Business & Technology

Seven Observations of Covid-19’s Impact on Cybersecurity

By Fortinet | November 09, 2021

Looking back since the pandemic started, cybersecurity has had a lasting affect in many ways. Recently, Rob Rashotte, VP, Fortinet NSE Training Institute, sat on a panel hosted by Fortinet’s academic partner, the University of Ottawa, to discuss the impact the pandemic has had on the cybersecurity sector. Here are some of the main themes that arose from that conversation:

Observations of Covid-19 Impact on Cybersecurity

1. Covid-19 did not discriminate: It affected all sizes of organizations

Covid-19 affected every organization, from the family-owned business to the large enterprise. In almost all cases you saw the majority of an organization’s employees working from home. That in itself meant an expansion of the corporate network to home offices. To be secure, organizations needed to provide every employee with the same level of security they would have had if they were working in the office.

To add to that, every day working from home was a ‘bring the kids to work day’. When this used to happen in the pre-covid days, the kids weren’t using the corporate network for school-work, zoom piano lessons and gaming, potentially compromising the network without knowing it. This left gaps in home networks that were more at risk for attacks. Chances are parents may have taken corporate security awareness training at some point in the past, but kids probably haven’t.

2. Cybersecurity is so much more than just technology - you can’t forget the human factor when it comes to protecting your network

The human factor to cybersecurity is a critical one. Your network needs to be secure but the people in your organization using the network need to have the right security awareness training in order to have a truly protected network. Organizations need to realize that if they have 3000 employees, for example, then that is 3000 potential gaps in their network. 

At Fortinet we are seeing a high demand for training that is focused on the end user. We aren’t talking about just the IT department, it is people in every department within your organization who require the security awareness training and positive reinforcement so that being cyber-aware becomes part of the company culture. There are some great solutions that cover the essentials of what your employees need to know about phishing attacks and ransomware. Some of them, like Fortinet’s, are free to organizations

3. A work-from-home or hybrid work model helps to increase the hiring pool for organizations but there still isn’t enough people in the industry to close the cybersecurity skills gap

Along with the technical skills an individual brings to the table, their communication and collaboration skills are also more important than ever. This past year, organizations in many sectors and many countries were forced to work 100% remotely without the creative environment that a face-to-face brainstorming session naturally creates. If a person possesses these soft skills, they are much more likely to succeed. 

Regardless of the ability to recruit around the world, the cybersecurity industry is still in need of a lot more professionals to close the 3.12M cybersecurity skills gap reported by (ISC)² 2020 Cybersecurity Workforce Study. Fortinet’s NSE Training Institute and TAA initiative are helping our customers and partners recruit skilled individuals through our various programs, including the Education Outreach Program with a focus on women, veterans and non-profit organizations working to bring people into the industry, get them trained and certified so that they may enter the cybersecurity field. As well as our Security Academy Program that is focused on working with educational institutions around the world to include cybersecurity into classroom curriculums. 

4. Cybersecurity jobs are not just for engineers

When we think about roles in the cybersecurity industry we tend to focus on the technical roles. But just like other industries, there is a need for many different roles in a cybersecurity organization. In addition to both technical and non-technical roles, there are job openings for entry level positions, mid-level and even executive level positions. Every department needs skilled individuals and every individual in the organization is responsible for the success and security of the organization.

5. The Board has ultimate responsibility

While every employee has a role to play in cybersecurity, the Board has ultimate responsibility. According to the World Economic Forum’s Advancing Cyber Resilience Principles and Tools, “The board as a whole takes ultimate responsibility for oversight of cyber risk and resilience.” Depending on which industry you are in and what types of cyber-attacks your organization is most vulnerable to, your CISO could report in to different levels in the organization. If a cyber-attack could cripple your organization, then your CISO should have a direct reporting line to the CEO with a direct channel of communication into the board.

How to Maintain Cyber Hygiene as Covid-19 Took an Impact on Cybersecurity

6. Cybersecurity is constantly evolving and adapting

Cybersecurity attacks are getting much more sophisticated and frequent. Fortinet’s 2021 Global Threat Landscape Report stated another 10.7x increase in ransomware over the last 12 months. The report outlines how that ransomware has not only gotten more prevalent but it’s gotten more destructive as well with attacks that crippled the supply chain of companies like Colonial Pipeline and JBS. 

The good news is, cyber solutions are also evolving. Fortinet has used the technology for some time but we are seeing an uptick in the adoption of machine learning and AI. With the volume of attacks increasing at such a huge rate, we can’t rely on people alone to be able to monitor new inbound threats.

Organizations are also looking for trusted advisors to help them utilize their current solutions to their fullest. Fortinet took this role seriously with our customers at the beginning of the pandemic. We developed packages for teleworking that could help our customers easily extend their networks. And we made sure that our customers were taking advantage of all the features within their existing solutions to get maximum protection.

7. Security awareness best practices make all the difference 

The biggest thing that employees need to realize in a work-from-home environment is that they are an extension of their company’s network. And if you are part of the network, you are also a potential entry point. Good password policies are just as important at home as they are in the office. As is maintaining a secure workstation. This means not allowing any other family members to use your work devices and ensuring that you aren’t leaving confidential information visible to others. 

Fortinet’s 2021 Global Threat Landscape Report states: “even more worrisome to corporate security programs, however, is the potential for attacks launched from a remote worker’s home network. Think about how many devices lie between an employee working from home and the enterprise applications and data needed to do their job. Now think about all the things attackers could do if they compromise those devices. You can be sure that attackers are thinking about it too.”

Organizations also need to invest quickly, if they haven’t already done so, in a security awareness training service and roll this out to all employees, but most especially those working from home. Employees need to understand what attacks look like, what forms they can take, how sophisticated they have become, what the impact is of an attack and what they should do if they suspect they are being targeted. 

People working from home also need to ensure their families have a basic understanding of cybersecurity as well. There are free courses available, like the ones Fortinet offers, that could make the world of difference.

Below are helpful reminder tips for improving cybersecurity hygiene:

Don’t be Too Quick to Click!
Email is the #1 trap. 
If that text or email looks suspicious, don’t open attachments.
Always hover over links to check their true path before clicking. 

Free Wi-Fi Comes with a Price!
Public Wi-Fi is not private. Someone may be listening. 
Use a VPN with unique passwords for each login. 
Verify all apps before installing. 

See Something? 
Hear Something? 
Say Something!
Report any information security incidents immediately. 

Be Unique!
Your login credentials are keys for cybercriminals! 
Create a strong passphrase for all your important accounts. 
Change default passwords on all your devices. 

Be Aware!
No tailgating allowed in the workplace. 
When visiting the office, don’t share your badge access with anyone. 

Lock Before You Leave!
Data is the new gold. 
Your workstation can be a criminal’s playground. 
When visiting the office, keep a clean desk and screen lock all your devices before you leave. 

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and NSE Training Institute programs, including the Certification ProgramSecurity Academy Program and Veterans Program, are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.