To call the times we are living through "unusual" would be an understatement. Despite that fact, we are all cautiously inching our way back to familiar routines and activities. The world of business is in a similar situation, with many companies continuing recovery efforts amid economic uncertainties and a perilous quandary of choices. A state of cyber chaos lingers in the shadows of every decision, where wrong decisions and gaps in security could spell failure — and even certain ruin — for industries that are teetering on edge.
Significant security weaknesses emerged for many US businesses during the rapid transition from "in-person" to remote in March 2020. Security budgets shifted from planned updates and upgrades to accommodate the increased expense of running a remote workforce, combined with the hard economic time that befell many industries. Existing security technologies are being extended in place, expected to face "novel" threats and viruses. In the haste of business survival and adaptation, information technology maturation will stall — if things such as security, governance, monitoring, and analysis fall.
The Threat Surge of 2020: Everything Is a Target
In 2019, cybercrime statistics showed that over $1.5 trillion in impact and losses siphoned off the economy — and that was before COVID-19. Today, cyber threats are more prolific than ever, and the ranks of active cybercriminals have at least doubled since massive unemployment and economic uncertainty rocked global economies. Cybersecurity has become a significant industry focus as cyberattacks have spiked up to 400% since the pandemic began. As more people work from home without the IT oversight and protection that they'd receive in the office, hackers have ample opportunities to exploit this environment of change.
Navigating Deadly Twists and Turns
A recovering business climate means that every decision is critical, including those tied to technology. The harsh reality is that cybersecurity could be what determines whether a business will recover or not. With new technology, new features, and new efforts rolling forward, security gaps could easily spell outages, security incidents, and even ruin.
While it is next to impossible to completely prevent cyberattacks, more in-depth efforts toward security are imperative in this age of heightened risks. Fortunately, tools and concepts such as monitoring, data classification, access and identity controls, cloud governance, next-generation data analysis, security training, and enterprise resiliency can create a more secure technology foundation.
Yet even with tools and preparation, organizations still find themselves as targets from ransomware, as was the case for the University of Utah recently. Despite having a disaster recovery plan in place able to restore almost all of the stolen data, the university still ended up paying $457,059 to stop the hackers from leaking sensitive student information online. For organizations without robust business continuity plans before the pandemic, stretched resources make them easy pickings for ransomware attacks.
Business — Not as Usual
Over the last several months, many businesses have both thrived and suffered. The media streaming, home delivery, telecommute tools, and entertainment industries are doing well, while other sectors merely survive, including the hospitality and travel industries. Some small and midsize businesses will never come back or may never look the same again.
While the pandemic has brought about many challenges, it has also uncovered new growth opportunities across multiple industries such as online learning, telemedicine, e-retailing, virtual-reality tourism, and live streamed events. Opportunities such as these count on enterprise IT resilience to be successful long term.
There are multiple options and paths to business recovery, including technology and innovation, which pave the way for renewed and continuing growth. Initiatives that feature transformation delivered securely, with agility and speed at the core, will provide the sort of experience that customers, partners, and employees require.
Resilience also relies on flexibility and evolving contingency plans. Just as businesses had settled into a routine using the videoconferencing tool Zoom, and on what would have been the first day for most schools teaching virtually through the platform, the conferencing tool suffered a three-hour outage on August 24, 2020. For organizations that did not have an alternative at the ready, productivity came to a standstill. The University of Iowa reportedly had 1,359 meetings scheduled to occur during the outage, causing more than just a major headache for school officials, teachers, and students.
Yet while there are countless technology options out there today to build contingency plans for outages of that kind, cybersecurity must rule them all — the cyber-threat challenge is here to stay.
Invest or Perish
Shifting resources and budgets as well as incorporating a suddenly mobile workforce has enabled organizations to keep steady on the IT front throughout the pandemic. As businesses begin to reawaken and position themselves for recovery, the need to prepare for significant business disruption is a clear and present danger. As company budgets and planning are in the pipeline for 2021, we can expect accelerated migrations to flexible cloud infrastructure and cloud applications to continue unabated. Among all these shifts, it is imperative to drive robust security technology investment and initiatives.
Challenges and initiatives are driving efforts towards a unified state of cyber operations. With security at its core, critical technology initiatives leverage the best of technology, practices, and training resources. This is the only way through the cyber chaos of 2020.