COVID-19-triggered threat changes will linger beyond crisis, say most security pros
The coronavirus pandemic has triggered a wave of cybersecurity threats in a variety of industries – and security professionals predict that there will be no return to normality.
In advance of its now-virtual USA conference, the security event series Black Hat found that 94% of current and former attendees believe that COVID-19 increases the cyber threat to enterprise systems and data.
"Cybersecurity experts have serious concerns about the huge changes affecting IT infrastructure and data security around the world, including US critical infrastructure and their own enterprise networks," wrote Black Hat representatives in a report this month detailing the results of the Black Hat USA Attendee Survey. "They also raise serious concerns about the integrity of this fall’s U.S. presidential election.
"And most of the respondents to the 2020 Black Hat USA Attendee Survey are worried about the state of the cybersecurity community as a whole – and about their own states of health and mind," report authors continued.
WHY IT MATTERS
Respondents to the survey, which Black Hat has conducted every year since 2015, include top executives, chief information officers, chief information security officers, chief information technology officers, security specialists and researchers from a range of industries.
The experts point to changes stemming from the need to social distance as a source of potential threats, with 72% saying they were concerned about quarantined home workers breaking policy and exposing systems to risk.
Two-thirds, meanwhile, said they believed current remote-access systems were "never built to carry such a level of secure data."
"Increased phishing and social engineering threats also rank highly" among COVID-19-related security concerns, report authors noted.
"Security experts also predict that cyberattackers, seeking to take advantage of a rapidly restructured line of communications, will continue to launch many new exploits that leverage the crisis," they added.
According to the survey, 84% of respondents believe that changes to cyber operations and threat flow will linger after the coronavirus crisis passes.
“I think that this pandemic will change the way we work, socialize, and communicate because we will feel more comfortable communicating online instead of in-person,” said one respondent, according to the report. “Even when we get back to ‘normal,’ we will feel more comfortable using technology for most things than we did before. As for cybersecurity, we will be at greater risk.”
THE LARGER TREND
The massive societal changes ignited by the pandemic also brought forth renewed cybersecurity concerns, particularly in the healthcare industry as attacks ramped up.
The rapid rollout of telehealth services, for example, prompted security experts to call the coronavirus crisis "blood in the water" for bad actors.
"Any time you make a change to an IT environment, you have the potential to increase risk," Andy Riley, executive director of security strategy at the managed-security-services vendor Nuspire, told Healthcare IT News. "When you introduce rapid change, that potential goes up rapidly."
The development of contact-tracing apps, too, has sparked debates around the best ways to protect patient privacy while promoting public health. Multiple senators on both sides of the aisle have put forth legislation to mandate best practices around these apps.
Still, many people say they won't use them.
ON THE RECORD
"The rise of the global COVID-19 pandemic has made a huge impact on the cybersecurity industry, just as it has in other industries. A majority of cybersecurity professionals believe that the risk to enterprise data is greater than ever, particularly in remote access systems during the quarantine," said the Black Hat report authors.
"While cyber threats have been growing in volume and sophistication in recent years, most security professionals believe that the radical shift toward remote access is creating unprecedented risk for sensitive data," they said.
Security in the COVID-19 Era
This month we look at how the COVID-19 pandemic is fundamentally changing healthcare organizations' approaches to security, now and in the future.
Kat Jercich is senior editor of Healthcare IT News.
Healthcare IT News is a HIMSS Media publication.