Security Metrics has opened a free 24-hour hotline for those with cybersecurity concerns. A spokesperson for the firm said: “The COVID-19 pandemic is having an unprecedented impact on businesses around the world. Whether a business has shut down operations for the time being or is attempting to continue work remotely, suffering a cyber-attack right now will only kick business owners while they’re down.” The hotline is reachable to UK residents on +44 20 3014 7831.  

The House Homeland Security Committee has penned a letter to US Congress asking for emergency relief to deal with cybersecurity concerns. The letter says that “state and local government employees are working hard to continue operations”, but also claims that those working from home are more susceptible to phishing, malware and ransomware attacks. It comes off the back of a report highlighting the security dangers of home devices.   

Cyber geniuses have been praised for their interventions during the coronavirus outbreak. A self-taught coder based in South Korea was the brains behind Coronamap.site, which has been tracking the spread of infections since January. It seems the tech giants are sitting up and taking notice too, as they are now developing their own contact-tracing software for smartphones to determine where people may have picked up the virus. These civic hackers or “good guys” are instrumental in helping to identify where more resources are needed, such as face masks.

Half the world is currently fighting a pandemic. The new coronavirus has exposed considerable holes in our protective systems, forcing 3.9 million people in 50 countries into confinement and bringing unprecedented losses in its tail.

How did that happen?

First, let’s put the situation in context. Pandemics of this scale were long gone from our living memory. The last one, the Spanish flu, had infected a quarter of the world population and ended almost exactly 100 years ago. We can legitimately not underestimate the surprise factor. This situation is new for everyone.

Could it be avoided?

Some countries had simulated pandemics to prepare for the real ones. But all their preparation was just mitigation. Yes, having a stockpile of masks, ventilators, protective blouses for healthcare workers… absolutely changes how you respond to the crisis. And prepared countries can dramatically reduce the spread of infections, help more people survive and rebound faster economically.

But mitigation alone cannot be the only strategy, just as extinguishing fires cannot be the only strategy to prevent massive fires. In France, the forest regulation limits the spread and damage of any new fire by forcing people to reduce the size of tree clusters near their homes. It is a far more efficient and cost-effective strategy than waiting for them to become large then try to extinguish them, especially in regions where wildfires are a known recurring plea.

How does it apply to cybersecurity?

In cybersecurity, this logic would translate into reducing the size of clusters of systems and data that can be accessed through the same door. At the moment, the two leading practices in most organizations have the same effect. People either centralize systems and data access at one point, through a login and password or biometric. Or they use similar credentials to access all your systems or data (which means if a hacker gets one of your systems credentials, they can reuse them for others). Both practices lead to the same result: a very high risk that the whole organisation and third parties get infected from one breach.

As with wildfires or biological pandemics, investigating and patching a cybersecurity breach will always be less effective than preventing a virus from massively spreading in the first place. As 81% of all breaches start with an intrusion through passwords, any cybersecurity plan should therefore start with reducing the size of clusters, making all accesses independent and decentralising credentials.

How to build a strong and secure access architecture?

A secure access architecture is based upon strong unique and independent credentials for all systems, networks, applications, databases and devices inside the organisation. By reducing the size of clusters that can be accessed through any credential, organisations can dramatically reduce the size of breaches when they happen, stop virus from spreading far and wide into their systems and that of third parties.

That strategy implies putting users front and center of your cybersecurity strategy. Just like with COVID-19, getting people to practice social distancing, self-isolate when they have symptoms and wash their hands is far more effective to stop the virus from spreading than only monitoring them. And as with fires or viruses, you need rules and tools to help people protect themselves, inside and outside the organization.

But aren’t cybersecurity solutions complicated and expensive?

Most cybersecurity solutions are indeed long and expensive to implement. But you can now leverage a well-architected solution that is simple to deploy, easy to use and very competitive to cover over 80% of your cyber risks. And the good news is you can start doing it today.

Next time you see someone typing a password, think about its potential consequences for your organisation and your ecosystem. Why not embed cybersecurity in your organisation by including your users in your strategy instead?

Don’t know where to start? Get a free assessment on your credentials security level here or contact us at info@mycena.com

The World Economic Forum has made a striking declaration about cyber security – that it is the responsibility of world leaders. As part of the World Economic Forum Annual Meeting, experts claimed that security has been the domain of the IT department for too long, and we must all get involved as cyber-attacks grow in sophistication. Conclusions from the meeting included a need for a “culture of cyber security” and a rethink into organisational structures, as well as investment into evolving technologies. 

A new report has found that multi-factor authentication attacks are expected to rise in 2020. Multi-factor authentication involves using more than one device or access method to log in to a user account, for example a fingerprint scan and a unique pin. According to the report, 57 per cent of global businesses now use multi-factor authentication, making it a new target for hackers. Experts are predicting a rise in ‘9am attacks’ whereby end-users receive a notification to log in when they arrive at the office, inadvertently giving hackers access.