Remote work will provide abundant opportunities for cybercriminals.
Cybersecurity was hot on the agenda last year in Australia, with the government announcing a $1.35 billion boost in June after a surge in online attacks against Australia. COVID-19 has presented new challenges with the Australian Cyber Security Centre (ACSC) warning of a “significant increase” in attacks on businesses since March. The ACSC has pinpointed the rise of COVID-19-themed email ‘phishing’ attacks as a particular concern. These phishing scams – and other cybercrime activities – cost Australian businesses an estimated $29 billion each year.
Furthermore, the 2020 pandemic has exposed gaps in network security postures that no one could have foreseen. Unsecured home networks, use of BYOD (bring-your-own-device) and siloed operations made previously visible threats on corporate networks become invisible, hidden on home networks.Cybercriminals took advantage of this expanded attack surface to launch phishing, vishing and ransomware attacks. In a recent independent survey conducted on Juniper’s behalf of a thousand CIOs and CISOs across nine countries*, 73 per cent stated that “In light of the recent pandemic, my organisation’s network and security has sometimes struggled in terms of the added business demands that have been placed upon them”.
With that sobering statistic in mind, life won’t return to “normal” anytime soon, and the need for employees to work remotely will remain. A CBRE survey of 10,000 office-using workers at companies across the globe found that, after several months of working from home due to the COVID-19 pandemic, many want to work remotely at least two or three days a week going forward. More than 90 per cent of employees and managers reported that they perceive working from home as “about the same” or more productive than working from the office and eighty-five per cent of respondents prefer to work remotely at least two to three days a week.
Organisations need to pause and rethink how they approach security to support this new paradigm with a focus on increased visibility and faster response. Otherwise, cybercrime will continue to evolve and take advantage of remote working as the easiest point of entry into their network.
Security Budgets will Suffer in 2021
For several years now, cybersecurity has been one area where investment and budget growth are constant. Businesses are seeing strength in security as both a regulatory need and a competitive advantage. However, in 2020 we saw a change: investment had to be brought forward to support remote working, and a rapid move into cloud-based software services, all driven by the pandemic. Now, 2021 may see reduced spending on security, and an increased need to demonstrate fast value from previous security investments. In fact, in the same recent independent survey mentioned above, 70 per cent stated that “the pandemic may limit and restrict my organisation's future planned spending on network security.” To prepare for this possible outcome, security teams need to think differently and leverage existing solutions more effectively.
By integrating network and security elements together, organisations can seamlessly and cost effectively provide both connectivity and security, while taking advantage of advanced security services, for broader visibility and control. There will be less time and cost spent to remediate threats, and overall, reduce exposure to advanced cyberattacks. Visibility, intelligence and enforcement can be enabled through software licensing and cloud services so that organisations can make their networks threat-aware without the need to rip and replace.
Availability and Accessibility Puts Data at Risk
With more employees requiring access to more information, from more places, at all times, we’re likely to see a spike in data breaches and exposures in 2021. Too often, businesses prioritise the need to provide data over safeguarding information and restricting data access appropriately, meaning more databases of information are available for malicious actors to potentially access and exfiltrate.
Combined with the adoption of 5G, which enables both attacks and data theft to happen faster and more discretely, it is likely that 2021 will suffer from growth in data theft. To reduce the risk, organisations need to consider basic security best practice before making any access changes to business data. This includes making sure that passwords are complex and regularly updated, role-based access is implemented to restrict and control overall access, and data is heavily encrypted, both at rest and in motion.
This combination will help to ensure that hackers end up with a useless batch of restricted data rather than sensitive business information, should they gain access.
*Research conducted by Vanson Bourne in June/July 2020, in France, Germany, Israel, Italy, Netherlands, Saudi Arabia, UAE, UK and the US. Respondents drawn from organizations of 1,000 employees or more.