COVID-19 reinvented the attack surface for cyber threats, giving rise to new actors and new avenues for cyber attacks. This article discusses an approach towards cybersecurity which suggests looking at it as an ongoing game every day. There are no solutions that fit all threats and each company needs unique and targeted protection mechanisms.
Although we have seen people transitioning to work from home for the past few years, the pandemic is unique in the way it forced a massive shift rather than over the course of several years. Rather than use secured networks in the office, people are relying on their home wifi. This creates a much larger attack surface and introduces weak links into the network.
Large-scale attacks can significantly hurt customer trust and thus business, in a time where companies are already at a higher risk for going out of business. Many companies are not adequately responding and are not prepared for the rising threats. However, the pandemic actually provides a good opportunity for companies to evaluate their current systems, strengthen them, and create new resilience plans.
One way to begin this process is by investing in security teams and building these teams to take initiative against potential leaks. Another part of the processes is to an evaluation of the current system to better understand the attack surface and increase the use of threat modeling. The goal of threat modeling is to help anticipate an adversary’s move and create a targeted response plan so that employees are better prepared for an attack. Another important component is to update old systems in order to shrink the attack surface. Giving teams adequate resources to audit, patch, and develop new protocols will also speed up the revamping process. This ensures that they are best set up to find holes and resolve them efficiently.
The article ends by sharing the ways in which the speed up due to the work from home transition can be considered a positive thing in forcing companies to improve the robustness of their security systems, which eventually would have to have been done anyway.
