• Vendors are prioritizing portfolio and marketing effort on the most common types of COVID-19 related cyber events, covering phishing and identity attacks.
• Cybersecurity vendors are reconfiguring their service and support functions encompassing remote working. Vendors face internal operational challenges in scaling up quickly with the right level of security posture.
The COVID-19 pandemic is having a huge impact globally across families and communities. In turn, this is having a massive impact on businesses of all sizes, including global multinationals. Almost all Fortune 100 and 500 companies have experienced major disruptions to their operations and markets, resulting in some economists predicting losses of more than $1.1 trillion worldwide. COVID-19 has created shutdowns and major disruptions in employee working styles and supply chains in all sectors, and in particular across government, finance, manufacturing, IT, and media. As these sectors reconfigure their operations, one of the most critical issues arising are increased cyber-attack threats as organizations become more dependent on technology.
Over the last couple of months GlobalData has been engaging with a number of organizations to establish what their strategic operational initiatives are to address the effects of COVID-19 and the role cybersecurity plays. Some of the initiatives we have seen organizations deploy include:
• Realignment and prioritization of IT programs – particularly in sectors like IT, health, and retail, with a particular focus on more tactical short term solutions.
• Shift to remote working and providing adequate security measures
• Minimizing disruptions to supply chains – e.g., ensuring credible cloud security measures are in place as greater pressure is placed on accessing data outside the enterprise network.
• Ensuring business continuity (employee safety and alternate supply chains) – particularly in sectors like healthcare and retail food chains, where monitoring shadow IT and providing security on cloud IT environments are required.
In light of COVID-19, the majority of cybersecurity vendors are emphasizing that enterprises put in place adequate security measures and policies that address malicious campaigns, including email spam, malware attacks particularly with remote working, ransomware and malicious domains, and network protection to prevent embedded malware attacks that deploy social engineering tactics that infect corporate networks. In particular, cybersecurity vendors including CrowdStrike, Palo Alto Networks, Check Point, and McAfee are prioritizing their marketing effort around remote access VPN monitoring, endpoint threat prevention, mobile security and secure workplace, and cloud and device security.
Examples of COVID-19 related initiatives by vendors including CrowdStrike in relation to remote working is offering two new limited-time programs to address challenges introduced by the large numbers of managed and unmanaged devices being used by newly remote workers. These include i) ‘Burst Licensing’ to provide and extend licensing new systems, particularly ones that are only required for a short timeframe; and ii) ‘Falcon Prevent’ for Home Use, allowing organizations to provide their employees with a low-cost option for securing their personal computers.
Another key observation to make with respect to cybersecurity vendors is that many of these organizations are facing the same COVID-19 operational challenges internally that their clients face. Many of these vendors are focusing on business continuity and ensuring security operations centers (SOCs) are running efficiently with robust remote working structures in place with adequate IT and security. Examples include Palo Alto Networks transitioning its internal SOC to a remote model in which all analysts are working from home, fully operational and continuing to monitor for threats via the company’s Prisma Access portfolio suite. Cisco is also scaling up its remote working infrastructure for operations in India and considering ‘desktop as a service’. In this example, as Cisco scales up and progresses with the rollout the company will have to address its own security posture. In normal circumstances IT programs of this nature do not pose significant challenges when implemented over acceptable timeframes and all security related vulnerabilities have been factored in. However, when this level of scale up is required in short timeframes as a result of COVID-19, greater consideration should be given with respect to security and associated polices.
Over the coming months we expect cybersecurity vendors to further fortify their internal operations as well as increase marketing effort around phishing and identity attacks as organizations and governments attempt to address the COVID-19 pandemic. There will also be greater collaboration between vendors and partners in the fight against cyber-attacks as a result of COVID-19. The industry has already seen examples of this happening with nearly 400 cybersecurity experts from 40 countries coming together to create a ‘COVID-19 CTI League’ in an effort to fight hackers attempting to take advantage of the COVID-19 crisis in sectors like healthcare.