Working professionals across the globe are working from home amid the coronavirus pandemic, and the overstretched IT teams might not be able to upgrade the cybersecurity to match up the risks of remote working
Workers are frantically helping teams to work remotely, putting new strains on their computer networks, creating opportunities for hackers to creep in. But, the fallout from coronavirus-related breaches may only be realized after weeks, months, or even longer. The expected delay highlights how the confusion from the pandemic has created long-term cybersecurity risks that could risk precious resources as the global economy hurtles toward a recession.
Overstretched IT teams of organizations might not be able to keep up with the required up-gradation of networks. Also, the nonessential businesses that have effectively closed down operations could prove to be even more straightforward targets. Those challenges come as workers use private devices and services to give attackers ample opportunity to successfully evade employers’ detection tools.
The Federal Bureau of Investigation warned of the increased phishing scams against businesses during this period. The private and public sectors have already faced many cyber-threats. The World Health Organization has also confirmed that hackers targeted it by creating a malicious look-alike website. The U.K.’s National Crime Agency is investigating an alleged ransomware attack against a leading drug-test company, Hammersmith Medicines Research Ltd.
While attackers use ransomware for an immediate payout, the more sophisticated groups could even use the upheaval to hack networks and quietly search for relevant bank account numbers, trade secrets, or personally identifiable information that is politically or financially valuable. They can siphon off those resources as inconspicuously as possible to hit all the assets in one fell swoop at the time when the company is most vulnerable. Hackers can try to get money from the stock market using such nonpublic information they acquire.
The question is whether governments and companies can also play this game. Widespread office closures over the past month have overloaded some virtual private networks with remote workers. The most crucial question business will now have to scale up VPNs to handle the surge in traffic.
The IT teams are being pulled between aggressively policing potential breaches and helping employees maintain productivity. Such a balancing act—let alone new security investments—makes it difficult for businesses to tighten their budgets amid an economic slowdown. It is evident that the businesses cannot focus on proactively patching, as well as maintaining their networks. And the risk is that most remote workers are now using their own computers, email, and file-sharing accounts. These are often accessed through the public internet, and private tools increase the surface area for attacks. This helps in more successful data breaches as it is very challenging for intrusion-detection tools and cybersecurity teams to monitor in such situations.
The Cybersecurity and Infrastructure Agency, U.S., has urged public and private-sector workers to patch their systems and asked them to promptly be on the lookout for any abnormal activity to ensure that the machines have appropriately configured firewalls.
The best they can do is prepare for another pandemonium since the realization has yet not hit the businesses as the real cybersecurity fallout will only be felt after this crisis is over.