In the early weeks of 2020, the Cybersecurity and Infrastructure Security Agency (CISA) published its first official guidance – a warning to US-based organizations to assess the ramifications and potential threat of a cyber-attack on their businesses following heightened tensions with the Iranian government. The advisory raised concerns about geopolitical tensions, the possibility of destructive cyber operations, cyber-enabled espionage and disinformation campaigns. CISA’s warning served as a stark reminder of the outsider threats that could impact an organization for purely geopolitical reasons. Without proper cybersecurity programs in place, all organizations are exposed.
A few months later, the COVID-19 pandemic quickly overshadowed CISA’s warning. As the virus gained speed in the US, cybersecurity teams quickly shifted their focus from geopolitical concerns to a global health crisis, needing to make adjustments on a dime. This included moving essential applications to the cloud for easy access by now remote workers and establishing stronger security controls to accommodate this dynamic.
Both events highlight the increasing cybersecurity risks in today’s…
