In the past several months, the COVID-19 pandemic has caused a rapid, global shift in the way people live and work. The crisis has created a huge opening for bad actors to take advantage of the situation.
From ransomware attacks on hospitals, to phishing attacks on remote workers, to targeted attacks on the WHO, instances of cyberattacks have escalated dramatically. The FBI announced that it has seen a spike in cybercrimes reported to its Internet Crime Complaint Center (IC3) to between 3,000 and 4,000 per day, up from approximately 1,000 per day before the pandemic. The increased use of personal devices, the significantly higher volume of business operations conducted over the internet, and the lack of traditional IT oversight at home, has dramatically increased system and endpoint vulnerabilities. It’s clear that cybercriminals have noticed.
It would be a mistake to view our current situation as temporary and respond to these increased threats with a “Band-Aid” solution until social distancing restrictions are lifted. Regardless of when that happens, one of the lasting effects of this pandemic will be that more people have found ways to do their job successfully away from a traditional office setting. Remote work is very likely to continue and even expand further.
That’s why now is the perfect time to revisit your security strategy. Here’s a roadmap to get you started.
The first step is to take stock of your current security situation. Review the solutions and protocols you currently have in place. Revisit your contracts with vendors and ask questions about what your existing solutions are doing for your organization. Are they providing preventative security as well as detection? Can your existing network maintain its previous level of security while managing the increased volume of traffic and communications caused by the current situation? By answering these questions and establishing the current state of your security, you can then determine what’s needed to fill the gaps.
Effective cybersecurity strategies are created from the outside in. Step outside your company and consider your organization from the vantage point of an attacker and try to identify any vulnerabilities. Seemingly innocuous actions such as opening an email attachment or accessing a corporate server from an unsecure network could have a crippling impact on your business or organization. That’s why the most reliable and effective way to protect your organization is to employ a defense in depth approach to cybersecurity. By diversifying solutions, supplementing your security, or even restructuring your network you strengthen your network and make exploitation more difficult for hackers. Companies should apply risk-based decision making, not compliance-based which can result in a “checklist” mentality. Cybersecurity must be aligned with business needs, using a defense in depth product set to protect the enterprise.
Identify vulnerabilities or opportunities to enhance security by asking key questions such as:
- Do you know what your users are doing?
- Are they using home computers or work-issued computers?
- What is the current corporate capacity for remote access?
- Are they using technologies like SSL, with documented vulnerabilities?
- How are you managing endpoint protection?
Once you’ve determined what you have and what you need, or at least the questions you want answered, you can begin to move forward. It may seem ambitious to recommend changing your cybersecurity approach now, but treading water until the end of this global health crisis will just leave you and your employees even more vulnerable to one of the millions of attacks that are lodged by cybercriminals every day.
This is the time to renovate. But that doesn’t have to mean an entire overhaul of your cybersecurity infrastructure. In fact, it may mean simply shifting tactics or supplementing your existing solutions. Consider discussing steps, strategies and solutions with a cybersecurity expert, or piloting new solutions while employees are working outside of the protected perimeter of the office. Use these unprecedented circumstances as a catalyst to take action that protects your organization today and in the future.
We’re here to help you to stop attacks before they start.
If you have any questions about cyberthreats during this time of crisis, potential vulnerabilities in your network, or anything else – don’t hesitate to reach out to our team. Now more than ever, we’re here 24/7 to support our customers, colleagues and friends.