The pandemic has created immense opportunity for cyber attacks. Cybercrime has increased exponentially in 2020 and some estimate the global cost at nearly 1 Trillion dollars. The landscape has changed. The increased opportunity has led to increased attacker activity, which in turn leads to advances in technology and techniques used for attacks.
- IT environments have exposed more vulnerabilities than ever before. Many businesses moved to enable remote work in a hurry, while at the same time the economy was sliding off a cliff. That means most did it in a hurry and on the cheap, failing to give security the attention it deserved.
- IT staff are now dealing with an exponential increase in home users. Employees working in remote locations who are often using their own computers, software and networks that are not controlled by the business or any of their normal security tools like firewalls, antivirus and other endpoint security applications or policies.
- Many organizations have made a rapid move to cloud-based technologies, like Office 365 or Windows Azure, to better facilitate a distributed workforce. Many assume that these services are inherently secure because the service provider is responsible. However, cloud-based services are not necessarily more secure and while the service provider is certainly providing a basic level of security there are almost certainly some vulnerabilities and/or gaps.
- With people working at home and services moving to the cloud, your data is being scattered all over. That creates holes in your backup strategy – which is often your last line of defence in a cyber attack.
- In many cases the worst part is that you may never know you’ve been attacked, or what they gained access to because there is no elevated security monitoring or response plan in place. The advanced techniques and technology in use now can often go undetected for months, or never found at all.
The biggest risk of all is IT staff and service providers that are not plugged in to these issues or doing anything about them. If you have not had a conversation in the last 6 months with the person or organization responsible for your technology in the last 6 months about increased cybersecurity risks, then your business is exposed. There are strategies and technology that can help mitigate these risks but if no one is aware and doing something about it, they can’t help you.