Almost half of organisations have suffered a cyber security incident as a result of the sudden shift to remote working, a new study has found.
A Barracuda Networks survey discovered that 46% of organisations across the UK, US, France and Germany have suffered at least one “cybersecurity scare” since the coronavirus lockdown began.
The results are unsurprising but nonetheless troubling. Most people agree that the lockdown is necessary to limit the spread of COVID-19, but it has also introduced security risks that have caught organisations off guard.
Organisations weren’t prepared
The past few months have demonstrated that almost no one had a plan suitable to address the pandemic and the disruption it has caused.
The most obvious risk for organisations is that remote workers are increasingly reliant on the Internet to share documents and communicate – and if something’s online, then there’s always the possibility of a cyber criminal compromising it.
But there have been many other issues that have exacerbated this problem. For example, organisations were given little warning before being told to make employees work from home, so they couldn’t provide the necessary training or equipment to keep them safe.
This has left organisations susceptible to a range of risks, including insecure Wi-Fi connections, potentially vulnerable software (with Zoom in particular bearing the brunt of criticism) and credential-stuffing attacks.
Similarly, many employees have had to use personal devices – meaning the organisation’s IT department had little oversight of the hardware’s security.
As such, the IT department has no way of ensuring that basic security practices such as software updates and antivirus scans are being performed, and no way of gaining remote access to the device to investigate a potential malware infection.
Coronavirus a hotbed for phishing scams
Organisations have also had to deal with an increase in phishing scams – many of which have been using the uncertainty and confusion of the pandemic to lure people.
According to Barracuda Networks’s survey, 51% of organisations have recorded an increase in phishing attacks since the lockdown began.
Fleming Shi, CTO of Barracuda Networks, said: “Naturally, opportunistic hackers are on the lookout to target vulnerable organisations, which may have weak security infrastructure in place during this difficult time.
“The risk when cybersecurity is de-prioritised or neglected by businesses, is that hackers can target untrained, susceptible remote workers with increasingly sophisticated and incredibly realistic-looking email phishing attacks.”
Take a look at our dedicated blog on coronavirus phishing scams for examples of scam emails.
Some of the more common phishing scams imitate the World Health Organization or the government, and include an attachment supposedly providing guidance on staying safe.
Other widely circulated scams include those claiming to issue fines to those who have broken lockdown protocol, offering financial recompense for the disruption the pandemic has caused, or spreading conspiracy theories about the origin of the virus.
These attacks have become so prominent that the NCSC (National Cyber Security Centre) issued a rare public statement warning people about scam emails.
The agency has also taken down more than 2,000 coronavirus-related scams since the pandemic began, and has created a service that allows members of the public to report scams they’ve received.
Does your organisation have its risks under control?
Hopefully you’ve been able to adapt and strengthen your security since the lockdown began, but the threat of a security incident – like coronavirus – isn’t going away any time soon, so you need to be vigilant.
Are you reviewing the security practices of third-party services, for example? Do you have a patch management plan to make sure everyone has the latest software updates? Are your staff aware of their security responsibilities while working from home?
You can find out how to ensure these tasks – and many others – are being performed by taking our Complete Self-Paced Online Training Course Suite.
It gives you access to all ten of our online training courses, and provides expert advice on a range of topics, including the GDPR (General Data Protection Regulation), ISO 27001, business continuity management and ITIL®.