How has COVID-19 changed the digital threat landscape?
The bandwidth has increased dramatically. Efforts to manage the COVID-19 pandemic have forced enterprises to rapidly adapt to new working models. Businesses have drastically increased capacity to meet the needs of businesses and consumers: virtual meetings, live streaming, automated customer assistance, business intelligence driven by machine learning, online education, and more.
In March, when this global pandemic started, our business VPN (virtual private network) solution NordVPN Teams saw a 165% usage spike and almost a 600% increase in sales overall reflecting a need to secure remote access.
In this rush to adapt, many companies have neglected or ignored both their risk and change management processes. Now that many employees have shifted to remote work — in addition to organizations being distracted trying to handle the virus — security and risk management teams need to be more vigilant than ever.
What are the main challenges facing CTOs and CIOs to meet the COVID security threats they now face?
Cybersecurity risks posed by remote work can be categorized into three key areas: people, places, and technology. The risks presented by people include employees falling prey to social engineering, phishing, and targeted attacks that aim to capture users’ credentials or make them accidentally download malware. Place-related risks include connecting to the corporate network from unsecured home or public Wi-Fi locations.
Technological risks have to do with using personal or unauthorized devices that aren’t in line with corporate security policies and patching hardware.
What makes the security risks caused by COVID-19 different from the security risks businesses faced before the pandemic?
One of the things that has changed is that corporations no longer have control over the infrastructure their employees use for work. In some cases, employees may use personal computers to access a business network. They may also use unsecured or outdated Wi-Fi encryption algorithms or weak Wi-Fi passwords that can be easily breached by bad actors. That is a critical issue that could result in data breaches or malware making its way from a personal computer, over a home Wi-Fi, to a business network.
As the cloud is now an even more important component of a business’s communications, how has cloud security had to change to meet the security risks COVID has delivered?
When it comes to cloud security, it is quite an automated process. Thus, when COVID-19 came, there wasn’t much that had to be changed immediately. However, given the higher demand and potentially limited resources, the processes had to be adapted to meet the pace.
The threat perimeter has now moved to the homes of millions of remote workers. Are businesses equipped to meet this security threat?
Despite the speed, we are still at the early stages of the remote work revolution. If you have 5,000 employees, you now have 5,000 remote offices to protect.
On the other hand, large, global businesses have encouraged and are still encouraging remote working for its employees. Larger companies are better suited to remote working primarily due to their access to innovative collaboration, resources, budgets and communication services. On the other hand, many SMEs are quicker to adapt and thus the transition for them may be easier. However, SMEs can be considered the new big target for attacks due to lack of security education and resources which makes them vulnerable targets.
How secure will remote work be in a post pandemic business landscape?
COVID-19 has set a new baseline for effective and secure remote work, and we should assume that many organizations will continue to utilize remote workforces after the pandemic ends. Gartner HR survey reveals 41% of employees are likely to work remotely at least some of the time in a post-pandemic post world. In this new normal, cybersecurity leaders will not only have to protect their organizations in remote settings but will also need to make cybersecurity an integral part of their plans to deliver business value.