Hackers threw salt on the pandemic wound by ramping up cyber-attacks on businesses by a painful 80 percent.
A recent study conducted by security information and event management (SIEM) experts at Exabeam polled upwards of 1,000 cybersecurity leaders at small- and mid-sized organizations. The feedback revealed that 88 percent of U.S. companies and 74 percent of U.K. outfits saw an uptick in cyber-threats. Security professionals also acknowledged that 38 percent of American organizations and 40 percent of U.K. enterprises were compromised.
It’s no secret that digital thieves disgracefully targeted vulnerable employees at a time when fears about the pandemic were at a peak. Preying on fear and anxiety, a flood of COVID-19 phishing schemes were unleashed. In March, for example, ZD Net reported that more than 3,600 domains had been secured over a four-day stretch using the term “coronavirus” or some variation. These numbers soared as a single-day high saw 35,500 COVID-type domains registered. Many were designed to exploit people in hot spots and were laced with malicious software.
My team and I at ICS in Houston, Austin and San Antonio ask ourselves the following questions.
Did Organizations Leave Themselves Vulnerable to Cyber-Attacks?
Industry decision-makers compromised by cyber-attacks may have inadvertently caused a self-inflicted wound. By following typical corporate protocol to reduce expenses and purge seemingly non-essential personnel, organizations softened their cyber-defenses.
According to the Exabeam research, most companies implemented a hiring freeze just as remote workforce strategies were being implemented. New talent deferrals in the U.S. hit 70 percent, and 42 percent in the U.K. But possibly the worst mistake entrepreneurs and CEOs could have made was furloughing 75 percent of their experienced cybersecurity staff when remote infrastructure protections were mission-critical.
“The rise in attempted cyberattacks while companies experience staff reductions is a harsh reminder of the security and financial challenges created by the pandemic,” Exabeam’s chief security strategist Steve Moore reportedly said.
Adding insult to injury, managed IT professionals were purged at a rate of 33 percent in the U.K. and 40 percent in the U.S. Although only 22 percent of staff members considered running short-handed the most significant challenge, pervasive communication breakdowns, and network inefficiencies left skeleton crews unable to adequately investigate and respond to emerging threats.
How Can Organizations Rebuild Their Cyber-Defenses?
One of the immediate corrections that industry leaders can make is to rethink cybersecurity in terms of primary infrastructure. Too many CFOs consider managed IT and cybersecurity an “expense” rather than a necessity. That perception is supported by the fact that approximately 60 percent of organizations also deferred planned cybersecurity investment.
As Exabeam’s chief security strategist points out, “Companies are grappling with the security fallout from an unexpected shift to remote work, but it’s business as usual for cybercriminals and foreign adversaries with unprecedented opportunity.”
Shuttering brick-and-mortar workspaces only emboldened hackers to target newly-minted remote workers. Organizations that reduced security teams and kicked investment down the road would be wise to right the ship immediately. Proactive measures must include these critical next steps.
- Follow Through on Planned Cybersecurity Investment
- Implement Ongoing Cybersecurity Awareness Training for Remote Workers
- Use Zero-Trust Login Credential Strategies
- Secure Endpoint Devices
- Leverage Multi-Factor Authentication for Employee Access
As industry leaders extricate their organizations from the height of the disruption, many will be looking for places to reduce expenditures further. Cybersecurity and managed IT must remain a sacred part of the overall company budget.
However, decision-makers can streamline these necessities by working with third-party specialists to manage portions or all of the organization’s IT and cybersecurity oversight. In these uncertain times, remote infrastructure supported by determined cybersecurity measures remains a powerful solution.