1.You’re working from home. So are they. Cybercriminals, state actors, and others have already begun capitalizing on COVID-19. As other sources of revenue are reduced due to social distancing, criminal organizations are US-CERT reports a large spike in attacks against “newly—and often rapidly—deployed remote access and teleworking infrastructure.”
2.As short term shelter-in-place gradually shifts to longer-term social distancing, more employees will remain working from home. A larger number of remote workers means greater exposure of information and a higher impact of breaches. Assets on a home network are fundamentally less secure and require more proactive services to prevent cybersecurity risk. Many cybersecurity systems and procedures assume a firmly-controlled network boundary that will encompass most users, which is no longer an assumption that holds true.
3.Systems once considered optional are now business-critical: video conferencing, endpoint security, VPNs are now systems that must remain operational to avoid halting firm productivity. Vulnerabilities in critical communication and collaboration tools can be exploited by bad actors.
4.Pandemic preparations often did not include cybersecurity. Many firms quickly added hardware to their network, rushing to fill IT asset gaps through rapid procurement. Assets were signed out without proper documentation. Non-traditional configurations were used to enable work from home. Unpatched unmanaged personal devices are being widely utilized.
5.Many companies are accelerating digital transformation initiatives to turn COVID-19 into a strategic opportunity and are implementing new business and data driven operating models. While these drive rapid value creation and impact, they also introduce newer threats as cyber criminals and bad actors look to exploit vulnerabilities introduced by digital operating models.
In the new normal, cybersecurity cannot be taken lightly and should be a key element of your strategic response. Reach out to Gautam Basak GBasak@keystonestrategy.com and Sean Durkin SDurkin@keystonestrategy.com to learn how Keystone is helping companies increase technology and cybersecurity resilience.