December 31, 2020 – While the COVID-19 pandemic has rendered offices and meetings passé, we as a society have moved much of our communication, purchasing, and general interaction directly to the internet. Zoom, Slack, Teams and WeChat dominate – and people suddenly seem busier than ever, according to a new report by Martin Mendelsohn at Kingsley Gate Partners.
“We have more to juggle today, remotely, and all of it is channeled through our home communication systems,” he said. “The implications of this for the cyber industry are enormous. A new and unforeseen pandora’s box has popped open, gifting yet another point of vulnerability and access for nefarious actors to exploit.”
Employees who had worked in an office prior to COVID-19 often used a desktop computer, logging on at a specific time, and working a particular shift. “Much of corporate employee activity was routine and predictable, enabling internal corporate security teams to quickly assess when activity deviated from the norm,” Mr. Mendelsohn said
That was six months ago. A study by the National Bureau of Economic Research notes that 50 percent of U.S. employees are now working remotely or from home. The new reality has shifted the ‘office’ to ‘home-work environments’—in fast forward.
Following the move to remote working, companies gave employees laptops to use in their homes, which, in many instances, became a computer shared with kids playing Fortnite, and for other personal matters. “Passwords used for website access and payment processing became the password for accessing corporate systems,” said Mr. Mendelsohn. “Log in credentials for websites switched to ‘single-login’ pathways linking corporate devices to personal accounts on social media, banking properties, and e-commerce sites.”
The pandemic has hammered home to the technology community that we should trust (employees, partners, service providers, and even employers) though we must continuously verify—and stay on the lookout for malfeasance. Translation: contingency and backup planning is more important than ever.
“Cybersecurity executives’ dexterity is being tested at a time when IT staff are working remotely from home offices, and systems are under siege with incessant phishing probes and creative attacks,” Mr. Mendelsohn said. “Many of these attacks are often followed up by ransomware demands, data theft, and outright extortion.”
Leaving decisions up to technology, or robots – or bots, or bits – or whatever you might want to rely on for your company’s crown jewels, is a losing bet, Mr. Mendelsohn said. “This is no longer a game of multi-factor authentication, password verification, or ‘my CISO has it all covered,” he said. “CEOs and boards are more exposed today than ever before in history and will be on the hook for shareholder value losses, reputational compromise, and worse.”