Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Ran Shahor
Ran Shahor
Connect Directly
E-Mail vvv

Long-Term Effects of COVID-19 on the Cybersecurity Industry

The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.

Experts have written much in the last couple of months about COVID-19 and its impact on cybersecurity. From ensuring colleagues can work from home securely to defending geopolitically fueled cyber exchanges, dealing with COVID-19 has dominated the consciousness of the cybersecurity industry. 

All of this is important to deal with but is largely reactionary — that is, the issue is in front of us today. But what about the long-term view? Is it time to think about what COVID-19 means for cyber in the years to come?

I believe the answer is "yes" — but not in the way you might expect. In my mind, the long-term view of cybersecurity can be boiled down into a single word:  flexibility.

The Big Picture: Cyber Defense Is One Piece of the Puzzle
Let's take a step back from cyber and look at the world around us. COVID-19 is changing the way in which we do business and the way in which we live our lives. It is affecting the way we interact with the environment and with each other. For example, in our day-to-day lives, we have seen cash transactions disappear while online deliveries are booming. Even when shops open, they are set to be little more than window dressing, while restaurants have become well-appointed delivery kitchens. Transportation may never be the same again. Entertainment and sports are now consumed digitally almost exclusively.

From a business perspective, this means some industries are struggling and may even disappear, while entire new sectors are being created from scratch. Offices are closing, in some cases permanently, while IT departments scramble to transition their centralized key assets to a more accessible cloud delivery model. Communication and teamwork now require a completely new set of skills and technologies. In terms of the workforce, record levels of government intervention and furlough schemes have shifted the fabric of society beneath our feet.

A Unique Opportunity
For those of us in cybersecurity, this maelstrom of change presents a unique opportunity to tear up the "security-as-a-blocker" stigma, and instead become enablers. The world has been hit with an evolutionary event — and if we think about businesses it is no longer survival of the fittest, but survival of those who can adapt the fastest — and also the most securely.

When a company is facing existential decisions over its business model to adapt to a post-COVID world, cybersecurity should not — indeed cannot —afford to get in the way. Instead, we need to ensure we can operate in an agile way, and adapt to whatever the world and its new ways of life entail. In practical terms this may mean several changes — for example, forging stronger relationships across the organization. This will help us to better understand what may be a rapidly changing business as a result of COVID-19, and to make sense of the critical assets and risks that underpin it. On the technical front, as another example, adopting a DevSecOps approach can introduce security at an earlier stage of the application development life cycle. Again, this serves to bring security closer to the business objectives. 

Cybersecurity as a Business Enabler
But this isn't just about taking the opportunity to reposition cyber away from being a "blocker." There is also an important message here to deliver to our organizations about cybersecurity as an active enabler. Yes, it's true — those businesses that adapt to a post-COVID world may thrive… for a short time. However, those that can adapt securely will be well positioned for sustainable competitive advantage, leading to long-term success.

To achieve this, there are practical steps that cyber teams can take now. COVID-19 represents an opportunity to reach out across the organization, such as setting one-on-one time with stakeholders in different business functions, outside the usual risk reporting lines. Ask about their world and how it is changing, and what they expect the major trends and business moves to look like post-COVID. While building relationships is always beneficial, this should also be an opportunity to ensure that cybersecurity can contribute from the outset.

Next, security teams should be ready to add flexibility into their assessments. The rapid pace of change brought about by COVID-19 will introduce vulnerabilities into the business logic, the technology, and the people that work within the organization. We can't stop the business while we fix everything — so we must be ready to adapt.

In summary, while the long-term COVID-19 outlook and what it means for the world is unpredictable, this, in fact, leads to clear security advice that we can all start with today: Be more flexible.

Related Content:

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

Ran Shahor is the CEO and co-founder of HolistiCyber. He is a Brigadier General (Ret.) who founded the leading-edge cybersecurity program of the Israeli Defense Forces Intelligence branch. After 27 years of service, Ran had multiple leadership roles in the private sector. ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
6/24/2020 | 6:49:42 PM
A great read
I'm used to everybody being so concentrated at barely keeping the head above the water and living the here and now without thinking about the future.
It's great seeing someone putting the effort to think about the longer-term issues.
It's always valuable, and especially so in such trying times.
User Rank: Ninja
6/24/2020 | 12:06:32 PM
Re: Insightful Covid 19 Cyber security post
Quite smart of your COO. I think in times like this what is most appropriately needed is direction from the top. Many private organizations as well as sections of government have failed in this regard. To define a path forward. Otherwise the masses are just marching in the dark.
User Rank: Apprentice
6/24/2020 | 4:47:57 AM
Re: Pending Review
I hope so
User Rank: Author
6/23/2020 | 4:48:41 PM
Re: Insightful Covid 19 Cyber security post
Thanks for your comment.

I would be glad to have this dialogue .

I could be reached at: [email protected]

Best Regards
User Rank: Apprentice
6/22/2020 | 2:53:41 PM
Insightful Covid 19 Cyber security post
Great post with a lot of good insight for practical Covid 19 steps. I think using this time to schedule one on one meetings is especially important. With c-suite execs having events postponed and travel plans stopped, there's never been a better time to review your available security plans.

Our COO also did an interview discussing practical steps for COVID 19 and IT practices and the impact that it has had on the IT environmnet. I would be interested in your feedback and perspective.

User Rank: Apprentice
6/22/2020 | 12:54:07 PM
Evident change in organizational culture
As the dust of the first COVID wave has settled  and countries are opening up and trying to get to a mode of "new normal  " we see  top managemnt driving  change to the organizatioanl culture .

Driving cultrual change  requires trainig - this includes with no doubt Cyber defense trainig to people and teams that ahd nothin to do with this is the past  

Operational aspects that were not heard of or pushed aside for years happened within days . Hopefully the same openess and flexibility mode happens with the right cyber defense plan . From  my  perosnal experice I see that some do and some dont. It will be intersting to see waht industires will catch up faster than others 
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...