What has changed in the world of work and cybersecurity in the past six months, and how have businesses responded? From research and conversations with people in the companies that have made it through the COVID-19 pandemic, the answer can be summed up in seven words:
Everything changed, and everything stayed the same.
Everything changed because many people were required to work from home on short notice. The proportion of those teleworking went up from 8% pre-pandemic to around 42% in August (including those working from home part-time).
IT departments had to quickly find ways for people to work remotely. Is there an office computer the users can take home? Can they use their own kit? Who gets VPN access? How else are files shared? How can we manage remote devices? What about malware protection? When people are able to work from home, suddenly there are backups, compliance, and so many other things to consider.
One complication of managing security in a corporate network environment became ten, a hundred, or a thousand little problems. Armies of homeworkers were using wifi networks shared with who-knows-who clicking on who-knows-what.
Then came a rise in coronavirus-related malware and phishing attacks. Scammers preyed on fears and desire for news, reassurance, and PPE.
Yet everything stayed the same.
Most businesses were used to having at least some remote workers pre-COVID-19. VPNs, Microsoft 365, and G Suite all existed before, as did malware and phishing emails. Video conferencing has been demanded by users ever since they first considered how lovely it would be to work in their pajamas. For many IT departments, it was just a matter of scaling up existing technologies and dusting off the BYOD policy.
Yes, the cyber threat grew, especially from phishing and other scams, but very much in line with people’s click-worthy concerns. A recent article from Microsoft details how COVID-19 scams rose and fell with the pandemic-related news cycle in different countries. After all, it had been quite a year for big news stories, and the pandemic was only a part.
But while the methodology of the attacker didn’t change, the attack surfaces themselves did change in size and scope.
The office VPN is not just a route for the homeworker. Another member of the household or a piece of insecure IoT could download malware that is able to tunnel through the homeworker’s computer into the corporate network.
RDP attacks are also on the rise. The Remote Desktop Protocol might be being used for remote management, or may not have been disabled before computers left the office. This is a well-known exploit route, a new vulnerability that was discovered just last year.
Then, of course, there is the ever-present danger of "Shadow IT." It was always there--the employees finding new and interesting ways to "make life easier" for themselves; i.e., sharing confidential data on random file-sharing sites because the VPN is so slow; installing TeamViewer because that is the software the prospective client wants us to use; using the same username and password to download software that they use to log on to their computer. It was happening before and it’s happening now.
So what are the people in charge of IT Security supposed to do six months hence? Here are a few things to do right now:
Companies that have gotten this far without a serious security breach are fortunate, but consider that there may be an attack taking place that has simply gone unnoticed so far. Yes, nothing has changed, but everything really has changed, and if companies haven't changed along the way then their networks and data are at risk.
Speak to the right experts about a cybersecurity assessment and get some peace of mind.
We would like to thank Kevin Gorsline for providing insight and expertise that greatly assisted this research.
Kevin Gorsline is a Managing Director in J.S. Held's Global Investigations Practice who joined following J.S. Held's acquisition of TBG Security. For several years, Kevin served as the Chief Operating Officer and head of the Risk and Compliance practice at TBG Security, where he was responsible for providing the leadership, management, and vision necessary to ensure that the company had the proper operational controls, administrative and reporting procedures, and people systems in place to effectively grow the organization and to ensure financial strength and operating efficiency. His experience and leadership throughout his career have been focused on developing and delivering information security services and solutions, providing outstanding client service, and driving profitable revenue growth. Kevin brings established proficiency as an IT leader with extensive experience in risk and compliance services, applications development, and implementation projects both in the United States and abroad.
Kevin can be reached at [email protected] or +1 843 890 8596.
Cybercriminals increase their attacks during tax season. This article outlines steps taxpayers can take to protect their identity and data....
In Part II of addressing cyber claims challenges, we identify gaps in coverage and quick fixes for a smoother claims process....
A Virtual Chief Information Security Officer (vCISO) can be a cost-effective solution to AI cyberattacks....