May 14, 2020 by Siobhan Climer and Mishaal Khan
A recent Barracuda report found that almost half of all companies have experienced at least one cybersecurity incident during the Covid-19 lockdown. There are a number of factors leading to these numbers:
- Rapid remote deployments
- Reliance on digital communications
- Disruption to security processes
- Different risks in remote environments
- Shift to cloud-based infrastructures
In addition, 49% of companies fully expect to be the victim of a data breach in the next month of remote work. While that may at first sound discouraging, cybersecurity experts might take comfort in learning companies are accepting the current reality and facing it head-on.
Swift Transition Increases Risk
It surprises few to learn that cybersecurity is often an after-thought. Cyber criminals use this psychological trick to con victims with phishing all the time. When a task is pressing or urgent, individuals are more likely to take action outside of documented or tested processes.
Certainly, deploying a remote environment during the outbreak of the coronavirus was an urgent matter. IT departments had no choice. The consequence, however, is that IT teams are left patching and (hopefully) catching vulnerabilities before they are exploited.
As Barracuda’s CTO Fleming Shi writes, “Inevitably, the switch to a complete remote working model in such a short space of time brought with it a myriad of security challenges, particularly with many employees using personal devices to exchange and share data.”
Digital Replaces Face-To-Face
The rise of CEO fraud as a phishing tactic over the last year came with a fair share of advice. One major suggestion? Drop by the CEO’s desk to confirm their request.
That’s not possible for the third of U.S. employees currently working remote. This simple disruption to a cybersecurity practice is just one example of how remote work deployments impact cybersecurity practices. While solvable (drop a video chat link, chat message, or phone call), simple disruptions of this nature are a key gap criminals seek to exploit.
Different Risks With Remote
50% of respondents in the survey reported allowing employees to use personal email accounts and devices to complete work activity. Securing that volume of endpoints is an excruciating task without the tools. For many companies, they don’t even know how many devices users are using.
While most employees are likely not subject to espionage within their own homes, the risk of others learning confidential information or gathering intellectual property increases. 51% of respondents in the survey report that employees are not trained in remote cybersecurity best practices.
The reality is that even after lockdown is lifted, many companies will likely continue supporting remote work. 56% of companies in the continue plan to continue widespread remote offerings. In fact, Twitter CEO Jack Dorsey announced on May 13th that, with the exception of a few critical roles, the company’s employees will be able to continue working from home “forever”.
How To Protect Your Business From Cybersecurity Attacks During Covid-19 – And Beyond
Whether your CEO is chomping at the bit to get everyone back on-site or is contemplating a Dorsey-esque announcement, securing your organization against the most likely threats in a remote deployment will only become more essential. As businesses shift more of their infrastructure to the cloud, the perimeter will continue to disintegrate.
To best protect your organization during this time, make sure you have:
Visibility: “You don’t know what you don’t know.” How many personal devices are users using? How are home networks secured? What applications are users using? Use a tool that gives you insight into the questions.
Monitoring: Once you know what you have, you need to be able to automate monitoring. Tools that automate alerts and use machine learning to track and predict network behavior are vital.
Security Partner: No one can do it alone. Working with cybersecurity experts means you have hackers and pentesters on your side.
Want to learn more about how Mindsight can partner with you? Contact us today.
Like what you read?
Contact us today to discuss cybersecurity attacks during Covid-19.
Mindsight is industry recognized for delivering secure IT solutions and thought leadership that address your infrastructure and communications needs. Our engineers are expert level only – and they’re known as the most respected and valued engineering team based in Chicago, serving emerging to enterprise organizations around the globe. That’s why clients trust Mindsight as an extension of their IT team.
Visit us at http://www.gomindsight.com.
About The Authors
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.
Siobhan Climer writes about technology trends in education, healthcare, and business. With over a decade of experience communicating complex concepts around everything from cybersecurity to neuroscience, Siobhan is an expert at breaking down technical and scientific principles so that everyone takes away valuable insights. When she’s not writing tech, she’s reading and writing fantasy, hiking, and exploring the world with her twin daughters. Find her on twitter @techtalksio.
Strengthen Your Security Posture: Start With A Cybersecurity Framework