State of Cybersecurity 2020: Changes & Challenges for WFH Culture
Articles by: Richey May, Sep 29, 2020
As we have continued to stress in our most recent articles, many aspects of how businesses operate have changed over the past year, especially as a result of COVID-19. One thing that hasn’t changed, however, is the need for careful and comprehensive cybersecurity practices. In fact, these recent changes – and in the vulnerabilities they create – have made cybersecurity even more important than ever.
With so many companies having to quickly shift employees to work from home (WFH), not everyone has kept up with the enhanced cybersecurity needs. This has left businesses vulnerable to increased targeted cyberattacks.
First, here are some numbers to help paint the picture. As we reported last year, the vast majority of cyberattacks are still financially motivated, according to the 2020 Verizon Data Breach Report. However, different from last year is a huge increase in attacks on financial services organizations. Last year, attacks to this industry made up only 8% of the total – this year, they make up 29%.
The biggest increase in these attacks was related to ransomware. There was a 543% increase in ransomware variants in 2019 alone, compared to the 105% increase between 2017 and 2019. This affected 2,047 companies in 2019; and that’s not including other types of attacks that have increased since the pandemic began, such as:
- ZOOM video conference breaches, as reported by the FBI
- Calls to helpdesks asking for temporary credentials or a temporary MFA token
- Phishing emails around COVID-19 (false trackers, false information)
- Malware exploiting the fear, uncertainty, and doubt around the shift to remote work
- Schemes targeting the human element through fraudulent emails, social media, or other digital communications
You can help manage the increased challenges due to COVID-19 and the new WFH model by applying the same monitoring used in the office to the WFH employee. You can benefit your business by keeping the following practices in mind for employees who work from home:
- People are more likely to browse risky websites at home than in the office, requiring an ability to control that access – even when off VPN.
- Plugging non-work approved devices into WFH systems can create vulnerabilities, even if it’s just a tablet for a child schooling from home.
- Configuring remote infrastructure securely, especially your VPN firewalls, enables you to proactively scan for and mitigate vulnerabilities.
- With more and more people working from home, it can be easier for cybercriminals to mimic or fake credentials and reset passwords or access sensitive information.
- Systems to track the equipment your employees take home and how it connects to your network can help reduce unknown individuals from gaining access.
Along with monitoring and proactive response using tools like MFA and patch management, it’s extremely important to keep your IRP updated to account for how the pandemic has affected business operations. Knowing how to respond to an attack rather than reacting without planning is key to preventing or limiting the downtime caused by a cyberattack incident.
The challenges have been coming on fast in 2020 – making it hard to keep track of all the new cybersecurity needs. That’s where we come in: to focus on identifying the issues and solutions for you. Our Technology Solutions team can help you with various services and expertise to maintain strong cybersecurity, such as:
- Virtual Chief Information Security Officer (vCISO)
- Cybersecurity Assessment
- Incident Response Planning
- Skilled Engineering and Integration
Our support can help you keep your cybersecurity practices ahead of the game, while you do what you do best: keep your company running through whatever comes in 2021 and beyond.