COVID vaccines are starting to be distributed and administered, cases have dropped, and a real sense of post-pandemic optimism pervades the planet as springtime begins in the northern hemisphere. Despite all of the real-world and cybersecurity challenges that came about during the pandemic, we are cautiously emerging from the other side.
For IT professionals, though, the question is: what is the long-term impact of the pandemic? We know that there was plenty of short-term disruption to the ecosystem that came from increased VPN usage, work-from-home, and personal device use for business.
All of these changes kept MSPs owners up at night. In the end, though, there was some comfort in knowing that this would all pass and things would return to the way they were. But will they? There may be some long-term, or even permanent, cybersecurity shifts driven by the pandemic.
Cybersecurity preparations for future global events
Stefano Zanero is an associate professor of cybersecurity at Politecnico di Milano (Polytechnic University) in Milan, Italy, near where one of the first major COVID outbreaks occurred in 2020. He says that the COVID crisis should become a catalyst to prepare for the next major global event. And the next one, he muses, might not be a virus that spreads through the air.
“I think COVID has taught us much on what a global crisis looks like and how difficult it can be to respond in the absence of a good flow of information and of some coordination among states,” Zanero says.
Sharing information, having back-up plans in place, and a crisis roadmap are vital in taking the edge off the next global crisis. And there will be a next one.
“Sooner or later, we may face a crisis that stems from cyberspace as opposed to biology, and I think we should put some work into building the infrastructures we will need to coordinate an appropriate disaster response,” Zanero adds.
Accelerated digital transformation
The world was already going digital prior to the pandemic. And the arrival of widespread 5G promises to accelerate that. Medical facilities had been increasingly ridding their shelves of paper records in favor of digital, as have many other businesses including banking and mortgage companies, insurance providers, and law firms.
“(Digital transformation) is a continually expanding universe that is not going to be diminished,” notes Sekhar Nagasundaram, a cybersecurity consultant based in San Francisco.
This accelerated digital transformation, however, brings with it risks. Data is currency to hackers, and the more data, the more there is to attack. Whereas a decade or so ago, the silos of data to defend were relatively small, now the amount of data is staggering.
Zero Trust
Another long-term legacy of the COVID crisis, according to Nagasundaram, is the wide recognition and increasing adoption of “zero trust” principles, which he attributes as a reaction to the “work anywhere, access anything” ethos and culture that emerged over the past year.
“That culture is here to stay,” he says.
But Zero Trust means different things to different organizations. It’s become a cybersecurity catchphrase, but the pandemic will force businesses to define it more cleary. Nagasundaram advises that there’s room to create different definitions and MSPs and other stakeholders will have to figure out what works best.
“Zero trust is a design philosophy and not a technology per se,” he says. The implementation and architecture over time will show the efficacy and effectiveness.
Implementing zero trust principles into an organization, though, can’t be done until the organization defines what data is the most crucial to protect.
“And that is where the pandemic may have forced businesses to finally reckon with the reality that their data is worth protecting, that data is the new money. But not all data is created equal,” states Jim Adkins, a cybersecurity consultant in Miami, Florida.
Overlooked cybersecurity targets
Adkins believes that most businesses now do an excellent job of protecting social security numbers and credit card information. Still, it is often other data that is of real value on the dark web and gets overlooked. This data includes PHI, proprietary designs, human resources information, and other more seemingly mundane records like product warranty data that may contain scrapable consumer data.
“I see a lot of companies with their MSP partners finally creating comprehensive data audits and segmenting and walling off data. While there is nothing good about COVID, if it can has had the effect of causing companies to finally realize the value of data, that is a good thing,” Adkins says.
Some other far-reaching impacts of the pandemic include, according to Adkins:
- MSPs come home: The home is now being viewed as a valid extension of the office. “And I just don’t think that is going to change any time soon, MSPs that can adapt and embrace home networks in an affordable, profitable way will come out winners,” Adkins emphasizes.
- Flexibility: The pandemic forced companies to be flexible for the long-haul. Adkins adds, “Think about how quickly things changed in the spring of 2020, those who adapted didn’t just survive, they thrived. From now on, MSPs will need to have a playbook that embraces change.” This could mean creating permanent “rapid response” teams that are ready to tear up the playbook at a moment’s notice.
- Cybersecurity not optional: Given all the data breaches, COVID-related phishing schemes, and pandemic ransomware, the realization that cybersecurity isn’t a luxury may finally have been driven home. “And MSPs are in the best position to deliver cybersecurity for most SMBs,” Adkins says.
All of these are long-term legacies of a pandemic that continues to redefine cybersecurity. MSPs that learn these lessons will thrive the most when COVID is contained.
Photo: Matt Gibson / Shutterstock