Guidelines and impact of Covid-19 on cybersecurity: a model for protecting businesses in the digital universe

Abstract

The COVID-19 Pandemic significantly increased the use of information and communication technology as governments, institutions and companies worldwide were obliged to move to a work-from-home model in order to ensure the survivability of their businesses and other operations. This in turn led to a significant increase in cyberattacks due to the larger number of operations that were moved from physical space to cyberspace. The pandemic resulted in the heightened importance and awareness of the need for IT security. Companies learned the hard way during the pandemic that a business could be destroyed by a single cyberattack and that the concept of IT security entailed more than simply hiring an IT manager and fixing a virus guard. This also resulted in much confusion as to the real cost and the level of sophistication that is necessary to safeguard an institution’s IT operations. This paper is intended to provide guidance to IT professionals and entrepreneurs with regard to the practical steps that should be taken to protect one’s business in cyberspace. In particular, it explores fundamentally simple practices such as vulnerability testing, patching and correct configurations, by which as much as 80% of data breaches can be prevented. The paper uses Sri Lanka as a case study and analyses contemporary data published by the Sri Lanka Computer Emergency Response Team.