by William Dixon and Maninder Singh*
COVID-19 is changing everything. Along with social distancing, obsessive sanitisation, broken supply chains, fragmented workforces and the rise of video meetings, the pandemic is driving acute systemic changes in consumer and business behavior. These changes are causing an outbreak of new and unanticipated business moments. The resolve to transform is palpable.
Businesses know they must rapidly innovate, take advantage of new digital tools and leverage cloud services to emerge from the crisis ahead of their competitors with momentum for the long-term transformation of their business in the altered global landscape.
This innovation is good news, but it is coming at a cost. As digital spreads its roots deeper, it also increases the risk and impact of cyberattacks.
The World Economic Forum’s COVID-19 Risks Outlook found 50% of enterprises were concerned about increased cyberattacks due to a shift in work patterns alone. These concerns are merited. Hasty and unplanned decisions related to digital transformations will add substantially to the spate of cybersecurity issues.
Cybersecurity matters even more given the increased dependency on digital infrastructure to ensure collective resilience. Many of the industries which are transforming serve critical functions – and a break in their supply chains could affect the movement and availability of life-saving drugs, components, equipment and raw materials.
The COVID-19 pandemic is driving technological transformation in three key areas – and there are three steps leaders must take to secure them.
3 key technological transformations facing cyber risk
Technological transformation will continue during the pandemic and long after. The challenge for global security is that this large-scale, unplanned digitisation is supported by nimble but relatively immature business models and operations.
We see this in three key transformations:
-Virtual Retail. Retailers want solutions that address the safety of their customers. They are willing to invest in advanced technologies like augmented reality, computer vision, sensor fusion, chatbots for recommendations, cashless transactions and receipts delivered by email so customers can “virtually try” clothing or bag their purchases and simply walk out of the store with zero human contact. The retail sector, even before the pandemic started, was the most heavily targeted sectors by cybercriminal groups, and will have a newer digital attack surface to defend.
-Digital Education. The education sector is redesigning delivery by adopting technology to address the changing learning environment. If education providers can overcome the challenges, virtual schools could become the “next normal,” with traditional approaches marginalised permanently. After the pandemic, 262 million children out of school in low- and middle-income countries could receive an education despite the shortage of qualified teachers and infrastructure. This may also narrow the digital divide among the poorest regions and most underprivileged societies. Now, it’s important to secure the millions invested in virtual schools.
Robotics and Healthcare. The healthcare industry is deploying robots to disinfect hospitals, handle lab samples, dispose medical waste and monitor isolation wards without human presence. Until now, this has been largely demonstrative, but robots have proven their value and hospitals will continue to use them to perform complex surgical procedures by specialty physicians. However, concerns are already mounting about their cyber vulnerabilities.
-These three trends represent a revolution in terms of how people connect to resources, creating an even more connected world. But they are also low-hanging fruit for cybercriminals. This is especially true because, at an ecosystem level, cybersecurity resources are still not available at scale, and remain concentrated in the most well-resourced and mature markets.
3 steps leaders can take to address cybersecurity challenges
Leaders must start taking a systemic approach to security while also transforming their businesses.
For leaders tasked with securing their businesses from both market forces and cyberattacks, the approach needs to be timely and staged in three phases:
-Immediate Term (0 to 3 months): Offices are empty, and businesses and employees are adapting to the new mode of working. To keep enterprises running, businesses must secure remote access and collaboration services, step up anti-phishing efforts and strengthen business continuity. Businesses need to establish a culture of robust cyber hygiene, by providing resources to the workforce and managing access and monitoring activity on critical assets.
-Near Term (3 to 6 months): Not all organisations understand their security posture and the effectiveness of security controls. As a result, they don’t make the right decisions or prioritise the correct actions, which leaves the enterprise open to attack and compromise. Securing end users, data and brand is the next priority. As the number of cybersecurity threats has increased, chief security officers and their teams are also benefiting from an increase in prioritisation. Budget rebalancing will be inevitable as other projects are put on hold to safeguard organisations and invest more in security.
-Medium to Long Term (12 months): Cybersecurity strategists should now think longer term, about the security of their processes and architectures. They should prioritise, adopt and accelerate the execution of critical projects like Zero Trust, Software Defined Security, Secure Access Service Edge (SASE) and Identity and Access Management (IAM) as well as automation to improve the security of remote users, devices and data.
COVID-19 is changing the technology culture and infrastructure of every medium-sized and large organisation faster than any known event or phenomenon. This means changes will continue coming – and hackers will continue to target our growing dependence on digital tools. Businesses that focus on a return to “near-normal” will be investing time, effort and money in a battle long lost.
The pandemic presents an opportunity for full-blown innovation, a dramatic shift in perspective and the adoption of safe and resilient operating processes. The intensity and emphasis an organisation brings to its cybersecurity strategy will determine if the opportunity adds to bottom lines – or turns into a business disaster.
*Head of Future Networks and Technology, World Economic Forum and Corporate Vice President & Global Head, CyberSecurity & GRC Business, HCL Technologies
**first published in: www.weforum.org