The Covid-19 pandemic shook businesses all over the world, unleashing massive disruption on the global economy. Trying to develop responses to the crisis almost overnight, many businesses were left exposed and vulnerable in terms of application security, and cybercriminals began to up their game with the massive increase of people working from home. According to a recent survey by Barracuda, 72% of organizations suffered at least one breach from an application vulnerability.
Risk management and security teams need to be more vigilant than ever. Industries have been impacted in a number of different ways.
The Importance of AppSec
Open-source vulnerabilities within applications are very pervasive, with consumers often assuming that web application security is highly secure (especially those of banking and other sensitive types,), but this is far from a certainty. According to the CyRC, vulnerable apps have on average as many as 39 vulnerabilities, with more than 3000 unique vulnerabilities being identified as appearing over 82,000 times. Application security during Covid-19 has thus become an even greater priority.
Information leakage takes place when developers accidentally leave personal details or sensitive information behind in application source codes, and in the wrong hands, this data can assist hackers in gaining access to systems and potentially wreaking havoc.
Too Many Mobile Permissions
There is no set limit to the number of permissions that an application may require in order to function correctly, but it should never go beyond the absolutely necessary. Many apps feature far more permission requirements that are needed, from between 11 to as many as 56, some of which can be potentially dangerous, and is particularly shocking when there is no reason to have this level of access to the device of users.
Remote Working and Learning Risks
Many companies have allowed employees to work from home and many students now attend virtual classes as a result of the pandemic, making virtual private network servers vital.
There are fears that the lack of preparedness on the part of an organization can leave sensitive information exposed on the internet, while also leaving devices vulnerable to cyberattacks. Users that also make use of their home PCs/mobiles for more official duties may be inadvertently risking the security of their organization, making it important that employees be warned against using their personal computers for any official purpose.
Delays in Detecting and Responding to Cyber Attacks
The way in which security teams can function was adversely affected by the pandemic, which increased the difficulty of detecting malicious activities. Because those security teams were often offsite, this made it much more challenging to update systems and implement security patches.
As a result, organizations have been forced into studying their security defenses and then decide as to whether they need to co-source with external consultants in any areas with known major risks.
The home environment may come with an inconsistent power supply and internet connectivity, which often leads employees to work from a public space such as the home of a friend or even a cafe. The problem with this solution is that it could potentially expose endpoints and the often confidential data they are holding.
There needs to be checks performed on those attending classes or working from public spaces and it is a good idea for companies to leverage technology in order to ensure private information remains secure on such devices if they are damaged or stolen.
Businesses Now Including Pandemic in Plans
The impact of a prolonged epidemic was never a factor in the “Business Continuity Plans” of most large organizations, but those plans are now being rewritten in order to take into account events that can have an impact on global supply chains. There are also revised risk assessments being carried out to make sure that business processes remain sustainable and will receive minimal disruption should another such global catastrophe take place.
The global economy was nearly brought down by the pandemic and still caused a great deal of strain. Many countries have seen their economies contact as the recession begins to bite, and a great many companies have had to downsize.
This downsizing has extended to non-critical business lines, which some companies have included cybersecurity operations as being. However, this short-term plan can increase cyber-attacks, making it crucial for organizations to instead update their “Business Continuity Plans” and their policies and practices regarding remote working to also make cybersecurity a priority in the post-COVID world.
Organizations primarily focused on employee health and business continuity when the pandemic began, but the way forward now needs to include an increasing focus on AppSec to ensure uninterrupted security as well as operations, resilience, and the fixing of bugs. Indusface offers an AppSec program that can handle all types of web application security, making it a vital partner for all organizations in the post-pandemic age.