Sleepwalking into a Cybersecurity Nightmare?

Almost six months ago, companies around the world began to shut down offices and switch millions of employees to remote working. The majority are still there – with the dining table doubling as the desk. Some have embraced the move, claiming it’s long overdue. Others miss the environment where they can catch-up with colleagues over coffee and collaborate face-to-face.

As businesses start to figure out how and when they can bring their people back to the workplace, it feels to me that whatever decision they reach, the world of work has changed forever. Part of the reason is the seemingly smooth transition, even in companies which had previously denied their teams the chance to operate remotely.

I call it the swan effect. Everything appeared calm on the surface, which underneath IT teams were paddling furiously to deliver the ‘new’ world of videoconferences, instant messaging and collaborative virtual meeting rooms.

Is confidence misplaced?

Getting all that tech up and running is just one part of the equation. Protecting the data and the people that use it is even more critical, and our data suggests it’s the challenge cyber experts fear the most.

The AT&T Alien Labs’ Open Threat Exchange recorded a 2,000% spike in indicators of compromise linked to COVID-19 between February and March this year.

It’s clear that companies are facing challenges when it comes to cybersecurity. To understand this better, AT&T Business surveyed 800 cybersecurity experts across the UK, France and Germany. While we expected the results to show businesses were unprepared for the rapid shift to remote working, almost nine in ten (88%) said they felt initially well-prepared for the move to remote working.

Fast forward several months of the reality of operating businesses remotely, over half (55%) said the switch is making their companies more or much more vulnerable to cyber-attacks. This rises to 70% for the biggest businesses, who are responsible for over 5,000 employees.

The weakest link

There’s a reason why so many cyber-criminals target employees. As Echo, the EU’s cybersecurity network, recently pointed out, hackers are taking advantage of the significant, often improvised transition to online working and schooling. They are also exploiting the concern, angst and (perceived) lack of information individuals are feeling in the wake of social unrest to get them to lower their guard against suspicious cyber-attacks.

Cybersecurity experts are aware of this vulnerability, but 31% of respondents to our survey said that their colleagues’ lack of awareness, apathy, and/or reluctance to adapt to new technologies presented the biggest challenge when it comes to implementing good cybersecurity.

Next on their list is the increased frequency and sophistication of cybersecurity attacks, followed by an increased external demand for products or services putting pressure on resources (both 29% respectively). Inadequate IT/cybersecurity personnel support (26%), a lack of external cybersecurity support services (24%) and products and not enough executive support or adequate financial investment (24%) were also cited as key issues.

Protecting the business for the future

So, what can businesses do to make sure they’re operating more safely and securely during COVID-19 – and beyond – when it comes to cybersecurity?

There’s some good news. Many companies have already acted. After the outbreak and move to remote working, two in five (39%) senior managers reported that their company had implemented additional cybersecurity training for employees.

Also, 42% had additional IT equipment for employees working from home, and 38% increased endpoint security to help protect laptops and mobile phones. However, that’s still less than half of companies and these are just the first steps.

To provide that businesses are fully protected and able to respond to the changing situation, much more needs to be done. We’re going to see increased demands placed on IT departments as companies respond to the evolving pandemic, whether that means organizing for the return-to-office or implementing highly secure remote working at short notice.

To stay ahead of cyber-criminals, companies will need to take a unified approach that aligns their people, processes and technology. With the transition from offices to homes, companies need to take the time to reinforce cybersecurity policies and best practices.

As organizations increasingly turn to digital and cloud solutions to enable business continuity, IT departments must address the risks associated with these technologies.

Cybersecurity experts need to monitor public cloud environments, protect web applications, assess cloud security readiness and risk, and identify web application vulnerabilities to provide that their transition to the cloud and digital is as safe and effective as possible.

However, each company is unique when it comes to their IT infrastructure and cybersecurity risks. In order to be effective, cybersecurity practices need to be specific, tailored and consistently implemented.

We’ve seen an explosion in remote working these past few months, and this is unlikely to end with the pandemic. Even after employees return to the office, they will increasingly expect to have the flexibility of working remotely, whether that’s from home, on-site or while travelling.

Now is the time for investing in and implementing technologies. The way businesses operate is changing, and IT departments, and their cybersecurity teams, will need to keep pace. This is no time for misplaced confidence. Cyber-criminals, having seen an opportunity, will continue to find ways to expose new vulnerabilities. Companies need to wake up to the threat, or risk becoming their next victim.

What’s Hot on Infosecurity Magazine?