This new world is a challenge for organisations’ digital security systems. First, attackers increasingly use the Coronavirus 2019 (COVID-19) as a theme to organize and deter their employees. Our weekly KOVID 19 scam highlighted this reality.
Secondly, organisations try to limit the risks associated with the sudden arrival of large numbers of employees at a distance. Lamar Bailey, Tripwire’s director of security research and development, explained some of these risks in a recent blog post on the security situation:
We see an unprecedented number of external users of private and public Internet services who have access to the resources of employers and schools. This exposes these organizations to an increased risk from all remote users. IT controls network bandwidth, VPN and access control to ensure that employees can continue to do their jobs. This places a burden on the organisation’s infrastructure and on the various internet providers.
The question is how organisations deal with these issues. And do they feel that their organizations are as safe as they are from COWID-19?
To answer this question, Tripwire decided in April to commission Dimensional Research to interview 345 IT security experts. Their answers gave a better insight into the way in which organizations deal with the digital security effect of COVID-19.
Increase in coronavirus-related attacks
With all the types of scams we’ve come across in our weekly scam, it’s not surprising that organizations have seen their share of digital coronavirus attacks. In fact, 63% of the respondents told Dimensional Research that their organization was bought off by COVID 19 in connection with extortion, phishing and/or social engineering attacks. (A total of 61 percent of IT security experts said these attempts had failed, but 2 percent said their organization had been hacked).
Given this increase in the number of attacks, it is not surprising that 94% of those surveyed today say they are more concerned about the digital security of their organisation than they were before VIDOC-19.
Protection of distance workers
According to COVID-19, the security of employees’ home networks was also the main concern for 55% of the respondents. This care was followed by the concern that employees’ remote computers should be securely configured and meet standards of 41 percent and 38 percent respectively.
Ranking of IT professionals’ security problems compared to COVID-19 (Source: Tripwire)
The majority (83%) of respondents told Tripwire that their organisation had experienced a significant increase in the number of homeworkers as a result of the VIDOC epidemic. An even larger number (89%) said that the switch to teleworking made it difficult for them.
Tim Erlin, Tripwire’s Vice President of Product Strategy and Management, believes this perspective is understandable:
The massive shift towards teleworking represents a huge change for attacking organizational sectors. Not surprisingly, it is difficult for security professionals to monitor and minimize this new vulnerability.
In general, respondents cited several reasons why their organizations moved to remote areas to work:
- Nearly half (49%) of those surveyed said that it was more difficult to ensure safety in the workplace in workers’ homes. This is only slightly higher than the proportion of computer security experts (48%) who believe that employees are more exposed to digital attacks when working from home.
- More than two-fifths (41%) of respondents indicated that it is more difficult to check which devices are connected to the company network.
- More than a third (38%) indicated that it was difficult to gain insight into remote facilities and systems. Overall, 64% of IT security professionals told Dimensional Research that security visibility became more complex after employees embraced teleworking. In addition, 78% of respondents reported insufficient understanding of critical data types, including the status of system updates at end-user endpoints, vulnerability assessments and remote access infrastructure.
In view of these perspectives, it is logical that the majority (65%) of the respondents conclude that COVID-19 has at least temporarily affected the digital security of their organization.
The way forward for organisations
Of all the issues discussed above, the lack of visibility is perhaps one of the biggest challenges facing IT security professionals today. It is essential that security teams know the target area so that they can develop procedures to effectively mitigate and control threats. But now that work is done outside corporate networks and devices, companies are trying to find new ways to detect threats.
It’s an evolutionary process. As organizations strive to get the most out of their tools, they look to their suppliers to help them understand how to solve specific problems with the solutions they already have. These issues are constantly evolving, in the sense that the real security implications of COVID-19 have not yet been recognised. Therefore, advanced tools and training should be the cornerstone of the post-coronavirus world.
Erlene is not surprised by this prediction:
In recent years we have seen unprecedented growth in the cyber security market, but many of the most innovative technologies are more relevant to advanced applications. It is clear that as companies strengthen their economic ties and reduce their discretionary budgets, more and more organisations will look at what their existing tools can do to safeguard their assets.
At the same time, it is important that organizations keep pace with the changing challenges of digital security. You can learn more about these digital security issues related to COVID-19 by downloading the full tripwire report here.