Virtualization Technology News and Information
Post COVID-19 Security Predictions: Remote Work, Insider Threats and More

By: Anurag Kahol, CTO of Bitglass

Working from home went from a luxury to a necessity for most parts of the world in March 2020, leaving many organizations scrambling to adjust. Cybercriminals have been preying on this shift as the sudden change left some organizations unprepared from a security perspective, creating an increased attack surface as well as heightened anxieties. This adds up to a perfect breeding ground for attacks. Cyberattacks show no signs of slowing down as Google saw 18 million malware and phishing emails related to COVID-19 scams daily in just one week, on top of the more than 240 million daily spam messages it sees related to coronavirus.

As companies and security professionals continue to adapt to the new normal, below are a few predictions that we can expect to see in the coming months from popular attack methods to major technology trends.

Cloud adoption has already been growing rapidly, but we'll see a sharp increase in adoption in 2020 as a result of the global pandemic. Recent events have impacted businesses and schools all around the world, causing them to shift to remote work wherever possible. Cloud adoption gives employees and students the freedom to operate from the safety of their homes by granting remote access to needed data and services. However, even before the outbreak, cloud adoption was outpacing the adoption of the tools needed to properly protect data in cloud environments. In 2019, 86% of organizations deployed cloud-based tools, but a mere 34% made use of single sign-on (SSO), a basic but critical capability for authenticating users and securing access to corporate cloud environments. This statistic suggests deeper underlying cloud security issues within organizations and indicates that data breaches will continue to arise around the world.

The shift to widespread remote work also increases the likelihood of insider threats. Verizon's 2020 Data Breach Investigation Report found that approximately 30% of breaches involved internal actors. Additionally, a recent survey conducted on IT professionals about insider threats revealed that only half of organizations provide user training regarding insider threats. While protecting data from malicious external actors is typically top of mind for most organizations, the fact remains that they must also defend against employees--whether they are malicious or merely careless. 

Phishing attacks are not a groundbreaking threat, and general employee awareness of these schemes has grown in recent years; however, hackers still find success with this tactic by taking advantage of major news. In fact, the United Nations' health agency released an alert warning of an increased number of cybercriminals posing as World Health Organization (WHO) representatives amid the current pandemic. During this stressful time, recipients of these messages are more likely to click on malicious URLs, open attachments, and give up personal data. Because of this, insider threats will spike and be a leading cause of data breaches in 2020.

Businesses will implement changes to ensure BYOD devices are secure. A majority of organizations (85%) were already somewhat prepared for remote work by enabling bring your own device (BYOD) policies. On the flipside, not all companies that have adopted BYOD are doing so securely. For example, 43% of businesses do not know if the devices employees are using to access corporate data are infected with malware--demonstrating a disturbing lack of visibility. By the end of 2020, we will likely see even higher BYOD adoption rates--whether out of necessity for enabling remote work, or simply for BYOD's many benefits, including enhanced mobility, efficiency, and employee satisfaction. 

Regardless, when companies enable BYOD, they must also implement agentless security measures that can protect corporate data on personal devices. With agentless tools, IT gains security and compliance without invading user privacy through agents on employees' personal endpoints. As organizations increasingly realize that cybersecurity must be a top priority, we predict that the use of agentless security solutions will rise alongside that of BYOD.

While a global pandemic is not something you can predict, companies should be equipped with the proper security tools that enable remote work at the drop of a hat. There are many reasons why an organization may need its employees to be able to work from home with little notice - for example, a snowstorm or hurricane, or something less extreme, such as strikes from public transportation workers. Enterprises are responsible for ensuring their employees as well as their security teams are prepared for the unexpected in order to enable company productivity without compromising on data security.


About the Author

Anurag Kahol 

Anurag Kahol expedites technology direction and architecture. Anurag was director of engineering in Juniper Networks' Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.

Published Friday, July 03, 2020 7:26 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2020>