Though it may feel somewhat premature to say, the pandemic – including the related travails that upended much of the world since March 2020 – is now, finally, beginning to recede. Between the recovery of travel, live entertainment, and overall employment, it’s clear that much of the world wants nothing more than to get back to “normal” in 2022.
But going forward “normal” will not be a return to the life of two years ago, and some of the changes COVID-19 engendered have left imprints on our society that will outlast the pandemic itself. Indeed, we may yet require more adjustments as we grapple with the challenges of the still nascent post-pandemic era.
Chief among those challenges will be a new, and potentially more devastating, cyberthreat landscape. We at Experian call this Cyberdemic 2.0, where society begins to recognize and contend with the unintended realties that accompany our increasingly remote ways of working, playing and living.
Think about how your behavior changed during the pandemic. Telehealth, remote work, contact tracing, and QR codes were all outliers prior to COVID-19. Now they are all completely familiar aspects of our lives, and in some cases are even core parts of companies’ practices or business models.
And even though many of us have benefited from these new arrangements, each poses security risks like ransomware, data theft, or device hijacking.
We’ve already seen startling instances this past year.
In September, federal law enforcement charged over one hundred medical professionals with participating in a $1.4 billion fraud scheme that involved telehealth as a key component. Ransomware attacks soared to an estimated $590 million in just the first six months of 2021, compared to $410 million for all of 2020. QR codes are already being used to hijack the devices of unsuspecting people believing they are engaging in contactless commerce.
But there’s at least one crucial difference in Cyberdemic 2.0: the primary source of risk will be different from what it was at the beginning of the pandemic. When COVID-19 hit, businesses scrambled to adjust to the new requirements enacted posthaste to attempt to contain the disease. The process of doing so upended normal security protocols and processes and left businesses vulnerable, which cybercriminals did not hesitate to exploit.
But a year-and-a-half later the landscape is different. Many organizations have adapted to new realities, often by changing their business models and installing new security technology.
This doesn’t mean the threat has passed – it just means the weak link in the security chain has moved elsewhere. That weak link is now the individual employee – still working, learning, and playing remotely – who may not have adopted all the urgently needed new security measures.
One needs only to look at one of the most egregious ransomware attacks of the year to see how bad the problem can get. The May 2021 attack on Colonial Pipeline was the largest cyberattack on oil infrastructure in American history, disrupting fuel distribution to much of the southeastern U.S. It’s now understood the breach came through the company’s virtual private network, which is how employees access the company remotely.
This threat vector shows no signs of being put under control. Despite many workplaces reopening, remote work is now a permanent part of American life. A LinkedIn survey last summer showed that 36% of employees working remotely were still waiting for their employer to decide if they will return to an office or stay remote.
Home networks are as a rule much more vulnerable than business networks, meaning that enterprise IT departments have a new and ever evolving challenge in front of them.
Fortunately, companies are not fated to be on the losing end of this growing crime spree.
IT teams need to be up-to-date on the latest security weaknesses, and to provide more training for remote employees. Employees will need to learn things like how to spot a phishing attempt, or how to respond to a ransomware attack.
Some of the changes COVID-19 engendered will outlast the pandemic itself. And the primary source of #cybersecurity risks have shifted as #remotework arrangements means the weak link is the individual employee. #respectdataClick to PostThe gradual, and welcome, receding of the pandemic risks distracting us from the real dangers of Cyberdemic 2.0.
Don’t wait until an employee of yours falls for an unfortunate phishing scam, and suddenly vital company data is captured by an obscure criminal gang demanding bitcoin. Your company’s security may be better than two years ago, but cyberthieves will still be looking for weaknesses in your perimeter. In 2022, make sure your remote employees are as wary, savvy, and cautious as they need to be.
