Bad actors are constantly trying to attack companies by hacking into their systems. The increase in remote working has increased those attempts.
I recently wrote an IdeaXchange blog on why cybersecurity needed to be a year-round priority for businesses of all kinds and all sizes. The advent of the COVID-19 pandemic has added an additional challenge since so many companies now have a large number of their employees working from home…sometimes on company devices, sometimes on the employee’s own device. I was curious as to how this was impacting the amount of cyberattacks that were being found.
What I found was that from the beginning of the crisis, companies were seeing a marked increase in attacks. As early as March of this year, soon after we began to learn of the severity of the virus, CNBC published an article that noted that “More than one-third of senior technology executives surveyed by CNBC say that cybersecurity risks have increased as a majority of their employees work from home.” The title of that article, Phishing scams, spam spike as hackers use coronavirus to prey on remote workers, stressed IT systems says it all.
A CPO Magazine article cited a study from Keeper Security and the Ponemon Institute that probes how businesses are affected. The study surveyed over 2,200 IT and information security personnel in the U.S., Europe, Australia, and New Zealand. It only surveyed companies that had employees working remotely because of the pandemic. The increase in remote working for these companies had risen to 58 percent instead of the 22 percent it had been pre-COVID.
Many companies just weren’t ready, but there are things you can do.
The findings are striking, Companies that had once had confidence in their ability to defend against cyber threats saw that confidence shrink, form 71 percent at the beginning of 2020 down to 44 percent as the disease progressed. Other findings:
- 60% of respondents have already experienced cyberattacks during the pandemic
- Credential theft (56%) and phishing (48%) are the most common
- $2.4 million was the average cost to deal with an incident
- Only 45% of those IT teams surveyed said they had the adequate budget to defend against these increased risks.
What makes this even more concerning is the fact that, having realized the advantages companies and employees may gain from a remote workforce, this issue of cybersecurity for remote workers is turning into a long-term, not short-term, problem. Among the suggestions the study has for companies going forward are:
- Requiring multifactor authentication of all remote workers
- Implementation of a remote access security policy to keep devices updates
- Making periodic password changes mandatory
- Having an open line from employees to the company’s help desk or security team
- A significant and ongoing increase in training for all remote workers, including phishing recognition training
It’s important to remember that hackers will take advantage of any opportunity to attack and they often know just how to get into the system, often through the unwitting help of an employee. Security Magazine noted in an article earlier this year that “hackers quickly used the pandemic and related anxiety to lure people into phishing schemes and malware attacks, posing as emails and links to the CDC or World Health Organization (WHO).
Training may be one of your most effective weapons in this ongoing cybercrime spree. Communication from IT management is increasing important with lists of the many ways hackers are attempting to gain access. Unfortunately, this is a problem that is not going away so make sure that your company has the proper protocols, best practices, and training in effect.
Read my IdeaXchange article for more information on what your company should do.