POST COVID-19 ERA
As published at the Tech Mag Pakistan
CSAP (Cyber Security Alliance Pakistan) organized a Webinar specifically to discuss the Cyber Security challenges faced by organizations these days in the post-COVID19 Era as the Cyber Threats are on a drastic rise.
We invited the industry leaders where they discussed ‘POST COVID-19 ERA – Cyber Security Challenges and Guidance from a Leader’s Perspective’.
The Webinar was moderated by
- Syed Ali Naqvi (Core Council Member at CSAP and Sr. Technical Infosec Officer at Habib Bank Limited),
- Erdal Ozkaya (Regional CISO/MD at Standard Chartered Bank),
- Jorge Sebastiao (CTO at Huawei),
- Ahrar Naqvi (CEO at EBRYX),
- Mirza Asrar Baig (CEO at CTM360 and DMARC360), and finally
- Abdus Saboor (CoFounder CSAP & CEO at IPNEC and Priv0).
You can watch the recording here :
CSAP has a Core Council comprising of Pakistani leaders from around the globe belonging from various industries pertaining to Cyber Security and related emerging technologies. We have local chapters where people can connect with their local communities and be informed of any activities and/or meetups, etc.
As an overview, we have around 340 members overall within 7 regional chapters, special interest groups (within CSAP), and a couple of sectoral committees. Looking at the bigger picture we have gathered the leaders from various industries and regions to collectively form a successful alliance.
CISO Insight
The pandemic did not create new cybersecurity challenges — it accelerated existing ones by five to ten years. Remote work, cloud adoption, digital transformation, and expanded attack surfaces were all trending before 2020. COVID simply removed the luxury of gradual adoption and forced organisations to make in months what they had planned to do in years. The CISOs who adapted fastest were those who already had a cloud-first, identity-centric security architecture. Those still relying on perimeter-based models were caught flat-footed.
The Lasting Security Impact of the Pandemic
Looking back from 2026, the pandemic’s impact on cybersecurity is now clear. The forced shift to remote work permanently changed the security architecture requirements for most organisations. VPN infrastructure that was designed for 10 per cent of the workforce suddenly had to support 100 per cent. Cloud adoption that was planned over 3 to 5 year roadmaps was compressed into weeks. Shadow IT proliferated as employees found their own tools to collaborate when corporate systems could not keep up. And threat actors exploited every aspect of the chaos — from COVID-themed phishing campaigns to attacks on newly deployed remote access infrastructure.
The security lessons from this period remain relevant. First, resilience matters more than prevention. Organisations that had invested in detection, response, and recovery capabilities adapted far more effectively than those with purely preventive postures. Second, cloud-native security architectures proved more adaptable than on-premises models. Third, identity became the new perimeter — when everyone is remote, the only consistent control point is the user’s identity and the device they are using.
Cybersecurity Challenges That Persist Post-Pandemic
Several pandemic-era challenges have become permanent features of the security landscape. Hybrid work is here to stay, requiring security architectures that work equally well in the office, at home, and on the road. The expanded SaaS footprint adopted during remote work is not going back — most organisations now use hundreds of cloud applications, each representing a potential attack surface and data exfiltration path. And the talent shortage, exacerbated by burnout during the pandemic response, continues to constrain security teams globally.
The silver lining is that the pandemic forced investment in security capabilities that many organisations had been deferring. Zero Trust adoption accelerated dramatically. Cloud security spending increased. Board-level awareness of cyber risk reached an all-time high. The organisations that capitalised on this momentum to build genuine security capabilities — rather than simply buying more tools — emerged stronger and more resilient.
Frequently Asked Questions
What were the biggest cybersecurity lessons from the pandemic?
The top lessons were: perimeter-based security is obsolete; identity is the new control plane; cloud-native architectures are more resilient than on-premises models; security teams must be able to operate remotely themselves; and crisis preparedness — including tested incident response plans — is non-negotiable. Organisations that had invested in these areas before the pandemic adapted far more effectively.
Has the cyber threat landscape changed permanently since COVID?
Yes. The expanded attack surface from remote work and cloud adoption is permanent. Phishing and social engineering tactics that exploited pandemic anxiety have evolved into more sophisticated campaigns. Ransomware attacks have intensified, with operators targeting organisations they know are dependent on digital operations. And supply chain attacks have increased as adversaries exploit the complex vendor ecosystems that enable modern digital operations.
Related reading: For building post-pandemic security resilience, visit our Cyber Resilience Hub or explore the Zero Trust Security Hub for implementing identity-centric security architectures.