The coronavirus has prompted a fast and unprecedented transition to working remotely as people across the world are forced to self-quarantine. But because this shift has occurred so quickly, organizations are struggling to manage the repercussions and side effects.
One area proving to be a challenge is security. A blog post published Wednesday by security provider Barracuda Networks illustrates how and why cybersecurity concerns have increased along with the move to a remote workforce.
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
A survey of 1,000 business decision makers commissioned by Barracuda and conducted by independent research agency Censuswide found that 46% of respondents have already seen at least one cybersecurity scare since shifting to remote working. A full 51% have witnessed a rise in email phishing attacks since this shift. Further, 49% expect to see a data breach or other security incident in the next month as a result of remote working.
As the swing to remote working was forced on organizations more swiftly than expected, many are simply not prepared to manage the associated security risks. Among those surveyed, 51% said their workforce is not proficient or properly trained to handle the risks of remote working, while 46% said they’re not confident that their web applications are secure. To expedite the process, half of the respondents said they’ve allowed employees to use personal email addresses and personal devices to perform company work.
SEE: IT pro’s roadmap to working remotely (free PDF) (TechRepublic)
As businesses are impacted financially by COVID-19, determining where to spend your budget dollars takes on a new challenge. Some 40% of those surveyed have actually cut their cybersecurity budgets as a cost-saving measure to help tackle the COVID-19 crisis. Yet half of the respondents would consider making workforce reductions if it meant company data protection and security could be properly funded.
A transition to remote working was already on the agenda of many organizations. But the current one has proven more abrupt than expected. A full 55% of respondents said they would not have implemented remote working within the next five years had it not been for the COVID-19 crisis. Some 53% said that the coronavirus pandemic made them accelerate their plans for moving all their data to a cloud-based model. In the face of the quick transition, 56% said they plan to continue widespread remote working even after the crisis is over.
SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)
The finding that many organizations have trimmed their security budgets to cut costs is particularly alarming. Calling it the wrong move, Barracuda noted that hackers are now even more focused on finding organizations with security vulnerabilities and a weakened infrastructure
“When cybersecurity is deprioritized or neglected by businesses, hackers can target untrained, susceptible remote workers with increasingly sophisticated and incredibly realistic email phishing attacks,” Barracuda said in its blog post. “As many businesses enter their third month of remote working, it’s time they refocus efforts on tackling this growing cyber threat. At this crucial time, one successful data breach could be the final straw for many businesses, which are already facing an uphill battle against COVID-19. And, in the current threat landscape, it’s no longer a matter of ‘if’ a company’s security will be tested by cyber criminals, it’s a matter of ‘when.'”
To help organizations better manage their security during a shift to remote working, Terence Runge, CISO at data management platform Reltio, offers the following advice:
- Have a disaster recovery and business contingency plan.
- CISOs should think through the following questions: 1) What will you do if one of your key execs is sick? 2) How do you run your organization if your CEO cannot make decisions? 3) What do you do if your platform goes down? 4) How do you support your customers?
- Running simulations across all departments is important to help your organization be prepared.
- Full encryption should be running on all systems for employees.
- VPNs should be in use.
- Use multi-factor authentication for employees.
- Be on the lookout for and warn your staff about an increase in phishing and scams related to COVID-19.
- Be sure to nominate a key executive within the organization who is responsible for being the authoritative voice on all things related to COVID-19 and the organization.