About a month ago, I wrote a blog about how COVID-19 was driving rapid and dynamic changes for CISOs. I followed this up with a second blog, detailing a number of subsequent cybersecurity phases CISOs are now pursuing to assess and mitigate COVID-19-based cyber risks.
Both blogs describe some fundamental problems. Corporate cybersecurity now extends to home networks filled with insecure IP devices with little or no security protection whatsoever. Meanwhile, hackers are exploiting societal malaise with online scams, rogue websites, and phishing campaigns preying upon COVID-19 paranoia. A recent article in the Washington Post described research from Palo Alto Networks identifying more than 2,000 malicious COVID-19 web domains and another 40,000 it classifies as “high risk.”