CESIN draws the first lessons from the health crisis for the future of cybersecurity. The health crisis strongly mobilized the IT teams, whose support function is essential for business continuity during the health crisis. Essential to state services to help steer the crisis, essential for everyone to communicate, organize and maintain an economic, social and educational life.
The health crisis has profoundly disrupted the organization of businesses and highlighted certain causal links, such as patterns of industrial dependence which could undermine our capacity for resilience. The major role of the Internet has never been mentioned because it seems obvious, in everyone’s mind, that these means are available all the time, for everyone and from anywhere. However, it was necessary to adapt digital tools and uses somewhat.
Overnight, millions of people found themselves confined to teleworking, yet despite the Macron orders of September 2017 in favor of teleworking, only a quarter of French employees used it, and most of the time occasionally. Only 6% of employees practiced it on a regular and contractual basis before the crisis. It was therefore necessary to ensure that these millions of teleworkers could continue their activity remotely, with acceptable security conditions.
For companies that have a culture of telework and where digital transformation already allows the use of many services in the cloud, the crisis is a transformation accelerator with an even wider adoption of collaborative tools in the cloud, especially for sharing files or meet by videoconference. In these organizations, the period of confinement could also open up widespread use of the electronic signature or the accelerated development of new e-commerce sites.
For companies still in the middle of the ford in their digital transition project, and for which telework is not cultural, the test is much harsher. Purchasing laptops in disaster, transporting desktop PCs to the home or even using private PCs for professional purposes, all possibilities were explored and managed urgently. We have seen the emergence of more or less supervised Cloud service uses, even in Shadow IT.
The level of companies’ exposure to cyber risks increased sharply during the crisis. Obviously in such circumstances, the pirates did not fail to go wild with attack vectors adapted to the crisis. However, on a poorly protected workstation or online space, a phishing attack can have even greater impacts.
From the point of view of security, the cursor has undeniably moved and is permanent.
• The desktop PC is dead: as we have seen, companies massively equipped with mobile equipment have been particularly agile in adapting to confinement almost overnight. The price difference between a desktop PC and a laptop should no longer be an obstacle to equipping employees who have all become potentially mobile. In addition, even if some employees have claimed printers for their home or used a personal printer, the fleet of multifunction printers and copiers should also decrease since the proof is made that we can live without them.
• The traditional VPN will disappear: as many services are available in the cloud, employees are naturally connected directly to these services from the Internet access from home rather than going through the VPN to connect to the corporate network, to come out on the Internet to use these services. As long as there is legacy, the traditional VPN will remain but the meaning of the story is indeed a direct connection to the cloud, which does not exempt from going through proxies and various layers of security, themselves in the cloud.
• MFA is no longer an option: Of course, if we allow mobile users to connect directly to cloud services without going through the corporate network, we will have to generalize the use of strong authentication for all these services and not just to connect to the VPN. The concept of MFA will no doubt finally be generalized to reduce the risks of identity theft, which are inevitable when users are allowed to connect to cloud services with simple passwords. The zero trust principle is more relevant than ever.
• Updating workstations will have to be rethought: during the crisis, one of the main challenges was to keep corporate PCs at an optimum level of security. Security updates were often a challenge for many before the crisis, whether in OS patching or security updates. How then to guarantee an update of the stations when they are all outside the company and not permanently connected to the network of the company? In addition to this issue of “reachability” of the stations, the VPNs will not carry large volumes of updates and the evolution should again go through more live updates.
• Farewell to office directories! The crisis has undoubtedly sounded the death knell for traditional central file servers. Collaborative tools, and in particular online file sharing tools, were considerably deployed during the crisis. This had the effect of giving users much more autonomy, but without making them responsible. Indeed, in the previous model, it was the IT team that set up central access, while in the cloud model, users are delegated to organize shared spaces and secure access to them. But the easier it is to share, the more difficult it is to master the subtleties of access to these shares. Above all, it is difficult to have a consolidated global vision. It is therefore very easy to make mistakes. Entrusting these sharing tools without giving users any visibility on what they share is a very big risk in terms of data protection! Businesses will need to equip themselves with monitoring tools and additional tools to find information leaks on the Web in cases where prevention has not been enough.
• SOC is essential: we could observe it before the crisis, many companies very affected by cyberattacks did not have SOC or they were in an embryonic state. Now with data scattered across multiple clouds, and equally dispersed users, the area of exposure to risk of attack becomes enormous. And we should not rely solely on the vigilance of the user. If the click too much triggers a crisis, it is that the environment was vulnerable! Whether internal, outsourced or mixed whatever, SOC is now a centerpiece of a cybersecurity system! This trend was already there before the crisis, and it should progress rapidly. The capacity for surveillance, detection and response to incidents had become essential in addition to preventive measures. The crisis has accelerated the use of the cloud. We must rely on a SOC to vigilantly and reactively monitor what the new accesses and new delegations in the cloud allow, for all populations, administrators, architects, developers and in general, all users.
These examples are immediate technical or organizational consequences of the health crisis on cybersecurity. Alain Bouillé, CESIN General Delegate, warns: “It is necessary to question our priorities, what the crisis has taught us as such, what it is transforming, the new risks that have arisen and those that will naturally reduce . It is important to reconsider its cyber roadmap to make sure to take into account the transformations resulting from the crisis but also to ensure that this roadmap is aligned with the strategic changes that the company will undertake in the coming months. ”
We must also consider the economic crisis resulting from the health crisis. The repercussions are expected to be profound, even if we do not yet measure their exact scale or scenarios. What does this portend for our area of cybersecurity? Our businesses, which are strongly impacted economically, must take care not to suffer cyber crises in the process. Considering the very high level of threat and the fragilities that appear in transition periods, it would be dangerous to start the cybersecurity budgets, which are more than ever necessary to protect business activity.