Insights

How the Pandemic Changed Everything and Nothing

J.S. Held Strengthens Family Law Practice with Asset Acquisition of Luttrell Wegis

Read More close Created with Sketch.
Home·Insights·Articles

What has changed in the world of work and cybersecurity in the past six months, and how have businesses responded? From research and conversations with people in the companies that have made it through the COVID-19 pandemic, the answer can be summed up in seven words:

Everything changed, and everything stayed the same.

Everything changed because many people were required to work from home on short notice. The proportion of those teleworking went up from 8% pre-pandemic to around 42% in August (including those working from home part-time).

IT departments had to quickly find ways for people to work remotely. Is there an office computer the users can take home? Can they use their own kit? Who gets VPN access? How else are files shared? How can we manage remote devices? What about malware protection? When people are able to work from home, suddenly there are backups, compliance, and so many other things to consider.

One complication of managing security in a corporate network environment became ten, a hundred, or a thousand little problems. Armies of homeworkers were using wifi networks shared with who-knows-who clicking on who-knows-what.

Then came a rise in coronavirus-related malware and phishing attacks. Scammers preyed on fears and desire for news, reassurance, and PPE.

Yet everything stayed the same.

Most businesses were used to having at least some remote workers pre-COVID-19. VPNs, Microsoft 365, and G Suite all existed before, as did malware and phishing emails. Video conferencing has been demanded by users ever since they first considered how lovely it would be to work in their pajamas. For many IT departments, it was just a matter of scaling up existing technologies and dusting off the BYOD policy.

Yes, the cyber threat grew, especially from phishing and other scams, but very much in line with people’s click-worthy concerns. A recent article from Microsoft details how COVID-19 scams rose and fell with the pandemic-related news cycle in different countries. After all, it had been quite a year for big news stories, and the pandemic was only a part.

But while the methodology of the attacker didn’t change, the attack surfaces themselves did change in size and scope.

The office VPN is not just a route for the homeworker. Another member of the household or a piece of insecure IoT could download malware that is able to tunnel through the homeworker’s computer into the corporate network.

RDP attacks are also on the rise. The Remote Desktop Protocol might be being used for remote management, or may not have been disabled before computers left the office. This is a well-known exploit route, a new vulnerability that was discovered just last year.

Then, of course, there is the ever-present danger of "Shadow IT." It was always there--the employees finding new and interesting ways to "make life easier" for themselves; i.e., sharing confidential data on random file-sharing sites because the VPN is so slow; installing TeamViewer because that is the software the prospective client wants us to use; using the same username and password to download software that they use to log on to their computer. It was happening before and it’s happening now.

So what are the people in charge of IT Security supposed to do six months hence? Here are a few things to do right now:

  • Reassess the threat landscape. Every homeworker’s computer is vulnerable in a way that they weren’t before. Through the VPN companies' internal networks are now connected to all these home networks and everything malware-afflicted thing on them.
  • Review user access. In every way possible, reduce the possibility of a remote worker spreading malware. Least privilege access might have to mean even less than before. And with so many people sadly laid off, is every piece of kit accounted for, and their user access, and all their accounts with online services?
  • Increase your ransomware protection. Not just the detection software, but backup and restore procedures still need testing and improvement.
  • Go over every decision made in a hurry. Some of those quick fixes to get people working from home in a hurry might have turned into long-term risky solutions by accident.
  • Get a cybersecurity assessment. Picking up a vulnerability before it’s exploited is invaluable.

Companies that have gotten this far without a serious security breach are fortunate, but consider that there may be an attack taking place that has simply gone unnoticed so far. Yes, nothing has changed, but everything really has changed, and if companies haven't changed along the way then their networks and data are at risk.

Speak to the right experts about a cybersecurity assessment and get some peace of mind.

Acknowledgments

We would like to thank Kevin Gorsline for providing insight and expertise that greatly assisted this research.

Kevin Gorsline is a Managing Director in J.S. Held's Global Investigations Practice who joined following J.S. Held's acquisition of TBG Security. For several years, Kevin served as the Chief Operating Officer and head of the Risk and Compliance practice at TBG Security, where he was responsible for providing the leadership, management, and vision necessary to ensure that the company had the proper operational controls, administrative and reporting procedures, and people systems in place to effectively grow the organization and to ensure financial strength and operating efficiency. His experience and leadership throughout his career have been focused on developing and delivering information security services and solutions, providing outstanding client service, and driving profitable revenue growth. Kevin brings established proficiency as an IT leader with extensive experience in risk and compliance services, applications development, and implementation projects both in the United States and abroad.

Kevin can be reached at [email protected] or +1 843 890 8596.

Find your expert.

This publication is for educational and general information purposes only. It may contain errors and is provided as is. It is not intended as specific advice, legal, or otherwise. Opinions and views are not necessarily those of J.S. Held or its affiliates and it should not be presumed that J.S. Held subscribes to any particular method, interpretation, or analysis merely because it appears in this publication. We disclaim any representation and/or warranty regarding the accuracy, timeliness, quality, or applicability of any of the contents. You should not act, or fail to act, in reliance on this publication and we disclaim all liability in respect to such actions or failure to act. We assume no responsibility for information contained in this publication and disclaim all liability and damages in respect to such information. This publication is not a substitute for competent legal advice. The content herein may be updated or otherwise modified without notice.

You May Also Be Interested In
Perspectives

How to Defend Against Identity Theft This Tax Season

Cybercriminals increase their attacks during tax season. This article outlines steps taxpayers can take to protect their identity and data....

Perspectives

Strategies to Avoid Cyber Insurance Claim Challenges: Part II

In Part II of addressing cyber claims challenges, we identify gaps in coverage and quick fixes for a smoother claims process....

Perspectives

Benefits of a Virtual Chief Information Security Officer (vCISO) in the Age of AI-Driven Cyberattacks

A Virtual Chief Information Security Officer (vCISO) can be a cost-effective solution to AI cyberattacks....

 
INDUSTRY INSIGHTS
Keep up with the latest research and announcements from our team.
Our Experts