By Michael Hill Editor , Infosecurity Magazine - July 10, 2020
The COVID-19 pandemic has had diverse and significant impacts on the information security industry. Moves to mass remote working and spikes in tailored COVID-19 cyber-attacks and scams have seen the security and safeguarding of data greatly tested. Organizations around the world have been forced to adapt to a ‘new normal’ of business processes, workforce management and cybersecurity functionality – and it’s a normal that will be with us for the foreseeable future, and likely beyond. So how exactly has the health crisis impacted the information security landscape? What’s more, in what ways will things be changed as a result and what must businesses do to adapt? Infosecurity spoke to John Hertrich, president and CEO of Identité, to find out. How has the COVID-19 pandemic impacted information security? COVID-19 has forced companies to shift to a remote work model and many are scrambling to maintain security in this new complex environment. Employees are downloading new tools daily and accessing various work portals that contain confidential information. In a working from home environment, security and IT teams have very little control or oversight since they now have hundreds of employees connected from loosely secured home locations. Their coverage zone has increased exponentially in size giving hackers a target-rich environment of inadequately protected remote employees connecting to their data-rich corporate networks. People are also utilizing their computers in more ways than ever to access aspects of their everyday life. E-commerce sites, telehealth portals, e-learning platforms, online banking and more are all seeing an influx in users which makes them a prime attack vector. Across both work and personal life, people aren’t practicing strong security habits and are reusing passwords. This means that passwords used for sensitive work activities, online shopping, banking and more are being constantly reused. Hackers know this and are increasing phishing and social engineering attacks. In what ways will information security be changed after the health crisis? Those companies that successfully exit this crisis will have established more formal security policies and guidelines with respect to remote workers. CISO’s will actively participate in laying out what technologies employees need in order to keep the corporation safe. This will include anti-malware, remote workstation configurations and MFA for access corporate resources. CISO’s will also be more involved in the design of portals – especially given the number of breaches that contain sensitive consumer data. The increase in successful attacks discovered during COVID-19 clearly shows us that we must find better and more reliable ways of securing critical data. An easy way to do this is to eliminate passwords and implement a new methods of authentication.
“We must find better and more reliable ways of securing critical data”
Why do passwords need replacing, and what new authentication methods will be most effective? While some users repeat the same age-old advice about making passwords stronger, or changing them yearly, most don’t follow this practice. This simply doesn’t cut it or get at the core issue. Passwords are a security nightmare and because passwords are stored in a central repository, they have become a liability. With all the innovation and new tech these days, especially at our fingertips via our smartphones, passwords should have been phased out by now. Making a simple switch to password-less authentication and leveraging biometrics as opposed to passwords goes a long way in protecting users and dramatically improving the user experience. Stepping away from the traditional username and password method is the only way to end the annoying cycle of password resets and reduce the number of cybersecurity issues. When do you think we’ll see a ‘password-less future’ and how much of a challenge will it be adapting to that future? COVID-19 has created an urgency for the need of a ‘password-less future.’ We can expect to see the shift happen across several industries including healthcare, financial, e-commerce and government and by individual consumer use. With more hackers on the rise with sophisticated phishing attacks, companies must start implementing this change. On the consumer side, password-less authentication is much simpler and quicker to use than the typical username and password login. By not being forced to create and remember a password, consumers will most likely adapt quickly and react positively to this change.