Share this article to start the conversation on work from home (WFH) security:
Social distancing has meant that in the workplace, reliance on technology has never been greater. Some would even go as far as to say that we are lucky the pandemic has emerged in a world where we are so equipped at handling the long-distance working relationship, but are we aware of the dangers?
Since the beginning of the COVID-19 pandemic, there has been a dramatic increase in cyber attacks targeting the public at large. Cyber attacks have leveraged against key global pandemic campaigns to utilise their malicious campaigns, in what has been described as a ‘gift’ for cyber criminals. With the majority of professionals relying on the internet to stay in touch with the outer world, these attacks are becoming stronger and more creative to exploit remote work practices. With Netwrix’s 2020 Cyber Threats Report reporting a 63% increase in cyber attack frequency due to the pandemic, it is crucial to be aware of and take action against modern cyber risks.
The fact is, organisations were largely unprepared for such a shift at the start of the year and how quickly COVID-19 would alter our world. There was a major rush to adapt and provide employees with remote homeworking equipment, to the extent where 85% of Chief Information Security Officers admitted to sacrificing cyber security procedures to enable remote practices. Considering the risk this will have put businesses at, it is no surprise that so many businesses experienced a change to their threat landscape.
Even the most central agent of them all during the crisis, the World Health Organisation (WHO), fell victim as they faced a fivefold increase in cyber attacks. In April, 450 active WHO employee email addresses and passwords were leaked online. Fortunately, this attack was targeted towards outdated information however since this breach, WHO have put new measures in place to secure their systems.
Serving as a reminder that cyber attacks do not discriminate against business size or importance.
As a result of poor adaption to cyber security in the remote setting, it does not come as a surprise that security within organisations was compromised. However, what was suprising is that this increase in cyber attacks was in part enabled by the employees themselves. With 58% of IT professionals reporting that employees did not follow cyber security policies and guidelines when at home, this enabled attacks to skyrocket.
As seen through the malicious attack on WHO, cyber initiatives often start from within. How can you expect to achieve external cyber security without securing the internal foundations first? Everybody has a role to play in cyber protection, from employees to directors. Organisations should be urged to host appropriate cyber security training to ensure that everyone is aware of the increased dangers collectively faced by businesses around the world.
The problem is that without cyber risk management and mitigation technologies to determine when you will be or if your system has been compromised, it can take months to realise an attack has already occurred. In fact, a recent report by IBM determined that on average, it takes 280 days to identify and contain a data breach. Hence, reiterating the importance of having the right internal knowledge and cyber protocols in place to proactively prevent attacks before they can occur.
To improve cyber knowledge within your organisation, we recommend going above and beyond standard tick-box exercises. We partner with CybSafe, a cyber security training company which differentiates itself from competitors by focusing on psychological behaviour change to really change habits. This is crucial when working within a world which relies on efficient homeworking.