The COVID-19 pandemic, and the resulting switch to remote work, has created new vulnerabilities for cyber criminals to exploit, according to a new report from CyberCube and Aon.
The report found that remote work has exposed new access points for cyber criminals to gain entry to corporate systems, including domestic PCs, laptops and Wi-Fi routers. It’s also led to a reduction of employees’ distinction between work and personal emails and an increase in the usage of devices with insecure passwords. Home workers are also more likely to use online applications that would be prohibited in an office environment due to security concerns, the report found.
Cyber criminals have also exploited the need for information on COVID-19 to create a broad range of social media and text message attacks, particularly in the countries worst affected by the outbreak. In addition, the rapid increase in online shopping due to lockdown has resulted in higher exposure to well-established scams like form-jacking and spoofing, according to the report.
“Any organisation that rapidly deployed new technology, applications, services or systems at the onset of the pandemic should now be focused on taking a look back and ensuring that they have implemented best practices in security configuration and architecture,” CyberCube and Aon said. They warned that many organisations have found that their rapid deployments – while necessary in the face of the pandemic – have introduced security vulnerabilities that could be exploited by cyber criminals or permit unintentional information sharing by users.
“Home working is one of the biggest changes people have had to handle during the pandemic, but it’s here to stay – and that’s changed the footprint of organisations’ IT systems,” said Darren Thomson, head of cybersecurity strategy for CyberCube. “More laptops, more mobile access, more devices that were never intended for corporate work – and employees juggling work life and home life on the same machine. Insurers underwriting cyber risk will need to be very mindful of these changes and how they affect an organisation’s risk profile. These are new norms that need to be incorporated into their underwriting appetite in addition to well-established threats like ransomware, which shows no signs of diminishing. Indeed, home working may slow the ability of policyholders and insurers to respond quickly to ransomware infections.”
“The lesson this report draws is that cybersecurity at home is a different animal to cybersecurity in the workplace,” said Jon Laux, head of cyber analytics, reinsurance solutions at Aon. “Organisations are going to have to think more laterally. They’ll need to be more user-centric, with a particular focus on employees’ own devices and the cloud-based applications they use. The traditional approach to cybersecurity must be replaced by something that recognises users will operate in a decentralised and remote fashion. For large organisations, that’s going to create a lot of change management to handle.”
