13 August 2020

Keeping your business cyber-secure in the ‘new normal’

Smart Living

by Chris Cowan

To say that keeping business secure in 2020 has been nothing short of a struggle is arguably a huge understatement. As workforces adapt to a new way of working and criminal actors seek to take advantage, how brands of all shapes and sizes react when it comes securing their systems and keeping all their stakeholders safe is of paramount importance.

We spoke with leading brand experts from across the globe to get their perspectives on the challenges facing the cybersecurity industry in a world adapting to Covid-19. We also asked them about the growing role of marketers in the cyber landscape as security brands and services look to grow their presence in an increasingly values-based society. Our panelists include: Naina Chaudhary, Action Global (UAE), Rosa Gómez Acebo, Be Confluence (Spain), Silvia Hänig, IKOM Strategische Kommunikation (Germany), Ishneet Sachdeva, Kommune Brand Communications (India) and Mixology Communications’ own Chris Cowan (UK).

  1. What can the cyber security industry learn from Covid-19 disruption? Where did the industry excel and where did it underperform?

UK: With sudden, dramatic increases in threat surface areas, reports show a 600% rise in phishing attacks. The security community does a great job of talking to itself, as was certainly the case during lockdown. But spreading awareness to employees-at-large continued to prove challenging for many companies. This needs to change.

UAE: In our increasingly virtual world, data safety and security are priorities for individuals, companies, and nations. With Covid-19 disrupting traditional ways of office working, the need for stringent and robust cybersecurity measures were instantly amplified. To succeed in the post-Covid-19 era, technology providers must rethink their strategies and product offerings to accommodate the new security landscape. And they must continue to monitor customers’ needs and adjust business continuity, service, and training accordingly.

Germany: A lot of companies have observed a spike in phishing attacks, Malspams and ransomware attacks as attackers are using Covid-19 as bait to impersonate brands thereby misleading employees and customers. Not only are businesses being targeted, end-users who download Covid-19 related applications are also being tricked into downloading ransomware disguised as legitimate applications. Organisations are advised to update their business continuity plans and remote working policies whilst prioritising cybersecurity during their post Covid-19 re-strategising process.

Spain: Industry and businesses have faced fast changes due to Covid-19. Smart working and telecommuting are already a reality. Businesses have learnt that applying simple solutions such as enough bandwidth or VPN with IPsec can solve 90% of problems, it’s the same with managing the identity and the access of their workers, controlling connections from mobile devices, or creating a company app. The industry has learnt that the same measures the business took for the workplace, (Wi-Fi passwords, firewalls etc) must also be applied in employees’ homes. 

Next, the industry needs to work on the cybersecurity of cloud servers. With more people connecting remotely, security must be increased, with network access control and the remote endpoints. 

India: While Covid-19 has not spared any nation or organisation, a valuable learning has been that the world is extremely susceptible to disruptions of gigantic proportion that can bring businesses to their knees. A Covid-19 pandemic of today can be an environmental tipping point of tomorrow. While most organisations have smoothly embraced a work-from-a-remote-location scenario, there has been a 4,300 percent increase in coronavirus-themed spam since February 2020 (According to IBM X-Force Survey). Hence, the need for effective cybersecurity technology cannot be overstated.

  1. Where is the next biggest security threat coming from and how can companies improve their resiliency?

UK: Many companies have already unleashed a shadow IT nightmare by leaving employees to their own devices (literally!) during Covid-19. Time is ticking to share best security practice. Most employees have good intentions but downloading and using software not deemed ‘secure’ is just like leaving the backdoor open for unwanted visitors.

UAE: The top cyberattacks will stem from phishing attacks, remote worker endpoint security, sophisticated and targeted ransomware attacks, mobile malware, and 5G to Wi-Fi security vulnerabilities. With employees working remotely and the number of devices multiplied in households, businesses must boost data protection spending.

Germany: As businesses have become more reliant on the internet, hacker rewards from cyberattacks have grown greater. Consequently, we are facing more and more attacks of an increasingly varied nature. In 2019 alone, more than 6.6 billion malware attacks were reported. Furthermore, according to Government official statistics, 54% of the UK’s businesses and charities reported a cyberattack last year. And that’s just the ones that have been caught. Now one of the most common types of large-scale cyberattacks, credential stuffing, like phishing, is arguably quite simple. Credential stuffing attacks automate large-scale attempted logins using account information that is sourced from previous breaches. It is not a brute force attack with passwords guessed; instead it’s an educated gamble based on users having the same login details across multiple platforms and accounts.

Spain: It does not matter where from the next threat comes from; the important issue is that the contingency plan works. The pandemic showed us we need to be prepared for anything, cybersecurity plans must be tested before and during the event. Fast solutions could bring fast problems and businesses who are prepared, will also have the competitive advantage, because it is important to remember that the crisis also brings opportunities. 

India: There is increased digital footprint and traffic from unsecured networks. Attacks in the theme of Covid-19 (say fraudulent mailers from WHO or Income Tax Department) have seen a surge. Fake websites have cropped up to seek donations for the underprivileged through email links. All these and more need a robust cybersecurity system that is quick to adopt and scale.

  1. In this new era of connected community and business for good, should marketers be playing a larger role in cybersecurity management?

UK: How a brand communicates, both externally and internally, at all stages of an attack – before, during, after – has huge bearing on customer trust and ultimately survival. Marketers must step up. They’re key to protecting brand image and hold immense sway around educating employees and building an effective ‘cyber culture’

UAE: Media and consumer appetites for this narrative remain rich, so marketers play a crucial role in cybersecurity management strategy. As businesses explore one-stop-shop product solutions, marketers can leverage the narrative and promote customised solutions.

Germany: Yes, they should play a larger role, because being able to detect discrepancies is vital for a company’s security and customer experience, a responsibility that usually lies with the marketing team. If companies just focus on their businesses and processes, marketing targets, like personalised content, could suffer. So, there needs to be a good balance between the security level and best possible customer experience.

Spain: After the Covid-19 impact, the dependency on digital tools has increased exponentially. The business marketing plan must include strict cybersecurity measures. It is important to work with cybersecurity experts, but also with experts in the business, and the marketing team are probably the team with the most knowledge of how the business works. They are also the team who have more familiarity with simple concepts that could make the difference, (control the Wi-FI, create passwords for the employees, update firewalls and antivirus and update the data and create security copies.) There is no doubt that marketing teams must work with cybersecurity teams to avoid data leaks. 

India: Businesses are experimenting with new types of collaborative platforms and software to maintain connectedness. Marketing teams are increasingly working with more complicated software and handling large amounts of consumer data. These can pose an immediate security threat as company and personal information is seeded into these platforms. Hence it is imperative for marketers to be part of all planning for cyber breach and IRTs (Incident Response Teams).

  1. In which ways will cybersecurity change to meet the expectations and demands of today’s values-based society?

UK: Much more must be done to showcase security credentials and competency. Growing calls to introduce wide-reaching cybersecurity kitemarks will certainly be welcomed by a public who increasingly value transparency and authenticity from brands. This is especially true when it comes to the treatment of their personal data.

UAE: It is arguably too early to tell, but one can expect our new normal to pave the way for advanced protection layers on all IoT-enabled devices used by individuals or enterprises. There’s little point protecting laptops and mobiles if hackers can backdoor into personal data or banking information via automated shopping functionality on smart fridges. Consumers expect their data to be protected and the industry needs to find that balance between leveraging data and respecting consumer respect.

Germany: Security should no longer be an excuse for poor user experience. Cybersecurity should be seen and treated in view of improving the cyber reputation of the company as trustworthy and transparent (in terms of data usage).

Spain: We must understand that the valuation of a business is now more digital than tangible. An exhaustive evaluation of the IT and cybersecurity changes due to the Covid-19 must be made. Some solutions could be permanent, but not all of them, these solutions and new ones must be analysed and work for a safer future for the business. Telecommuting would be a reality, the cloud and the internet would in some cases substitute the office, the collaborative tools would substitute the meetings and cyberattacks will multiply. 

When the situation of a society changes, as it has changed with Covid-19, the solutions must be faster, but also useful. The good thing is that the values of the society have not changed that much, so the industry knows them and knows which lines could cross and which cannot. 

India: Connectedness through digital devices has become infinitely more critical to maintain business continuity. As social distancing becomes the new normal, companies are banking on digital channels to communicate with their customers and employees and maintain end-to-end operations. Our new (remote) workplaces are not as resilient to cyber-attacks as office spaces manned by IT taskforce. Cyber tech experts need to only meet the varied needs of organisations today but also prepare for a post-Covid world.

Photo by Vlada Karpovich from Pexels