COVID-19’s Impact on Cybersecurity

December 28, 2020

The world’s greatest health concern also became its largest cybersecurity threat. As workers moved to remote settings, IT departments became strained, cyberattacks increased and companies underestimated security risks. Looking to the future, cybersecurity must become a priority.

Remote Working Cybersecurity Risks & Employee Stress

The COVID-19 outbreak forced many workers to operate remotely, leading to several security risks. Personal home networks are often insecure compared to business networks. Companies may not supply workers with portable business devices, which also have greater security implemented than personal devices. Operating from home may cause workers to feel more at ease using personal accounts or storage that are not as secure as company assets.

Cybercriminals are using COVID-19 to prey on personal fears like job security, economic security and basic needs like food and healthcare. The CDC and WHO saw a surge of impersonating phishing emails that offered COVID-19 updates, help links and requests for donations. Attackers created fake Skype and Zoom emails to steal personal login information and install malware. Since the outbreak, Google reported a 350% increase in phishing websites, many of them related to COVID-19.

The stress of the pandemic is likely to elevate human error. Stress can lead to increased lapses of judgement, resulting in oversights that leave openings for cyberattacks. Worse, many workers are untrained in cybersecurity risks, making them unaware of how to spot and avoid attacks.

IoT Implementation Scramble & Security Oversight

In the wake of remote work, many companies were forced to rush IoT solutions – often with lacking cybersecurity. In a study by Tanium, 22% of IT departments in 1,000 global companies expressed feeling overwhelmed by the rush to deploy remote solutions. Nearly all executives admitted to delaying or canceling security projects to support the work-from-home shift.

Companies also left their workers unprepared. In another study, Malwarebytes surveyed over 200 IT executives across the US. 44% of respondents said they didn’t provide cybersecurity training to employees regarding remote threats. 45% didn’t perform security analyses of software tools needed to work from home. 61% provided company devices to employees to use from home, but 65% within that category didn’t deploy new antivirus software to those devices. In the Tanium study, 43% of IT departments experienced issues patching remote worker devices, and 26% side-lined the practice entirely.

Most executives in both surveys scored their companies highly in preparedness for the work-from-home shift. However, this may be due to overconfidence. Though human error is known to be the greatest security risk, nearly half of all Malwarebytes respondents were confident in their employees’ awareness of best security practices, and only 21% were concerned about their employees’ lack of cybersecurity training. 31% believed their company security to be unchanged after implementing remote work, and 27% felt only slightly less secure.

Cyberattacks & Cybersecurity Awareness Increase

In April, the FBI reported a 300%-400% increase in cybercrime since COVID-19. In addition to the increase in phishing emails and websites, ransomware attacks also increased. In the Tanium study, 90% of respondents reported an increase in cyberattacks since the outbreak. 20% of Malwarebytes respondents reported a security breach, and 24% reported unexpected expenses due to cyberattacks.

Lapses in cybersecurity existed before COVID-19, but the pandemic has pushed those gaps to the forefront. 70% of Tanium respondents reported making cybersecurity a top priority since the pandemic. Nearly half plan to improve endpoint and patch management. 55% of Malware respondents plan to develop stronger remote security policies. 49% want to implement work-from-home security training, and 40% plan to implement remote antivirus solutions.

A Harvard study revealed 82% of companies that have implemented remote work expect to continue to do so at least part time after the pandemic has ended. In a world of increased cyberattacks, companies should make cybersecurity a priority, review and revise current security policies and train employees on cybersecurity risks.