The sudden transition to remote work linked to the COVID-19 crisis has diverted attention from cybersecurity, allowing cybercriminals to take advantage of the loosening of security policies. In addition to operational and financial challenges, businesses have indeed had to cope with the increase in the number of cyber attacks. While the hour is picking up in many sectors, according to a recent survey conducted by the National Association of HRDs, 74% of the human resources managers questioned foresee a sustainable development of teleworking after the crisis.
In this context, for Pierre-Louis Lussan, Country Manager France and Director South-West Europe at Netwrix, companies will have to remain vigilant in the coming months and be aware of the emergence of certain trends to ensure their cybersecurity:
“Today we can predict that the internal threat will become even more pressing. As many organizations are already planning to maintain part of their telework workforce in the coming months, at least partially, IT teams will have to adapt to a larger remote workforce – which implies a lack of control over more terminals and network devices. Companies must therefore develop new security strategies based on the zero trust model, including means to prevent sensitive data from being disseminated on employee terminals and collaboration tools in the cloud.
In addition, security “by-design”, and by default will become the norm. The use of online services – from traders to social media to productivity tools – increased sharply during the pandemic. Unfortunately, many users are uninformed about cybersecurity threats, making them easy targets for online scams. In order to reduce risk, companies have a vested interest in clearly communicating best security practices, but they will also need to put in place as many protective measures as possible. Each organization offering online services will be subject to increased control to ensure that strict security and privacy settings are used by default, and some will use advanced security options to stand out in the market.
We should also see an increase in cases of usurpation due to deepfakes. Emails masquerading as superiors and spoofing will continue, but the widespread use of videoconferencing for everyday communications will encourage the development of a new variant of this attack vector: video spoofing . We don’t expect deepfakes to become widespread anytime soon, but artificial intelligence and neural networks will increase the likelihood of encountering them. To address this threat, businesses will need to review their approval processes, particularly with regard to budget and access to data. In addition, IT teams will have to make all employees more responsible and avoid the illegitimate rise in privileges.
Finally, the attacks will go unnoticed in a flood of false alerts. Due to the rushed transition to remote work, many security screening solutions have indeed recorded a much higher number of false positives, as they need time to adjust to the new standard. A similar spike in false alarms will occur when employees return to the office in large numbers. Cybercriminals will continue to exploit these turbulent times to launch attacks, knowing that companies will not be aware of their malicious acts. IT departments need to be vigilant and find ways to spot the real threats in order to contain them.
Each crisis forces companies to carefully analyze the areas in which they focus their resources and efforts. While many IT projects can be put on hold, a solid cybersecurity strategy remains essential. Automation of security tasks allows IT professionals to do more with less while reducing human error and inconsistency, helping the business improve productivity, reduce operating expenses and refocus the talent of its employees on more critical areas. “