2020 has seen sweeping changes in everything from where we work, to how we shop, to how we secure our networks. Never before have we seen such concerted attacks on home networks — and never has the security of home networks been so tied to the security of corporate networks. According to Security Boulevard, more than half of SMBs and nearly two-thirds of large enterprises feel that remote work increases their vulnerability to cyberattacks. And with good reason: the FBI has noted a 400% increase in the number of cyberattack reports compared with before the pandemic, and 71% of cybersecurity professionals have seen a rise in cyberattacks since the COVID-19 outbreak began.
During National Cybersecurity Awareness Month (NCSAM), we’re taking a closer look at the reality of securing devices at home and at work today. SonicWall President and CEO Bill Conner was recently invited to offer his cybersecurity expertise on this subject to the listeners of Harvard Business School’s “Managing the Future of Work” podcast. This week, we’re sharing some of his insights with you.
According to Conner, businesses are recognizing the increased risks associated with working from home and have begun responding accordingly. “It’s no longer about just getting access to the corporate network and applications. It’s about getting that access globally for all your employees and making it secure,” he explained.
In the meantime, however, cybercriminals are using this disruption to their advantage. According to a June 16 U.S. House meeting on cybercrime, Rep. Emanuel Cleaver stated, “We are seeing a 75% spike in daily cybercrimes reported by the FBI since the start of the pandemic.”
And many of these attacks are directly leveraging fear surrounding the pandemic. As reported in the mid-year update to the 2020 SonicWall Cyber Threat Report, a full 7% of all phishing attempts dealt with topics surrounding COVID-19.
While attacks on remote workers have risen sharply, many criminals see them less as a target and more as a means to an end. Many people, because they lack the knowledge or simply feel they’re unlikely to be targeted, don’t adequately secure devices such as gaming consoles, smart TVs or security cameras. But as employees connect to corporate network from home, these home devices can be used as a back door into their employer’s network. “With the post-COVID environment, where everyone works remote and mobile, it’s obviously a whole new world in terms of how you can attack homes, how you can attack businesses and how you can attack governments,” Conner said.
When attackers are targeting organizations directly, they’re often going after those focused on addressing the global pandemic. “We’re seeing hospitals that are getting hit with ransomware. Criminals want money, and with hospitals being overrun in their emergency rooms and intensive care, that’s a great opportunity,” Conner said.
There’s also been an uptick in attacks on scientists and researchers. “Research institutions, either on the government side or an agency side, are seeing an influx of threats, particularly phishing and intellectual property hunting, attempting to get their research—both by country states and others,” Conner explained.
With the “new normal” no longer new, companies are shifting from a reactive posture to a forward-looking one and are considering the IT implications of a potential new work reality, Conner said. “I think that what’s changing right now is people are having to rearchitect their business, and therefore they’re having to rearchitect their networks.”
According to PwC’s US Remote Work Survey, most office workers wish to work remotely at least one day a week, and roughly a third say they’d like to continue working at home full time indefinitely. Conner believes that a third, more nomadic group will emerge, splitting their time between travel, home and the corporate office. “As the IT managers and business managers plan for reopening … they’ve got to plan for the workflows and business and security to happen in all three of those settings seamlessly,” Conner said.
As a result, there’s likely to be an increased focus on endpoints going forward. “What we’re going to learn out of COVID is now it’s not just the enterprise structure — the building’s castles, if you will — that you’ve got to protect. Those endpoints are now your users, your employees, your CEO, your CFO, your researchers. Now we’re learning how we’re going to have to bring that protection to the home.”
Unfortunately, many companies were already struggling to keep up with their cybersecurity needs before, and COVID-19 has only made matters worse. According to the ISACA State of Enterprise Risk Management 2020, 59% of organizations said they had too few security personnel, and 39% reported inadequate security budget — and this was based on data collected before COVID-19.
“The points of exposure for business networks are escalating — almost asymptotically — certainly exponentially. Your headcount required to protect that need to follow that same high growth rate, and so does your budget, in a traditional model. The reality is, though, we don’t have enough people,” Conner explained. “No company has enough capital to do everything they need to lock down digitally and protect themselves using traditional methods.”
As Champions of National Cyber Security Awareness Month, SonicWall is committed to helping businesses solve the cybersecurity business gap. To learn more, listen to the podcast here, and check back next week as we continue to explore the role each of us play in securing our online spaces in the new work reality.