When the COVID-19 lockdown hit, companies worldwide transitioned millions of employees from working in offices to working at home. There were bumps to be sure, but from an IT perspective the process generally went smoothly.
What’s happened since then is enough to keep IT security professionals up at night.
“Once the transition was complete,” says an article on CSO.com, “Organizations found their attack surface had changed immensely and threat actors attempted to seize upon the opportunity. Phishing, brute-force and malware attacks surged while the number of endpoints connecting to corporate networks ballooned.”
We blogged about this subject a few weeks ago when a survey of IT leaders reported that 41% of them had experienced more security attacks than ever.
In light of the collection of surveys and studies in the CSO.com article, that now looks like an understatement.
Though the study we referenced in our post said in the early days of the lockdown companies were spending an extra $15 billion a week on IT, CSO cites a study that helps explain why: 66% of organizations had no pandemic preparedness plan in place. Others, including those that did, failed to account for the sheer scale of having every employee working remotely.
Infoblox’s COVID-19 Challenges for the Borderless Enterprise report said 38% of organizations shifted funds from cybersecurity to provide for remote worker access. 46%, however, shifted IT resources to shore up the security of their networks. Another study cited by CSO.com tells us that 60% of organizations that adopted work-from-home technology accelerated or bypassed their normal privacy/security reviews.
Consequently says CSO.com, chief information security officers “should go back and ensure that any checks that were skipped or accelerated have been redone to ensure all the risks have been accounted for.”
The article cites Zoom’s security issues as one example of a remote tool that was quickly adopted by many without considering security.
The most worrisome part of the article by CSO editor Dan Swinhoe cites a baker’s dozen of studies, surveys and reports of cyberattacks skyrocketing during the lockdown with many continuing unabated since. Here’s a sample:
- Supply chain attacks rose 38% since the start of the pandemic;
- Phishing incidents rose 220% at the height of the pandemic;
- Ransomware attacks spiked more than 100%;
- Insider-threats increased 27%;
- RDP brute-force attacks (attempts to remotely control a computer or computer system) grew 400%.
With the majority of companies expecting more employees than ever to work from home even when the pandemic ends, a PwC Insights Survey found 96% of organizations saying they are adjusting their cybersecurity strategy due to COVID-19. 50% said cybersecurity and privacy will be baked into every business decision or plan.
“This focus on security,” observes CSO, “Should provide CISOs with more influence at the most senior levels of the business.”