The COVID-19 pandemic created new challenges for many organisations as they had to quickly adapt to an unknown operating model, where working from home became the “new normal”.
Businesses accelerated their digital transformation, and with that, new cyber security threats and difficulties emerged for organisations large and small. Now, with the pandemic soon marking its second anniversary, remote working has become a norm in many businesses. As a consequence of the pandemic, technology has gained more importance in our personal as well as work lives. However, even after adopting the new work model, many organisations fail to provide a completely cyber-safe work-from-home environment.
The need for increased cyber security
The cyber threat landscape is now more diverse than ever. Let’s see how:
Malicious staff working from home with lesser supervision are more easily tempted to carry out criminal activity or conduct fraud.
Non-malicious employees who are not very vigilant are easily exposed to threats because of careless attitude and lack of reminders, which are otherwise routine in-office premises.
Cyber criminals are aware of the increased opportunities and weak links, which makes businesses more susceptible to attacks.
Bring Your Own Device (BYOD) policies where employees can use their personal laptops and mobile devices are putting business information more at risk. Work-from-home cannot guarantee the same level of cyber security as an office. For instance, an employee may not regularly update anti-malware or run regular scans on their personal device, which makes their data vulnerable.
Employees allowing their families access to their work devices for gaming or browsing purposes introduce a range of new risks to those devices.
Non-vigilant Employees working on free public WiFi are prime targets for cyber criminals.
The evolving nature of cyber threats
Hackers have now developed new ways to infiltrate and attack systems to capitalise on the
remote working situation. Before the pandemic, very few cyber attacks were launched with
methods or malware unknown to the people. This percentage increased significantly during the pandemic.
Some of these new methods included the use of machine learning, where malware adapts to the environment to stay undetected. Phishing attacks have also become more sophisticated
and targeted by studying user search patterns.
With cyber attacks becoming more sophisticated, there is a need to develop sophisticated
technology to timely detect them. User and Entity Behaviour Analysis (UEBA) is one such
technology that analyses routine user behaviour and uses it to detect any deviation from the
How can businesses cope with the changing threat landscape?
Before COVID-19, many businesses such as banks did not allow remote working, particularly
because of risks involved in protecting confidential data. The pandemic brought many
challenges for them as they had to adjust to the new setup in a very short time period.
Organisations had to quickly increase their capability and capacity for remote working.
However, cyber security was not a key priority in the quick deployment of work-from-home
For instance, many companies did not check that the employee personal devices were secured before they tried to gain access to corporate data. However, as the world gradually adjusted to the new work model, many organisations have now devised methods to ensure that their confidential information stays secure even as employees regularly work remotely.
Let’s have a look at how some of these measures can be implemented
All employees must be provided with licensed antivirus or anti-malware software to use on their personal devices.
All staff should be regularly informed about best security practices and procedures and given monthly reminders through email about how they can stay vigilant and protect themselves from phishing attempts.
All employees should protect their home networks with strong passwords.
Using a Virtual Private Network (VPN) when working from home can add an extra protection layer to keep corporate data secure.
Organisations should also ensure regular security practices such as scanning their networks for vulnerabilities and patching them on time.
They should regularly review their risk exposure to evaluate the existing security controls. All forms of new cyber-attacks should be taken into consideration during the reviews.
The IT department should make use of advanced tools like host checking, which checks for an endpoint’s security posture before it can authorise a user to access a corporate information system.
In this time of high risks, organisations should also carry out threat simulation exercises frequently to proactively prepare for a response to a potential attack.
Cyber security needs to be given extra attention, particularly during the pandemic.
Organisations need to be more focused on proactively addressing threats, planning ways to
prevent cyber attacks from being successful instead of responding to them once they have
already occurred. However, as much important as preventive measures are, businesses must
also be prepared to detect, respond to and recover in case of an actual attack.
Companies need to plan and reduce the likelihood of a strong impact of an attack. For this, they must devise resilient working practices and enhance their application and development of security practices.
Written exclusively for goldphish.com by David Smith