A different kind of virus

Cyber Security

The cyber security market and COVID-19

Aidan Murphy
Head of Cyber Security PR

Through my time working in comms for cyber security companies and monitoring the news agenda, one trend that has persisted is that every major event in the “real world” has an equal reaction in the cyber security space. Trade wars, elections, and even protests, are reflected in mirror activity taking place online. So too has it been the case for COVID-19.

Coronavirus isn’t the type of virus the security industry is experienced in fighting. However, the societal impacts of COVID-19 quickly brought the issue into the realm of cyber security. All of those years we spent talking about cloud and digital transformation, remote work forces, shadow IT, BYOD, and suddenly the world’s workforce is sent home overnight.

Companies that had been stubbornly holding to their on-premise set up were thrown through the loop, but even the most forward-thinking organisations weren’t ready for their entire workforce to be operating from home. Digital transformation projects usually measured in months or years had to happen yesterday and the cyber security community’s advice on how to secure a remote workforce transformed from prescient to urgent.

As the good guys moved quickly to protect organisations facing a difficult time, the bad guys moved to exploit it. The crisis has led to a spree of campaigns using old tactics with a new COVID-19 twist:

  • Nation state attacks: National cyber defence bodies like the NCSC have been kept busy warning people of how hostile nation states are using offensive cyber techniques as a way of stealing information on COVID outbreaks and cures. Large-scale password spraying attacks are the latest way for nefarious actors to target pharma companies, laboratories and other healthcare organisations
  • Enterprise attacks: Cybercrime gangs have stepped up attempts to breach companies using COVID related phishing emails to social engineer employees
  • Consumer attacks: Threat actors are also using the fear around COVID-19 to trick people into clicking links and emails that steal their money and identities

The cyber security industry had to step up its game again, advising organisations on how to spot and protect their employees from these types of attacks, even as they are working from home.

All the while, the industry has had to find its own way to adapt to the crisis. The beginning of June is typically a very busy time for me and most other security professionals because of Infosecurity Europe. The UK’s most important security event was instead held virtually last week, as was the “Oscars” of the security industry, the SC Awards.

You can only be impressed by the quick transition of these events to digital platforms, along with the countless podcasts, webinars, and panels our clients have been involved in or launched themselves. The cyber security industry is nothing if not adaptable. Although, I never thought I’d miss walking the floors of the Olympia. I also know a number of our SC Award winning clients were sorry to have missed the piss up after party.

It’s the cyber security industry’s adaptability and quickness to respond that has enabled it to become even more relevant. Thankfully, all of this means that this sector is likely to come through the crisis relatively unscathed.

The monumental shift to remote working won’t be reversed after the crisis. At least, not fully. While employees might return to the workplace eventually, IT teams won’t undo the progress in making their infrastructure more flexible, and securing this new reality will be a priority.

As a result, confidence in the market remains high, with a consensus that it will be an area of interest for many investors, with some commentators going so far as to call the industry “recession proof”. Indeed, cybersecurity is being championed as a focus area for recovery, with both the UK Government and European Commission pledging funding packages to spur on the growth of the industry.

There has not been an industry untouched by COVID-19, but the cyber security sector is one that has managed to have a positive impact throughout the crisis and, I hope, will continue to do so through the recovery period we now face.