4 Ways COVID Made Cybersecurity Better (and Worse) – and What We Should Do Next

Five years ago this month, COVID-19 forced us all online like never before, causing a seismic shift in how businesses, employees, and individuals share and – most important – protect their sensitive data. Our lives…work lives, home lives, digital lives…haven’t been the same since.

Many aspects of pandemic living – the bread-baking, the mask-wearing, the obsessing over Tiger King – are in the very distant rearview. But the changes to cybersecurity are still with us. These changes ushered in both groundbreaking advancements and some alarming vulnerabilities that will remain part of the way we conduct business for decades to come.

Here at Focal Point, we’re marking the five-year anniversary by reflecting on the changes to cybersecurity, digging into four areas that have seen significant transformation since the pandemic. For each, we explore what’s working, what isn’t, and how businesses can ensure a safer digital future. We also throw in suggested additional reading (or listening), for those who want to deep-dive further.

Related solution: Mitigate your exposure by locating and managing sensitive data across all your devices at scale and in real time.

1. Data loss management

How it’s better: Forced remote work during COVID-19 caused organizations to accelerate efforts to manage, protect, and monitor their sensitive data. Data loss prevention (DLP) software became a major focus, and many businesses finally got serious about educating employees more aggressively (and creatively) about risks like phishing and accidental exposure.

The way that people have historically viewed cybersecurity is that it is a technical problem — there’s something wrong with a widget in the system. It’s something much larger.

The pandemic also ramped up the rollout of security tools, like multifactor authentication (MFA), and concepts like zero trust. (A Forrester report from October 2020 found that nearly 40% of IT decision-makers had initiated a zero trust pilot that year; last year, per Gartner, 63% of orgs had fully or partially implemented a zero trust strategy.)

“The way that people have historically viewed cybersecurity is that it is a technical problem — there’s something wrong with a widget in the system,” Larry Clinton, president of the Internet Security Alliance, a Washington, D.C., trade organization, told us back in 2021. Companies now understand, he explained, that “it’s something much larger. It’s an enterprise-wide risk management issue.”

How it’s worse: The sheer increase in digital traffic created bottlenecks and opened new doors for sophisticated attacks, including ransomware targeting overloaded networks. Plus, work-from-home and the diminishing of centralized office networks meant the devices workers used multiplied… and multiplied, often without proper encryption or oversight.

What’s next: We need to build on the improvements in data handling, such as more investment in endpoint management tools, and companywide training on phishing protocols, newer forms of vishing, and AI-fueled deepfakes (which spiked in 2024 and show no signs of letting up). The importance of such training is obvious; how to get employees to actually pay attention to such training, less so.

We recently spoke with “privacy evangelist” Ken Fishkin, a security leader who saw employees at his law firm increasingly falling prey to recent scams linked to software apps like DocuSign and DropBox. It was clear his video training just wasn’t getting through to them. Here’s how he fixed that.

[Read also: CISO success story – the best cure for boring cybersecurity training]

2. AI and automation

How it’s better: The need for swift action during COVID-19 turbocharged the adoption of AI-enhanced cybersecurity tools. In addition, automation has reduced response time against cyberattacks, and systems can process large datasets to detect vulnerabilities in real time.

“Real time” is one of those buzzy phrases that gets bandied about in the security world but can mean vastly different things – seconds, minutes, or even longer. Pre-pandemic, too many orgs were settling for “even longer.”

That’s huge, especially given that “real time” is one of those buzzy phrases that gets bandied about in the security world but can mean vastly different things – seconds, minutes, or even longer – depending on the tool or solution you’re looking at. Pre-pandemic, too many orgs were settling for “even longer,” relying on periodic scans with built-in lag times, which meant even the best threat detection teams were always playing catch-up.

Today’s AI and automation advances provide speed, plus granular metrics and industry benchmarks (always good to know how you size up against your competition, especially in security) and expert, actionable incident response playbook recommendations. And the development of autonomous endpoint management promises a next-gen advantage in endpoint management, enhanced incident response, and regulatory compliance.

How it’s worse: Unfortunately, cybercriminals have also benefited. AI-powered tools are now being used to create all forms of disinformation, including more-convincing phishing scams and eerily realistic deepfakes, to bypass traditional cybersecurity measures. This arms race between defenders and attackers keeps escalating, driving up costs.

What’s next: Businesses need to lean in to AI but remain vigilant against its misuse. That means staying on top of developments (such as the way AI enhances anomaly detection and decreases alert fatigue), recalibrating leadership priorities for CISOs, and understanding the unsettling realities of how and why employees embrace “shadow AI.”

Regular model training with new threat data and creating ethical AI frameworks is crucial. Collaboration between tech developers, governments, and enterprises will be essential to ensure AI’s benefits outweigh its risks.

[Read also: What is autonomous endpoint management? The new innovation in network security]

3. Asset visibility

How it’s better: Asset visibility became mission-critical as remote work introduced countless new endpoints, from personal laptops and tablets to IoT devices in home offices. Organizations began deploying advanced endpoint-detection solutions to keep track of their expanding ecosystems.

Knowing what’s on your network is the first step for any organization to reduce risk.

“Knowing what’s on your network is the first step for any organization to reduce risk,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, when CISA issued a binding operational directive mandating that federal agencies perform automated asset discovery every week, starting in the spring of 2023. Though it applied only to federal civilian agencies, Easterly urged all enterprises to follow the directive “to gain a complete understanding of vulnerabilities that may exist on their networks.”

How it’s worse: Remote work blurred the boundary between personal and professional devices. Many employees bypassed IT protocols, prioritizing convenience over security – the reasons why workers break cybersecurity rules may surprise you – and home Wi-Fi networks rarely matched corporate security standards. The result: Major visibility gaps still exist. Many companies underestimated the complexity of monitoring this vast web of devices, leaving blind spots for attackers to exploit. Shadow IT (unapproved tools and systems) flourished during the pandemic.

What’s next: Organizations must continue investing in comprehensive asset-management tools and conduct routine audits to minimize blind spots. Employees, too, need better awareness of the risks posed by unvetted software.

For smaller enterprises and those with limited funds, software inventory management tools can provide detailed insights and tracking of software usage, compliance, and performance metrics, all at a fraction of the cost of (effective but, for some, prohibitively priced) IT asset management solutions. And in a fraction of the time, compared to lengthy, redundant manual processes that are vulnerable to errors.

[Read also: What is software inventory management? Top benefits and features]

4. Proactive threat hunting

How it’s better: Following the lead of the U.S. government, which began testing a new proactive “Defend Forward” approach to cybersecurity in 2018 and enshrined it under President Biden as our national cybersecurity strategy in 2023, businesses are now adopting more proactive stances against cyber threats. COVID-19 pushed many toward continuous threat-hunting programs rather than relying on reactive responses. Teams are growing more agile, addressing gaps before malicious actors can exploit them.

Nearly half (45%) update their threat-hunting methodologies as needed, up from 35% in 2024, according to the just-released 2025 SANS Threat Hunting Survey. And fewer orgs are fully outsourcing the job (just 30%, compared to 37% last year).

How it’s worse: Threat-hunting requires resources and skilled personnel. During the pandemic, many businesses lacked the funding or staff bandwidth to implement robust systems effectively. Smaller organizations fell behind, becoming easy targets. That pattern continues today, with 61% of enterprises citing skilled staffing shortages as a major obstacle to threat-hunting success.

What’s next: Automation tools can level the playing field for businesses with limited resources. Cross-industry collaboration and information sharing about emerging threats will empower smaller enterprises while keeping attackers on the defensive.

Diverse squads are also key, explains Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy, in an exclusive interview on our companion podcast, Let’s Converge. “The number one thing that you bring in security and threat intelligence is your opinion, your point of view, and your intuition,” she explained. “Because your intuition is colored by all of your experiences, all of your skills, all the things you’ve seen.”

That’s good news for smaller outfits looking to develop more-robust threat intel teams but might not be flush with experienced threat hunters per se. DeGrippo shared her insights on how to build up an effective threat-hunting squad and her strategies on making threat intel actionable.

[Listen in: Ep. 14 – How to lead a threat intelligence team with Microsoft’s Sherrod DeGrippo]

What COVID has taught us about cybersecurity

The lessons from COVID-19 are hard-earned but invaluable for the road ahead. The pandemic has shown us how adaptable cybersecurity professionals can be when faced with extraordinary circumstances. It also revealed the weakest links that sophisticated attackers are eager to exploit.

Businesses and organizations need to focus on two key strategies for the future:

Double down on wins:

• Enhance employee education on phishing and cyber hygiene. Awareness programs must evolve alongside the sophistication of new threats.
• Invest in AI-driven detection tools while ensuring they’re frequently updated and ethically managed.
• Build holistic endpoint management tools that incorporate IoT devices.

Course-correct on vulnerabilities:

• Prioritize robust remote work policies that balance security protocols with employee flexibility.
• Address visibility gaps by thoroughly vetting asset management platforms.
• Allocate more resources toward proactive threat-hunting teams, whether in-house or outsourced.

Five years on, the COVID-19 pandemic has shown us both the potential and the fragility of cybersecurity. The question remains: Are we better off today than we were in 2020?

The knee-jerk answer might be yes, given the ever-evolving nature of AI and the sexy new autonomous tools that hold such tremendous potential. But the real answer lies in how we move forward. By learning from both progress and pitfalls, we can work together to build a safer, more resilient digital world.