The unprecedented challenges posed by the COVID‑19 outbreak extend to securing companies’ IT networks, and this event may be the biggest cybersecurity threat ever. Threat surfaces are also increasing dramatically as large numbers of workers are forced to work from home, often with systems and procedures that are different from those they are trained on and familiar with in their workplace.
In addition, hackers are taking advantage of people’s fear of and desire for information about COVID‑19 by designing sophisticated phishing emails and other inducements that promise information, advice, or “cures” for the virus. According to Proofpoint, “The security threats relating to the COVID‑19 coronavirus now represents the largest coalescing of cyber-attack types around a single theme that has been seen in a long time, and possibly ever.”
The widespread changes to company operations do indeed increase the cyber threat faced by companies worldwide. As companies send employees home to work remotely, IT systems will be challenged to maintain secure links by unprecedented levels of remote systems access. This will pose a particular threat to companies that have done a poor job with the “people, policy, and process” side of cybersecurity, a metric Cyberhedge calls “Awareness.” Company staff working from home will already face challenges adapting to their new daily routines—often with children and other family members present, possibly adding additional stress and complexity—and those that have been poorly trained in cyber hygiene procedures represent an increased risk of breach.
Furthermore, workers who are used to being able to utilize onsite IT staff to assist with inquiries and troubleshooting may not be well-prepared to act securely on their own. Considering that many workers will also be using different hardware (laptops instead of desktops) and software (VPNs) to access corporate networks, the increased risk of a breach due to staff carelessness is compounded even more than just the increase in employees using remote access might suggest.
Cyberhedge is monitoring this new threat dynamic closely, and analysis shows that companies with strong cyber governance are indeed better protected in this new environment than companies with lax cyber governance. This increased threat comes at a particularly perilous time for companies that are already dealing with threats to their operations and relationships with both suppliers and customers, as well as sudden challenges to their ability to continue financing operations.