If your IT priorities have shifted—or completely changed—over the past couple of months, you’re not alone. Maybe you were in the midst of a digital transformation project. Maybe you were looking into 5G or AI. But then mid-March saw your entire workforce shift to working from home, along with the rest of the planet.
At the start of 2020, organizations were looking ahead to a brand-new decade—and the future looked bright. A CIO Tech Poll in February found that “technology budgets continue to increase year over year with a smaller percentage expecting a budget decrease this year.”
Who would have predicted that in a matter of weeks almost the entire planet would be working from home? That meetings and conferences would go completely virtual? That parents would be homeschooling their kids? This wasn’t just a shock to our communal psyche—it was also a shock to our IT infrastructure.
An unprecedented spike in demand led to bandwidth constraints and network congestion around the world. And WFH led to a whole new slew of cybersecurity concerns.
Of course, cybersecurity has always been a concern with remote work. But with so many organizations rushing to set up employees at home, often within a matter of days, it was bound to leave some gaps in security. So now, as we settle in for the long haul, it might be a good time to revisit those WFH practices to make sure security is up to par.
WFH cybersecurity gaps
CIO’s COVID-19 Impact Study, a survey of IT decision makers conducted in April, and CSO’s Pandemic Impact Study, a survey of security professionals conducted in March, both explore business preparedness during COVID-19 and how priorities are shifting.
Only 49 per cent of IT decision makers and 54 per cent of security professionals felt their crisis planning process prepared them for the pandemic. But both surveys point to one major shift: COVID-19 will change the way we work, and not just for the duration of the pandemic.
Prior to COVID-19, just 16 per cent of employees worked from home at least 60 per cent of the time. This has jumped to 78 per cent since the start of shelter-in-place restrictions, according to the survey results.
But this has also heightened cybersecurity concerns: 61 per cent of security professionals surveyed expressed greater concern about attacks targeting WFH employees.
Since mid-March, about one-quarter (26 per cent) of security professionals reported an increase in the volume, severity and/or scope of cyber attacks, which increased a whopping 37 per cent for those in the financial services industry.
And 74 per cent believe the impact of the pandemic will “alter the way their business evaluates risk” for at least the next five years.
A rise in COVID-related malware
“Higher numbers of employees working from home will continue to present tempting targets for attackers, despite [a] high level of confidence that security environments are up for the challenge,” writes Bob Bragdon, senior VP and publisher of CSO, in a blog post for IDG.
And businesses that were less prepared to address the current pandemic “are finding themselves in need of security solutions/services to fill the gaps,” he adds.
Malicious actors often take advantage of world events to launch cyber attacks. In April, for example, fake coronavirus live-update maps—based on the legitimate interactive dashboard produced by John Hopkins University—were used to spread the AzorUlt password-stealing malware.
“Given the global reach and urgency of the current health crisis, it’s not surprising that COVID-19 has become a means for threat actors to deliver their latest malicious content,” according to authors Andrea Kaiser and Shyam Sundar Ramaswami in a blog post for Cisco Umbrella, which leverages insights from Cisco Talos—one of the world’s largest commercial threat intelligence organizations.
Since the onset of the pandemic, Cisco Talos has observed three broad categories of attacks that take advantage of COVID-19: malware and phishing campaigns using COVID-themed lures (such as health-related emails purportedly from the World Health Organization); attacks against organizations that carry out research related to COVID-19; and fraud and disinformation.
Some of the malware threats related to COVID-19 include Kpot, Nanocore, Guloader, Trickbot, Formbook, Netwire and MetaMorfo—to name just a few.
Beefing up your cybersecurity response
So what can you do to beef up your cybersecurity around WFH employees, especially during a transition period as some employees return to the office and others continue to work from home?
The same best practices apply to WFH as they do on-premise: using secure VPN connections with multi-factor authentication, as well as endpoint control (such as encrypting devices). Revisit your data management strategy and ensure your remote workforce can share data securely, no matter their location.
And don’t forget about your backup strategy, which should now include backing up off-premise data. Awareness training is still critically important—perhaps even more so now that so many employees are working from home (and often sharing the network with their family).
CIO’s COVID-19 Impact Study found that 44 per cent of organizations will need to acquire new technology solutions or services to address this new work dynamic.
According to the study, the focus right now is on increasing operational efficiency and transforming existing business processes. But the No. 1 priority remains the same as before COVID-19: leading digital transformation initiatives.
Because there’s nothing like a global pandemic to highlight our need for innovative, flexible, adaptive technology solutions.