Reinforcing Enterprise Cybersecurity in the Age of COVID-19
The accelerated shift of life and work to the digital world due to the pandemic has brought with it an increase in cybersecurity threats over the past year. However, faced with other priorities, enterprises and governments aren’t always keeping their fingers on the pulse of cybersecurity. In this Q&A, I give an outline of the major threats, some must-follow tips for enterprises, and an example of our approach to cybersecurity.
What are some of the key cybersecurity threats facing the world today?
The global challenges we faced as a society last year led to fundamental changes in our physical and digital environments. This caused countries to prioritize resolving internal matters first, and so global collaboration against cyberthreats wasn’t given its due attention. This lack of global collaboration has impacted our cybersecurity landscape. Cyber criminals, on the other hand, have become very sophisticated and organized, leveraging cross-border networks to exploit vulnerabilities across the globe.
During this time, we also witnessed a rise in remote working and this presented unique challenges from a cybersecurity perspective. Work devices no longer operated on an organization’s secured perimeter. Devices that connected to corporate networks through unsecured connections led to vulnerabilities that could be easily exploited by malicious actors. Furthermore, IoT and webcams were exploited, with instances of virtual conference hacking (so-called Zoom bombing) leading news agendas. Cybersecurity teams had to spring into action to serve a dual purpose of ensuring business continuity and protecting enterprise networks.
Despite this sensitive global situation, some state actors used this opportunity to interfere with national security and stability. Some of the common threats we faced were disinformation and phishing. Disinformation was prevalent throughout 2020 because of the pandemic where people obtained news from unofficial sources, which in turn caused chaos and confusion. In addition, hackers made use of the situation and sent phishing emails masquerading as official authorities on national initiatives, such as financial aid, where the targets were directed to the hacker’s site to collect their personal data. This led to a third threat which was online identity theft and stealing individuals’ money.
Can you share with us some of the best practices that organizations must follow, in order to address these challenges?
Humans can be both the weakest and strongest link in the cybersecurity landscape. In addition to technical adaptations for this new normal, it is now more important than ever that companies build holistic safety and security knowledge among employees to protect both corporate and personal data. This is the key to organizational cyber assurance.
Organizations also need to provide new technical tools that allow secured connections while working from homes. This needs to be backed up with an upgraded cybersecurity strategy and policies. For multinational organizations, it is imperative that they quickly agree on global policies, keeping in mind the national regulations and differences.
We suggest the adoption of a common, baseline cyber hygiene, which goes back to the fundamentals as guidance for WFH. This is also applicable Small and Medium Sized Enterprises (SMEs) as well.
1) Adopting a strong password policy
- Eight or more characters
- Alpha numeric characters
- Mixture of upper- and lower-case characters
- Special characters
2) Making use of multi-factor authentication for identity management
- For key services, make use of non-SMS second-factor authentication
3) You must have a computer usage policy, no matter how simple it is
4) Keeping your OS and software updated and enable auto-update where possible
5) Make use of SaaS services whenever possible (a cloud-first strategy is recommended). While there is a shared responsibility model for cloud, the provider is responsible for most cybersecurity issues in an SaaS environment.
Biometrics and contactless technologies are beginning to play a major role in the market today. What are some of the trends and emerging opportunities in this area?
Biometrics and contactless technologies are spreading globally, especially that the COVID-19 pandemic has brought these technologies into greater focus as a sustainable approach for contactless authentication.
Many nations have been accelerating the usage of biometrics and contactless technologies due to COVID-19. Contactless menus and payment systems in restaurants and shops is now a commonality that most will consider that as a basic service. Biometrics are also used in border controls at airports. The UAE has launched facial recognition and Iris recognition to replace traditional fingerprint authentication.
I would expect the proliferation of non-invasive technologies in the area of biometrics and contactless to continue, building on the momentum brought about due to the pandemic. Tighter integration with AI at the backend would be required to deliver more innovative solutions to customers.
That said, there might still be security concerns from privacy systems and issues surrounding personal data rights. We at Huawei believe these should not be overlooked, and are committed to creating safe, transparent, and collaborative cybersecurity mitigation programs to ensure we protect any sensitive information.
Can you give an example of good practice with regard to cybersecurity regulations and technology adoption?
The UAE is well poised to become one of the globally trusted hubs, with strong foundations in place like the UAE Cybersecurity Strategy since 2019. Furthermore, the establishment of the UAE Cybersecurity Council has provided the right foundation for the UAE to build up its cybersecurity credentials.
The UAE government correctly made the decision that all technology advancement brought about by Industry 4.0 and deep tech should be deployed with the right strategy, taking the security and privacy-by-design approach, baking these rights into their solutions from day one.
Governments in Europe are also increasingly aware that telecommunications are crucial for economic well-being and recovery, with the ETNO (European Telecommunications Network Operators) association expressing concern to the EU that it was falling behind the US and Asia, and recommending an investment of €300 billion by 2025 in telecommunications. In February, France launched a €20-billion private and public investment package for its fixed networks to be rolled out over the next decade, aiming to spur recovery and enable economic growth.
Most improvements are taking place on a national approach – we believe that a global approach would be more efficacious.
Can you give a current Huawei use case in the field of cybersecurity and technology?
Huawei is a global leader in the ICT field. With that, we recognize that we need to adopt an open, transparent, and collaborative approach in working with all the stakeholders in the ICT ecosystem.
Through inclusive industry development where we work together with our customers, partners, standards organizations, and other industry players, we are able to elevate the ICT industry to the next level. This sharing and collaboration will enable all of us within the ICT community to develop new innovative products, services and capabilities.
Across the Middle East, Huawei is working conscientiously to promote security by offering products that are developed using security-by-design principles, and delivering solutions based on a zero-trust approach. We work closely with local leaders and stakeholders, including institutes of higher learning, in an effort to support capacity building in cybersecurity across all our markets in this region. As a part of our contribution to local talent development, Huawei has committed to training around 10,000 professionals in the UAE in the next three years, helping them to be future-ready.
Huawei solutions for enterprises, such as Huawei Cloud, are designed with security in mind. It has all the necessary cybersecurity and privacy protection international certifications such as ISO 27001, ISO 27017, ISO 27018, CSA STAR Gold, AICPA SOC and PCI DSS globally. Our UAE cloud infrastructure, which we built and hosted locally, is also constructed using these industry-leading solutions.
We believe that security should be built in, not bolted on. By combining cybersecurity, privacy, and data protection, risk, governance and compliance, resiliency, and business continuity together, we wish to be a catalyst for the local ICT ecosystem’s success.
Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.