At the beginning of the Covid-19 crisis, I predicted that cyberattacks would increase by 30-40%, and it gives me no pleasure to see this happening before my eyes. We carried out a survey in the latter half of April amongst 1550 UK employees working remotely due to the crisis which found that 42% had received suspicious emails and 18% had already tackled a security breach since lockdown began.
These figures demonstrate the inevitable rise in activity by cyber-criminals, so it’s hardly a surprise that just under half of those we surveyed (49%) said that they felt vulnerable due to the insecurity of the devices they are using.
And it’s not because their employers had sent them off to work from home without consideration for the potential threats to their corporate networks. In fact, only 21% of the remote workers said that they had not been given additional IT software or security measures to protect their devices during lockdown.
The problem is actually with what those who were given extra protection were using. The vast majority had access to a virtual private network (VPN) (56%) and a large number (41%) had standard anti-virus software. Just 28% reported receiving protection specifically for the endpoints and applications they were using. But it is these very devices that are most susceptible to attack.
Cyber criminals know that the worldwide shift in how employees access company data opens up massive opportunities to breach networks. A compromised unmanaged device is usually the softest route and the weakest link in the security chain, and data has shown that it is where 70 per cent of breaches originate.
We are now a little further on in tackling the Covid-19 virus, but how much further on are we in dealing with the ever-growing menace of cyber-crime? Enterprises must realise that the security perimeter right now extends out of the organisation and into their employees’ homes, so it must encompass all the devices they are using remotely to gain access to the network.
As we start to come out of lockdown, the threat will not go away. Our survey found that as many as 63% of people will want to spend at least some of their working week at home in the future and 23% said that they wanted to work full time at home.
The likelihood is that the pandemic will change working dynamics permanently, so companies need to prepare and implement changes now to shore up their security environment both in and out of the office. And there is another consideration – over 67% of employees are reliant on VPNs and cloud services to communicate and be collaborative, and this is likely to grow. If breaches continue to happen at the same rate, it’s not just the loss of company data that will be a concern, but the exposure of private information. The last thing that any organisation needs now is a breach that puts them in contravention of the stringent GDPR regulations, and facing a hefty fine. Now is the time to act.