Enhancing Cybersecurity Capabilities During Covid-19 and Beyond

Gregory Garnier, Partner at Bain & Company Middle East and Syed Ali, Expert Partner at Bain & Company Houston, United States explains how the pandemic has created more remote workers and, as a result, more attackers who seek to take advantage of that.

While the Covid-19 pandemic hit its peak, businesses across the globe had to make drastic changes to survive. Owing to difficulties in arranging personal meetings and the inability to work with physical documents, most organizations adopted technological innovations and went digital.

Not only did the pandemic force most companies to embrace the new digital era, but approximately 70% of the companies rolled out work-from-home (WFH) for their employees. This included increasing network connectivity to allow more people to connect simultaneously, shifting select workloads to the cloud to make access easier and faster, adopting new collaboration and productivity solutions like Zoom and Slack, and deploying devices like laptops along with peripherals. Unfortunately, while companies scrambled to keep their workers productive, there was a significant rise in cybercrime.

Even before the Covid-19 pandemic, few organizations had mature cybersecurity capabilities that could meet the mounting challenges posed by attackers. Research by Bain & Company in the fourth quarter of 2019 found that executives at many companies overestimate the effectiveness of their cybersecurity and lack the strategic capabilities essential for a robust posture. Instead of increasing cybersecurity, over 40% of large enterprises made moderate to significant reductions in IT budgets, and about 20% cut their security spending. This made it easier for malicious entities to launch attacks with a greater frequency and intensity on remote employees and other corporate assets. Security teams have seen more attempts at intellectual property theft, particularly since late January 2020. APT41, a prominent cyberthreat group, reportedly targeted companies across industries in the US, UK, Canada and parts of the European Union and Middle East using recently disclosed vulnerabilities in major vendor systems. This was one of the broadest campaigns in recent years, and its aim was long-term espionage and surveillance.

With the digital ecosystem expanding almost daily, it is essential to protect customer information, intellectual property, sensitive communications and other data generated online. Organizations should take two sets of actions against cybercrime, the first to neutralize the threats to all companies that have adopted digital technology and the second to position themselves for the evolution of how work gets done after the pandemic. A multidisciplinary task force is the most effective way to tackle WFH threats and improve resilience during the pandemic. The chief security officer should lead this effort, along with informed leaders with decision-making authority from various parts of the business, IT and cybersecurity, as well as audit, risk, compliance functions, legal and HR.

The task force should begin by characterizing groups of remote workers and partners based on their business role and level of access. All groups should be covered by a common set of modern security technologies and processes. However, high-risk groups, like the top leadership who perform mission-critical functions or employees that have the deepest system access such as DevOps teams, system administrators and application developers, need a robust complement of security.

Additionally, to avoid hacks, companies must also consider revising software and hardware technology standards, such as minimum specifications for employee-owned laptops, and lists of approved USB, HDMI and Bluetooth peripherals for remote workers. Strong cybersecurity involves much more than implementing technology. Companies should perform ongoing activities like adjusting technology standards and offering security-awareness training that help maintain a security baseline for remote work. Finally, companies must also reevaluate the full complement of security capabilities as they permanently adjust operating models for the post-pandemic world.