A year on from the lockdown, it is apparent many things will never be the same again. One report has estimated that within a few months, the crisis had accelerated the digitisation of customer, supply chain and internal operations by three to four years. Whilst temporary measures were brought in to meet these new demands, many changes will be long lasting. Remote working now looks set to be a permanent fixture with 86 percent of tech workers in the UK and Europe indicating they don’t want to return to the office full-time.
As businesses move out of crisis mode and turn their attentions back to more long-term strategies, security continues to be a serious issue. Fewer than half of IT professionals report feeling confident about their organisation’s cybersecurity since the pandemic.
So, what are the biggest challenges lying in wait for businesses looking ahead to working in a post-COVID world?
How COVID changed the cyber threat landscape
The latest Cyber Security Breaches Survey 2021 from the UK Government found that fewer business reported a breach last year, compared to 2019, although with four in ten organisations suffering some form of breach, the threat level is still significant. In addition, those that did occur hit much harder. It has been estimated that 37 billion records were breached in 2020, an increase of 141 percent over the previous year, so the risk level under COVID was higher than ever.
The lower number of identified breaches may be attributed to the fact that many organisations were forced to take a hiatus or drastically reduced the scale of their operations for much of the year, presenting fewer opportunities for attackers.
How attackers are exploiting the new IT landscape
Phishing has long been a favourite tool for cybercriminals, but the volume of attacks increased significantly in 2020. Google registered over two million new phishing websites before the year was out, and HMRC recorded a 73 percent increase in the volume of phishing emails. Phishing is a particularly effective tactic against a remote workforce as employees at home are more isolated and less likely to involve the real world and check in with colleagues or their IT department about suspicious emails and links. Small wonder that 20% of respondents in one industry survey admitted to breach incidents caused by remote workers.
Alongside direct attacks, organisations have also been left more exposed to threats emerging from their supply chains. Accelerated digital transformation means organisations now rely on a more extensive network of third-party suppliers. Cloud-based services delivered on a Software as a service (SaaS) basis are particularly popular as they can be easily deployed to a distributed workforce.
As a result, there are now more third-party suppliers and partners entrusted with sensitive data or given direct access to an organisation’s network. This means an organisation can suffer a serious security incident without their own network being breached.
Post-COVID security priorities
As organisations look ahead and start implementing plans for their post-COVID future, it is essential they have the technology, training and policies in place to balance the increased exposure to cyber risk introduced by a more open, hybrid working environment.
Attackers continue to focus on the human element, with phishing attacks used for everything from harvesting login credentials to delivering malware. To combat this, businesses need to keep their employees in the loop and clearly communicate these threats. Staff should be given training to increase their awareness of the most common threats and ensure they follow the correct processes for sharing data or authorising payments. However, research indicates just 10 percent of businesses offered security training to employees in non-cyber roles last year.
Shadow IT, the use of unauthorised software and hardware, is another factor which can introduce vulnerabilities into the network. Maintaining visibility of IT use is more challenging in a remote workforce, so organisations will need to ensure their policies and controls reflect the new environment.
A combination of awareness training and application controls will also help with bad habits around password management. Weak and re-used passwords ease the path for attackers to gain access and move laterally within the network, so it is essential credentials are strong and changed regularly. Mandatory use of a password manager application will improve strength and make it easier to update passwords too. Implementing additional measures such as multifactor authentication will make it harder for criminals to exploit stolen credentials. These stolen credentials can also lead to phishing and ransomware attacks which could be the start of a sustained campaign leading to public posting of exfiltrated data or denial of service.
Implementing strong access controls also mitigates the damage an attacker can do when they breach a network. Users should only have access to data and systems required for their job role to make it harder for attackers to access sensitive and mission critical assets. This also increases the chances of identifying an attack before serious damage is done. Access controls also need to be updated as more assets move to the cloud to prevent attackers exploiting gaps between cloud and on-premises environments.
Looking outside the network
Besides managing their own security, firms need to consider threats originating through third party connections. Even before the outbreak of the pandemic, SaaS solutions and outsourcing IT services had become increasingly popular to reduce overheads and improve flexibility. However, each new addition to the company’s application environment increases its exposure to risk, because every solution has its own digital supply chain with potential vulnerabilities.
Website components and plugins introduced to help customers move their purchases and communications online during the pandemic may also introduce new vulnerabilities, so it is more important than ever that organisations keep on top of applying updates and patches. Attackers can exploit these components to access customer data. Service providers that host or process data on behalf of others can also be compromised to cause an indirect data breach. For example, if a cloud-based data storage platform or analytics provider is attacked, data can be stolen without the organisation’s own defences ever being breached.
To mitigate this risk, businesses should conduct an audit of their supply chain to take stock of all the new additions over the last year. It’s important for any supplier with access to data to match the organisation’s security policies. Even the most security conscious companies can be breached, so it’s also worth investing in the ability to identify data breaches that originate outside the network. This can be done through introducing synthetic data, or breach markers, into shared data sets. Monitoring for data appearing on open or closed web sources can enable security teams to track the breach back to its source.
Cybercriminals have been busy adapting their attack strategies over the last year, so companies must ensure they do the same with their security capabilities. With hybrid working models set to be the norm, firms should look to the future with new technology and policies in place to protect their data in this new, more open digital environment.