Home > Risks Management and Insurance Magazine > Articles > Cybersecurity lessons we’ve earned since the pandemic

cyberp

Cybersecurity lessons we’ve earned since the pandemic

Lockdowns and movement restrictions experienced during the pandemic marked a turning point in the digital transformation of economies, forcing companies and institutions to adapt to an unprecedented technological scenario. Remote working, virtual meetings and online processes were just some of the factors that drastically changed the way public and private organizations operate. This great transformation also posed a huge challenge: overcoming the critical vulnerabilities that were incorporated into cybersecurity strategies. Víctor Villagrá, director of the University Master’s in Cybersecurity at Madrid’s Polytechnic University, discusses how companies faced these challenges and how the pandemic accelerated the evolution of cybersecurity around the world.

 

The first challenges of the pandemic

The necessary implementation of remote working was, overnight, a fortuitous challenge that organizations had to face. Neither users nor devices were really prepared for this new scenario. “Most companies didn’t have business continuity plans or recovery strategies in place to deal with these types of incidents,” says Villagrá, who reminds us that, just five years ago, cybersecurity went from a secondary priority to an urgent need. “Many companies were caught totally unprepared and had to react in real time, redefining their strategies on the fly and adapting their infrastructures.”

The gaps in the technological infrastructure and the lack of suitable devices for employees opened new doors for cybercriminals. Unprotected terminals, exposed connections and the lack of security protocols became possible entry points for attackers.

 

Users: the weakest link in the virtual chain

Although technological advances have strengthened device protection, the human factor continues to be the greatest risk in process digitalization. During lockdown, it was due to excessive and sudden use, while today it’s due to the volume of transactions. “User vulnerabilities are very dangerous and easy to exploit for attackers. During the pandemic, with teleworking, employees were more likely to be victims of phishing, which enabled cybercriminals to access sensitive information,” the expert stated. The lack of a controlled, authorized, official, environment facilitated the criminals in their task as they were able to take advantage of general confusion and ignorance to carry out attacks directly in people’s homes.

According to Villagrá, employee education and awareness are key to mitigating these dangers. “It’s essential that employees receive ongoing training in cybersecurity. Large companies have made significant efforts to raise awareness among their workers, but this isn’t happening to the same degree in small and medium-sized enterprises,” he said. Without an adequate focus on education and awareness, companies remain vulnerable to the simplest, but equally effective, threats of attackers.

 

The opportunity as part of the shared challenge

The context of this imposed and urgent technological transition also encouraged innovation in many aspects. Villagrá stresses that collaborative work tools, such as virtual meeting centers or project management applications, experienced exponential growth. “Collaborative platforms have become an essential part of day-to-day work, and remote working is here to stay,” the expert stated. This rapid adoption of new technologies brought with it challenges in terms of cybersecurity, but it also allowed organizations to keep the lights on during the pandemic and mitigate its negative impact.

As far as security technologies go, Villagrá indicated that, although no new tools have been generated as such, there has been significant consolidation in their implementation. “Cybersecurity strategies and business continuity procedures are now on much more solid ground than five years ago. Today, organizations are more committed to cybersecurity, and many have integrated these practices into their operational playbooks,” he asserted. The pandemic forced companies to rethink their focus on protecting their data and systems, promoting the adoption of policies and technologies that were previously in the early stages.

 

New challenges and lessons learned

The future of cybersecurity, according to Villagrá, is definitely a future where artificial intelligence (AI) will play a fundamental role. “AI is already being used by both attackers and organizations to improve their detection and defense capabilities,” he explains. In this context, cybercriminals use it to develop more sophisticated attacks, employing techniques like deepfakes to imitate people’s voices or faces to defraud individuals or organizations.

AI can also serve as a key tool in identifying patterns and suspicious behavior in real time. “The use of AI to detect and respond to threats will be increasingly important in the coming years,” says Villagrá. Automating defense processes will also improve organizations’ ability to respond quickly to incidents.

Cybersecurity shouldn’t be considered in isolation – it should be incorporated into a global risk management strategy. When the pandemic shifted a huge part of global economic activity to inside employees’ homes five years ago, the importance of having well-defined contingency plans and recovery strategies was highlighted. “Everyone is now aware that incidents can occur at any time, and it’s essential to have a response plan in place for any type of catastrophe, whether it be a cyber attack or any other unforeseen event,” concludes Villagrá.

 

Article collaborators:

Victor Villagrá

 

Víctor Villagrá is a University Professor, Head of Studies at ETSIT-UPM and Director of the Master’s in Cybersecurity at UPM. He is an expert in network and service management and security and information theory. He has participated in and managed different European and national research projects in these areas, as well as specific contracts with various companies. He has more than 100 scientific publications in this area to his credit.

donwload pdf
Evolution of Risk Management in the Timber Industry

Evolution of Risk Management in the Timber Industry

In recent decades, risk management in factories has undergone significant evolution. This time, we focus on the timber industry. The transformation of Risk Management in the wood sector has enabled the integration of risk perspectives across all areas of management,...

read more
Ammonia: an immediate solution to naval decarbonization

Ammonia: an immediate solution to naval decarbonization

Ammonia, traditionally used in agriculture and industry, currently has very important potential as naval fuel. In this article we analyze the challenges facing technological adaptation and its role in decarbonizing the maritime sector. We are grateful to José Ramón...

read more
Diary of an engineer. Timber factory visit

Diary of an engineer. Timber factory visit

The MAPFRE Global Risks Engineering assessment is characterized by its highly qualified professionals and the level of its recommendations and requirements consistent over time. It’s a demanding audit that the client really values. We at the MAPFRE Global Risks...

read more