During the pandemic, the shift to a remote workforce changed cybersecurity by decentralizing the office-based work environment. And it also hastened the adoption of preexisting expert guidance. The following is a deeper dive into how the WFH environment reshaped the way organizations approach cybersecurity.
Addressing the Security Risks
People were working from home long before the pandemic began, so why were so many organizations caught off guard by this transition?
Limited visibility and oversight are the predominant risk factors of a remote workforce, which vastly enlarge an organization’s attack surface. Pre-pandemic, it wasn’t the norm to keep workers out of the office entirely. Therefore organizations were not prepared to monitor and secure devices outside an enterprise network perimeter. Contributing factors like shared access points and insecure home WiFi further increased risk.
As a result, companies had to address work-from-home security risks by investing in systems and technologies, such as Virtual Private Networks (VPNs), endpoint protection and secure cloud solutions, that support secure remote work.
Attacks on the Rise
Without the protection of traditional enterprise security capabilities like firewalls and intrusion detection systems, employees, their devices and their home networks became attractive targets. Malware and phishing quadrupled in 2020. Ransomware cases also spiked. Bad actors also took advantage of world events to lure victims to malware-ridden sites and phishing emails. As an example, cybercriminals used fake COVID-19 maps to deliver the trojan AzorUlt to victims.
Better Collaboration Tools
The dramatic increase in the use of collaboration tools inspired creative attacks while also prompting vendors to step up their game. In April 2020, hackers infamously stole 500,000 Zoom passwords and posted them for sale on the dark web. Additionally, the rise of Zoom hacking disrupted collaboration and leaked personal information.
The result? Vendors like Zoom, Microsoft and Cisco hardened their systems to increase resilience, such as when Zoom released version 5.0 release with end-to-end encryption and additional protections.
A Security Wake-Up Call
In 2016, NIST issued a special publication for telework, and its concepts are even more relevant today. In short, companies were forced to answer a wake-up call from standards-setting organizations that had been recommending enhanced telework security protocols for years.
More Stress for Security Pros
A lot of CISOs and security professionals were already stressed, and the pandemic amplified it. Unfortunately, facing unprecedented opportunistic attacks and challenges introduced by WFH employees made work conditions worse for security services employees.
Re-Evaluating “Office” Work
While some organizations have re-opened their offices, many are continuing to allow their teams to work from home given the cost-savings and their employees’ preferences. The bottom line is that office work changes are here to stay, backed by cybersecurity best practices.