Pandemic Risks and Information Security in 2021
2020 is a year that brought many organizations to a fast and hard reality regarding their business operations and the need to support the digitally enabled, remote workforce. Tactically, this meant businesses of all types had to make the transition from a work-in-the-office mentality to a work-at-home reality due to the restrictions and personal safety requirements resulting from the COVID-19 pandemic.
At the time this article is being written, spread of the pandemic has grown exponentially, with little to no solution in sight for the near future. This means that the uncertainty of maintaining a remote workforce places businesses in a position of escalating their transformation to becoming a digitally enabled, remote workplace and addressing not only process and information management practices, but also those of security and ensuring their information ecosystems are secure from outside intrusion.
The Threat is Real
The risk of cybercrime has increased as a result of the pandemic and the extension of the information ecosystem into the homes and remote workplaces of the employees. Businesses must now take a more strategic approach in addressing risk and cybersecurity measures to include the remote workforce and possible weak points across the enterprise which now includes the extended remote locations.
The types of threats are not limited to direct attacks, ransomware, malware, phishing (email), smishing (SMS text messages), the increased use of personal mobile devices for work, and the increase of work-related devices for personal use. Additionally, there is the use of shared and hosted services. These could include online collaboration platforms, share drives, online storage services, website redirection via email, and file-transfer applications that are officially and unofficially sanctioned but used by the employees.
The Cost of Data Loss is Considerable
According to an article from the Sloan School of Management at MIT titled “How to think about cybersecurity in the era of COVID-19”, by the end of 2021, the cost of cybercrime will rise to $6 trillion per year. This same article cites that a data breach at Marriott impacted 5.2 million of their customers while a ransomware attack on Honda forced a global shutdown of their operations. Fraud cases relating to the pandemic, according to the Federal Trade Commission, totaled 172,000 reports and at a cost of $114.4 million.
While there are dollar amounts that can be attributed to pandemic data breaches, there are also non-monetary costs like the impact on brand, customer loyalty, and new customer growth that will also be impacted.
The CISO Focus
According to a report by McKinsey & Company titled “COVID-19 crisis shifts cybersecurity priorities and budgets”, Chief Information Security Officers (CISO) have taken steps out of necessity to secure their information ecosystems from network threats targeting remote workers, business-facing commerce, and their e-commerce operations. While CISOs believe their security budgets will shrink by the end of 2020, 70% plan to ask for a significant increase in 2021 as they consider new options and tactics to protect their organizations.
Among the top areas of focus cited by McKinsey and Company are perimeter security, remote access, automation of routine tasks, improved security training, and enhanced security for trusted third parties.
In My View
The pandemic has forced businesses to shift their focus to supporting a remote workforce, something many discussed but few acted upon. While this shift has been mostly successful as a result of a reactive response, the time is now to begin strategic planning and refinement of what has been put in place.
This is where the combination of purpose-designed process automation, artificial intelligence (AI), and digital processing derive benefit in transforming a business from manual, task intensive processes to more efficient, secure, and controlled digital processes. Imagine replacing a series of spreadsheets that are maintained manually with a digital dashboard that is updated automatically. Imagine automating routine tasks with an automated digital workflow capable of providing vital information to the right resources and an automated escalation process that redirects problematic issues based on predetermined criteria – without the need for human interaction.
We do not know when this pandemic will end, nor do we know what the next crisis will be, but we do know businesses can be fully functional and operational without constraint to a physical location. We also know this requires tighter, well-designed security models and new approaches in keeping business information assets secure. 2020 has opened the door to opportunity by changing the business landscape in a dramatic way.
Learn from what you have done, design from what you have learned, and continue to improve upon what you have built.
About the Author: Bob Larrivee
Inducted into the AIIM Company of Fellows in 2019, Bob Larrivee is a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations.
In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.
Bob can be reached a firstname.lastname@example.org