The rise of COVID-19 around the world has caused businesses to accelerate their digitisation to succeed in the new reality in which they find themselves.
Unfortunately, the cyber threat landscape has adjusted just as quickly, forcing businesses to manage an increased range of potential breach points.
The coronavirus lockdown has forced an abrupt transition to a work-from-home arrangement for many businesses.
The speed of this shift has, in some cases, meant that security measures and requirements have been bypassed to ensure short-term continuity.
However, cybercriminals have not needed to adjust as much – instead they have been presented with a range of new opportunities to access systems via improperly secured connections and technologies.
Malwarebytes recently published a report Enduring from home: COVID-19's impact on business security that highlights how this transition has impacted security, and how organisations can better handle the risks and vulnerabilities of working remotely.
According to the report, over two thirds of organisations have had to shift teams to remote working.
However, 44 per cent said they didn't provide cyber security training focused on the potential threats of working from home, 45 per cent didn't analyse the security or privacy features in the software tools considered necessary for remote working, and 68 per cent did not deploy a new antivirus solution for work-issued devices.
This rapid rollout of remote working has impacted the cyber security defences of many organisations and created a more vulnerable environment.
Historically, consumers have borne the brunt of a lot of cyber security breaches as they have presented a far less secure environment to criminals. As a result, in 2019, nearly 350 million consumers were the victim of cybercrime according to the NortonLifeLock Cyber Safety Insights Report.
In 2020, that has changed.
Consumers are increasingly using their unsecure devices to connect to corporate systems, and unwittingly inviting the criminals in alongside them.
The report found 29 per cent of remote workers are connecting to open/unsecure networks and 40 per cent have knowingly visited websites that may not be secure or downloaded content that may contain malware.
Beyond this, 45 per cent of respondents to Malwarebytes said their biggest concern was that devices may be more exposed at home where employees feel safe, but those devices could be accessed by other people who could accidentally compromise them.
Meanwhile, Deloitte has shown a 131 per cent increase in the number of malware attacks in March 2020 alone.
Countering this increased threat level must be a priority for all businesses with remote workforces going forward.
Organisations need to recognise that mobility of the workforce will not disappear, with companies like Microsoft and Google offering staff the option of on-going remote work.
To enable this change, businesses must recognise the financial savings from office space should be invested into appropriate technology and cyber defence systems.
To counter this rising issue, businesses need to follow some fairly straightforward advice:
- Integrate strong remote security policies into every aspect of employees’ work life. While many large organisations have policies in place, these seldom account for the range of devices that are currently being used to access corporate systems. Unfortunately, smaller companies tend to have even less control.
- Rebuild technology infrastructure to lead with a remote-working model for employees that do not need to be in the office every day. This will benefit employees who need to access company resources in a safe and secure manner that does not expose the company to external parties.
- Educate employees on the threat landscape. Training must be tailored to the needs and responsibilities of individuals, teams and departments. Generic security training can only go so far. Workers are far more likely to pay attention if security advice is specific and relevant.
- Go back and review the software being used across the organisation for potential access points. This step is critical to closing some of the doors that have been opened during the rush to enable employees to work remotely.
- Deploy antivirus solutions that can better handle a remote workforce. This will help counter the threats targeting remote workers, as many are older malware that can be detected by the proper security products.
While we have seen a consistent increase in the demand for cyber security education over the last ten years, 2020 has been the largest influx of new students into the industry in recognition of the ever-increasing importance of this function within businesses.
As the world of work adjusts to this new normal, the role of cyber security will continue to grow in every business, protecting those in the industry as they in turn protect businesses.
Associate Professor Paul Haskell-Dowland is Associate Dean for Computing and Security in the School of Science at Edith Cowan University. He leads the Master of Cyber Security course.