The Pandemic Has Exposed Corporate Security Risks
Covid-19 has whipped up a storm, the likes of which the world hasn’t seen in a very long time. In the last few months social distancing and quarantined living have become the new norm. Every aspect of our lives has turned upside down – including our working style and environment. Let’s take a look why Remote Working During The Pandemic Has Exposed Corporate Security Risks.
In order to curtail and prevent the spread of Covid-19 or the Wuhan virus, and to ensure business continuity, corporations and businesses actively advocated work from home for employees. Thank God for Skype, Xoom, office supplies stores, and the internet!
A large majority of corporations, however, were not prepared for the kind of security risks work from home could pose. Incidence of cyber threats saw a surge, severely threatening corporate security. Hackers aggressively launched campaigns targeting employees working from home with the aim of gaining access to corporate networks.
Furthermore, the use of collaboration tools such as Zoom, WebEx, Slack, and Microsoft Teams over unmanaged devices has only made work from home employees and corporations more vulnerable to cyber-attacks.
Why Corporate Security is at Risk?
Businesses and corporates have had to compromise in some way or the other with their security in order to enable work from home for employees. Unmanaged private end devices such as laptops, smartphones and tablets are not secured via corporate network and security standards. In addition, the lack of on-site IT professionals to effectively monitor traffic and track suspicious activity have collectively increased the security vulnerabilities of corporates and businesses.
In fact, in the first quarter itself, there was an increase of 273% in large-scale data breaches compared to data-breaches reported during the same time period last year.
Common forms of attacks include destructive ransomware attacks and island hopping.
In a ransomware attack, the original user is prevented from accessing their system(s). Huge ransom is then demanded to restore access to the system. The rise in such attacks during the pandemic happened because corporates were required to override certain network security protocols to enable work from home for employees. Hackers used this vulnerability to access corporate servers and successfully run malicious campaigns.
A substantial majority of corporates and businesses use VPN services. A lot of maintenance and updating goes into ensuring VPNs run seamlessly at all times. However, because of the pandemic, companies have had to introduce changes to how they run their VPNs.
Working hours had to be changed to accommodate work from home so VPNs are used extensively – in some cases, all day long. As a result security teams are hard-pressed when it comes to maintaining and installing updates hence making their services vulnerable to attacks.
Cyber Attacks Cost Billions of Dollars and can be Extensive
When Israeli Software Company Sapiens International Corp., specializing in developing software solutions for finance and insurance clients, moved to work from home for its employees, the company was threatened by hackers who forced it to pay $250,000 ransom in Bitcoin in exchange for not shutting down its computers. With hundreds of clients spread across the globe, the company could hardly afford to have its systems shut down.
Sapiens is just one example – but this is the just the kind of security risks that corporates and businesses have become overwhelmingly vulnerable to during the current pandemic situation.
While the battle against cyber-attacks and data breaches has been waging on for years now, the fact is that these attacks always have a huge cost element involved.
Not to mention the scale of destruction can be devastating. The risk element, however, has been pushed up several notches because of the pandemic.
Hackers have become aggressive and are unceasing in their attacks all under the garb of the confusion the Covid-19 situation has caused the world over.
So, what’s driving these attacks? A number of factors can be linked to the sudden surge in these attacks. Consider the following:
- Increasing number of transactions, right from ecommerce sites to banks are now happening online.
- Work from home has been a sudden and abrupt move – in a lot cases, the shift to work from home has been largely unplanned.
- Most home networks are not secure and smart connected devices are prime and easy targets.
- Companies are in a rush to maintain business continuity – resulting in security overrides and shortcuts.
- The ensuring confusion and uncertainty has only made it easy for cyber criminals to jump into the fray.
- Lastly, everyone is game – cyber criminals are targeting businesses both big and small, individuals, as well as governments and their agencies.
IT heads and security teams are tasked with the responsibility of anticipating, preventing, and restoring disruptions, while also focusing on building capacity and flexibility into their security infrastructure. However, the pandemic has caused colossal confusion leaving corporates to struggle with the implications of security breaches and data attacks.
Improving Cybersecurity: An Accute Need of the Hour
At present there is no clarity on how long the pandemic will continue. Even after a cure is found, it is highly unlikely that will we be able to move back to pre-pandemic work environment quickly. In the meantime, executives and employees will have to come together if we are to address the dangers that cyber-attacks pose to individuals and corporates.
Few things to keep in mind:
- Setting new passwords, and avoiding re-using of passwords will have to be strictly adhered to by work from home employees.
- Using a separate router for work can help limit exposure to cyber-attacks.
- All application solutions and operating systems will need to be up-to-date at all times.
- Work and communication should only happen on managed devices and via approved applications and collaboration tools.
- Corporates will have to go into over-drive over reviewing security policies and in switching to new and improved security tools and solutions.
- Access should be provided only to those systems and data that are needed for work – reducing access to business intelligence and systems can help in preventing breaches.
Predicting and preventing cyber-attacks is a huge challenge (we’ve all seen 24 and Die Hard 4). Hackers are becoming creative and more refined in their attacks. And the pandemic has only given them greater stimulus to exploit the vulnerabilities of corporate security. That being said, the fact is now company chiefs, businesses, governments, and individuals are becoming aware of the dangers and risks of cyber-attacks.
Security awareness is a major area of focus right now and rightly so. As work from home becomes the new normal, greater vigilance and setting up of proper security protocols is critical.