The business landscape as we know, has changed significantly over the past few months due to COVID-19. With the virus continuing to cause worries, many businesses will be using the final months of the year to look back in the year to see how their organisations have adapted to the changed business landscape and if their strategies need a change.
I caught up with Richard Starnes, our expert on Cybersecurity, to understand how the agenda for cybersecurity has changed over the past few months, how businesses have adapted and what lies ahead. This is what I learnt.
How has COVID-19 pushed your portfolio’s agenda and which sector has made the most progress in this regard?
COVID-19 has brought about a dramatic change across the globe. Extremely disruptive in both personal and economic terms, the effects of the pandemic are both short and long term. Many organisations, either because of the nature of their business or their ways of working (or both) have struggled to adapt to our new reality. Others have transitioned seamlessly to the new ways and working from home almost overnight. Some have put in place temporary measures, which they will reverse out of, or which they need to make more sustainable for the long term.
One such measure would be re-aligning budgets and ensure security provisions to be able to work from home. The degree of adaptability of businesses to be able to work from home would depend on the company’s ability to adapt at speed onmass. What we have noticed is that many organisations across the UK already had a strong programme in place for remote working, but COVID 19 has pushed them to adapt at a scale that was not imagined and this has made various organisations prone to vulnerabilities like cyber-attacks and compromised security measures.
With the outbreak of COVID-19 came a new wave of cybercriminal opportunists, motivated by the sudden increase in attacks surfacing as the global workforce transitioned to a largely remote operations model. We have not only seen the number of attacks increase significantly, but also their speed and scale. Threat actors have focused heavily on issues related to the pandemic to launch attacks such as phishing, ransomware and malware as well as exploit the increased reliance on home networks and IoT devices in the lockdown period.
Also, many organizations have business continuity plans (BCP), but it is obvious the impact of a global pandemic like COVID-19 was not considered in many BCPs. With the widespread impact of the COVID-19, organisations have needed to re-visit their BCPs and incident response plans specially to feature such occurrences that can have an impact on critical elements of the business at the same time. To be prepared, a revised risk assessment should be conducted, on a regular basis, on critical processes to identify the various options in ensuring these processes can still be maintained at an acceptable level of risk to the business.
What has been the most unexpected outcome of COVID-19 for your portfolio area?
The most unexpected outcome has been the speed and agility at which businesses responded to the changes in their environment. We have seen an unprecedented amount of change over the past 10 months, which has seen many organisations recognising the need to accelerate their digital transformation journey. Digital strategies have become even more essential tools in commercial and business models
What skills are coming to the fore in your portfolio area as a result of COVID-19?
No one could have predicted the widespread and the long-lasting impact COVID-19 has had on businesses across the world. The almost overnight transition to remote working forced unprecedented changes, blindsiding thousands of organisations. In adjusting to the impact of COVID-19, digitally determined organizations have prioritised cybersecurity, digital innovation, process automation, and artificial intelligence. With a focus on cybersecurity, we are seeing the following skills see a soaring demand:
- We are seeing a shift towards redefining information security management systems because they change the way the companies do business.
- We are also leaning towards people with strong skill sets in remote working, as well as skill sets in the area of social engineering.
- COVID has accelerated the need for AI, reflective of the increased amount of data that analysts need to process. Traffic has now pivoted from corporate infrastructures, to coming from the home as employees connect to VPNs. There is a real vulnerability here with the infrastructure; however, AI can help filter out this noise so that analysts can get to actual attacks.
What has been the most significant sustainable impact of COVID-19 related to your portfolio area?
The biggest change due to COVID has been the move to working from home. While that may change how some organisations work, people will come back into the office eventually; however, the frequency of meetings will be impacted quite a bit. Mid-level to senior management would continue to want face to face contact; however, there could be less requirement for young people to return to the physical office space. This could threaten the social and professional development for the next generation.
Remote working also has an impact on recognising deep fake technology. Deepfake—a combination of the words ‘deep learning’ and ‘fake’—refers to an AI-based technology used to create or alter images, audio, and video resulting in synthetic content that appears authentic. This can range from replicating a voice over the phone—to portraying an accurate resemblance on video. It can be altered in real time or recorded media. With the world more connected by digital media and the costs for creating deep fakes slumping dramatically, this emerging technology poses a serious risk to any organisation. Working face to face with colleagues allows to you learn the nuances of people’s interactions but this can easily be tampered with as we continue to work from home. One example of that can be that those who have not met before will struggle to recognise AI-generated individuals which maybe countered somewhat, if you know the person you are meeting virtually and are able to cross check their identity to be sure.
Meet the expert
Expert in Cybersecurity