One year ago. The pandemic hit. And if you think about it, in many ways the world has been upside down ever since. So what have we learned during this time and how does it affect us moving forward - in cyber and other critical areas? Have we "jumped into the future," doing many things now that we thought were coming in 5–10 years?
In one year the pandemic has transformed just about every part of our lives. From a technology perspective, advancements that were “in progress” – like telehealth, remote work, retail/online ordering, remote learning, distance education, virtual training – were thrown into hyperdrive. Office workers, front-line workers, and people in education, health care, hospitality, transportation and retail were quickly forced into new spaces where technology will have a big impact. Developments we thought were three to five years away are here now. And those advancements directly impact cyber security.
What does that mean to all of us in cyber?
The virus has impacted cyber in a major way. According to Security Magazine, during the pandemic, “cybercriminals ditched many of their old tactics, placing a new emphasis on gathering intelligence, and exploiting and preying upon fears with targeted and sophisticated attacks.” There was “a notable shift in the devices targeted and strategies deployed by cybercriminals.” Though there is talk of a return to “normal,” it’s clear that many of the changes we’ve experienced in cybersecurity will become permanent.
According to VentureBeat, for those of us in cyber the immediate impacts include real-world supply chains that are vulnerable to cyberattacks . Touchless commerce means QR codes are now the fastest growing threat vector, cyberattacks against managed service providers (MSPs) are growing, and attackers can compromise the software supply chain and modify executables (see the Solar Winds attack analysis from CYRIN newsletter #12, January 2021). Social engineering can compromise social media platforms; bad actors turned health care records into best sellers, Cloud security misconfigurations are the leading cause of cloud data breaches, and we now know that Infrastructure monitoring is essential for identifying anomalies.
Telehealth means more online access for patients to the hospital IT systems. Hybrid schooling means more access to schools’ IT systems by educators and students. Remote work creates new vulnerabilities for businesses. Pretty much every industry is facing challenges due to adaptations made as a result of the pandemic. More technology means more consumers interacting with more devices and more suppliers interacting virtually with vendors. More interconnectedness. More entry points for cyberattacks. And more need to train – and retrain – your workforce, virtually most likely.
“This past year has taught us that cybercriminals are increasingly formidable, planning long-term, strategic, and focused attacks that are sometimes years in the making. 2020 continued to show us that no company is immune, and there is no such thing as ‘safe enough,’” said Marcin Kleczynski, CEO of Malwarebytes.
Dan Lohrmann made some cybersecurity predictions for 2021 ushered in by the changes in how we work due to the pandemic:
As we rush into a new era, we create the need for new skills. New technology such as the Mobile Internet, Artificial Intelligence, Virtual and Augmented Reality, Cloud Technology, Internet of Things, Advanced Robotics, Biometric Technology, (think drop passwords and use voice, eye, hand, signature authentication), 3D Printing, Genomics, and Blockchain – creates the need for new skills, new training. And some experts predict there will be a skills shortage with lasting impacts from the pandemic generation, similar to those that marked Great Depression and World War II generations, with broad but hard-to-predict effects that will affect society for decades to come.
Companies and individuals must remain vigilant. And this involves making sure your cybersecurity force is as trained and as prepared as possible. More advancements, more bad actors, and more vulnerabilities due to remote work forces and the Internet of Things demand that companies make every effort to upskill and reskill and retrain workers with real training. Leaders need to ensure that their workforce has the skills and training needed to adapt and thrive in this new environment.
In a recent issue of Fast Company, deputy CEO and chief people and purpose officer for Deloitte Global, Michelle Parmelee, said “If this year has taught us anything, it’s that learning—at school and at work—will never be the same. Already, it’s more digital and individualized, less fixed and face-to-face. And while it may be tempting to fight these changes and instead hope for a return to normalcy, the truth is that things were already trending this way.”
In a word, Yes. One of the things we try to do at CYRIN is start to integrate people into the process. The process means always training and trying to stay up-to-date with your certifications but, most importantly, with your abilities. All the degrees and certifications don't mean anything if you can't do the job.
What this pandemic has laid bare is the need for “re-skilling” or effective training. Very often organizations and their staff members receive theoretical knowledge and no practical skills at all. Theoretical knowledge has to be complemented by exercises that will help consolidate new skills.
At CYRIN that's why we offer "hands-on" training. That means instead of listening and watching you actually get into a lab, use a tool, or find out the proper way to investigate the cyber security problem.
We help prevent attacks and if you have the unfortunate incident and you do get hacked, we have forensics training that will help you analyze your system and understand at a deep level what went wrong and how to protect yourself against future attacks.
It’s all here. You just have to use the tools. If you think training is expensive or time consuming, consider the alternative. Contact us now – and you might be part of the group that says – we missed that one. We’re fortunate that our training was up-to-date, that our staff and systems were ready. Situation normal, we’re open for business.