It’s been the toughest of times as the COVID-19 pandemic has spread across the world.
Since the first report of the coronavirus in Wuhan, China in November last year, the COVID-19 health crisis has become one of the greatest global threats in living memory. The most heartbreaking factor of the pandemic has been the number of lives cut short or irreversibly changed as a result of the disease. Any loss of life is devastatingly sad for the family and friends of the deceased, whilst the previously unimaginable circumstances that have become realities for so many people have only served to make it all the more tragic.
My deepest, sincerest condolences go out to any and all that have been affected.
Away from the tragedy of human loss, the impact the pandemic has had from an economic standpoint has also been stark, affecting virtually all sectors. As we look at our own industry and the security and safety of information, there have been two significant ramifications.
The first is the monumental surge in tailored COVID-19 attacks and scams detected over the past several weeks. These have largely focused around malicious phishing campaigns, with fraudsters impersonating entities including healthcare providers, governments, law enforcement and fundraisers. The attacks establish persistent attempts to compromise email inboxes, credentials, endpoints and applications to target people made more susceptible to exploitation by the mass fear and uncertainty surrounding the crisis.
The second impact greatly affecting the security of data is the variety of challenges brought about by the mass migration to remote working implemented by huge numbers of organizations, as part of government-instructed attempts to limit social interaction to slow the spread of the virus. Remote working on this scale is not only unprecedented, but has led to a diverse set of security risks that have greatly tested even the most enabled organizations.
It goes without saying that the COVID-19 health crisis has been an extremely testing time for many organizations. However, it has also proven to be a call to arms for the information security community which, in my opinion, has responded admirably.
A huge list of security companies, both commercial and non-profit, have made available countless free security services, products, licenses and educational material, sharing technology and knowledge to support organizations and their workforces now thrust into this new paradigm of challenges, risks and adversity. Numerous security researchers, consultants and affiliates have also joined together to form free, open support groups to provide accessible, community-led expertise and discussion about the latest and most pervasive security risks surrounding the pandemic, whilst others have dedicated their time to hunting down and stopping new coronavirus-related threats in their tracks.
These things have not been done for monetary gain or profit, but to provide security solutions and assistance to those that need it, because it’s the right and just thing to do. These acts will have been invaluable to so many organizations and people, proving that times of great need and struggle call for genuine acts of compassion and kindness.
The infosec industry has taken a fair bit of criticism over the years. It’s been referred to as ‘a money-making vendor circus,’ ‘a siloed and deeply technical discipline for geeks,’ the ‘department that says no,’ etc. etc. Well, I believe that, over the course of the past several weeks and amid the pandemic, we’ve seen the true colors of the sector and can confidently say, once and for all, what the infosec industry really is: a community dedicated to keeping people’s data safe, especially when they need it most.
With a long road of uncertainty ahead, the security industry will certainly have to continue in that vein, showing not only innovation and adaptability, but ongoing acts of compassion and support. However, it should be immensely proud of how it’s conducted itself, and I’m certain that our industry will be a more inclusive, collaborative and accessible one as a result.
Turning thoughts to this print issue of Infosecurity Magazine, COVID-19 does play a significant role. Our news feature on page 8 takes a look at the sudden growth and impact of the various coronavirus-related security threats that have come to light, whilst our cover feature on page 12 explores how the current mass remote working situation may dramatically impact information security strategies of the future.
However, I felt it was important for this issue of Infosecurity to not be remembered purely for being the ‘coronavirus issue,’ and for it to also explore other ongoing, wide-reaching, important topics and issues affecting our industry, as has always been Infosecurity’s way. This is not just to make for a more diverse issue for our readers to enjoy, but to also serve as a symbolic reminder that, despite the difficulties of our current situation, we will come through this awful period, and when we do, there will be vast security challenges, both old and new, that will not only need to be faced, but will likely take on entirely different significance than we could have ever previously imagined.
Please do take good care of yourselves and your families and, of course, I hope you enjoy the issue.