion in 2026, according to a survey by consulting firm Mordor Intelligence. In Latin America, the sector was valued at US$ 4.840 billion last year and is expected to reach US$ 9.570 billion in 2026. A survey conducted by Fudo Security of a diverse group of senior cybersecurity executives in the United States, Europe, Asia, and Middle East and North Africa found that 42% of CISOs worldwide agree that the pandemic has changed their cybersecurity priorities. In part, the blame is on the increase in attacks using COVID as a hook for their scams. Although progress is being made, the cybersecurity battle is far from over. Unfortunately, as companies return to the office in some form, some issues may persist.

Security in remote work is essential

Millions of people around the world have begun working from home instead of going to offices and other workplaces during the pandemic. The pandemic has shown that this type of work does not reduce productivity and has caused many companies to abandon the resistance they had to adopting it. In a global survey of more than 200,000 people in 190 countries, Boston Consulting found that 89% of people expected to be able to work from home at least some days per week after the pandemic ended. This is a considerable increase from the pre-pandemic rate: only 31% of people had this desire. While working from home has its merits, such as lower costs for companies, this meteoric increase has generated some concerning IT security issues and companies have learned so far:

Cloud transition.Desde la pandemia, se prefieren las soluciones de acceso remoto y las organizaciones están trasladando gradualmente los procesos comerciales críticos a la nube. Sin embargo, depender cada vez más de la nube y crear agilidad en la nube podría crear más vulnerabilidades si no se asegura adecuadamente. Microsoft descubrió que el 39% de las empresas priorizan las inversiones en seguridad en la nube sobre la seguridad de los datos y la información o incluso la seguridad de la red. PKI puede ayudar a proteger la nube y proporcionar autenticación sólida e integridad operativa a escala.
Email identity spoofing.El phishing por correo electrónico durante la pandemia se disparó. Hay una mayor prioridad para capacitar a los trabajadores y prepararlos para reconocer y saber cómo lidiar con las amenazas desde la pandemia y desarrollar las mejores prácticas para el acceso seguro al correo electrónico.
Multiple remote devices.Los dispositivos móviles necesitan su propia protección de seguridad única. Pero al 52 % de las organizaciones les resulta difícil proteger los dispositivos móviles de los problemas de ciberseguridad. Un primer paso crítico para resolver esto es implementar una política efectiva de administración de dispositivos móviles (MDM).
Without cybersecurity in the office.La empresa es más vulnerable cuando su personal no puede utilizar las medidas de seguridad informática de la oficina, como los firewalls. Afortunadamente, con herramientas como Enterprise PKI Manager de DigiCert, puede aumentar la seguridad y proporcionar a los trabajadores remotos acceso VPN seguro.
Password Protection. Los empleados deben recibir capacitación sobre las mejores prácticas de la política de contraseñas y su organización debe implementar la autenticación de múltiples factores. Además, con el personal que trabaja desde casa, pueden verse tentados a compartir contraseñas de trabajo con amigos o familiares para ayudarlos con ciertas tareas laborales. Obviamente, este es un problema de seguridad y debe abordarse con la capacitación adecuada para todo el personal.

Social engineering attacks became more complex

According to the Verizon Data Breach Investigations Report for 2021, social engineering is a primary attack vector for hackers. Threat actors heavily exploited free COVID-19 testing in the past two years. Scammers have used social engineering to trick users into providing a mailing address, phone number, and credit card number with the promise of charging 25 cents to verify their information and qualify for a free COVID-19 test offer. The offering of false and "government-approved" cutting-edge technologies to fight COVID and take the temperature of nearby people tricked users into downloading malicious applications on their smart devices that threat actors exploited for nefarious activities. For this reason, it is important that users be aware and not click on links from social media and be alert to fraudulent emails that request clicking on links or revealing personal data. It is always important to verify the legitimacy of the site in question, whether by looking beyond the lock and checking its TSL/SSL certificates.

Focus on automation and efficiency solutions in the security market

As organizations worked to keep the lights on and examine the bottom line, there was a resulting push for efficiency in security technologies. There was also an emphasis on technologies that enabled organizations to do more with less, and automation played a significant role in terms of security innovation. Investments in security focus on immediate value, quantum computing continues to advance. Given that quantum computing allows tasks to be more efficient, organizations prioritize its continued development.

The new normal

This situation resulted in an increase in travel and a transition for workers to return to the office, which led to attacks against them."Scammers looking to take advantage of the new normal aimed at travelers eager for vacations, who search for good deals online or by email. Phishing attacks were the chosen tool and scammers successfully took advantage. For this reason, it is important to be careful when browsing, whether on websites, social media or applications. It is recommended not to open or download files from suspicious or unknown websites or click on any links sent through social media or messaging applications. Another tip is to keep devices with updated antivirus software," said Dean Coclin, senior director of business development at DigiCert. Telehealth providers opened themselves up to cyberattacks on an unprecedented scale. The value of a single health record is high, and this became an increasingly larger target for scammers seeking to exploit this situation. Healthcare providers must rush to set up systems and keep up with telehealth appointments, while hackers seek soft and high-value targets. For this reason, protecting patient information is a high priority in healthcare today. By not encrypting communications from one networked medical device to another, a hacker could steal the login credentials of a healthcare employee, log into a hospital's connected ecosystem, and exfiltrate PII, which sells at a higher price on the black market than credit card credentials. These data breaches are time-consuming and can be financially devastating for a healthcare organization.