Chuck Orrico, Executive Vice President at DYOPATH
If you are an avid or even occasional newsreader, it’s likely that you have seen an alarming number of headlines lately about unassuming businesses falling victim to hackers. As organizations everywhere sprinted to adapt to COVID-19, they quickly found themselves drowning in a cesspool of cybersecurity risks. Hackers, capitalizing on this new vulnerability, wasted no time in increasing their efforts of attack.
Perhaps this has your thoughts churning with anxiety; is it time to step up your organization’s cybersecurity game?
In my last blog, I talked about cyber risk being synonymous with business risk and addressed the true cost of a cyberattack on an organization. Now I want to talk about the urgency of cybersecurity. If you read my last blog, you’ll know that it has always been an urgent matter, but that is heightened now that the pandemic has brought about an upsurge in attacks. The FBI has reported an increase in daily cybercrimes by roughly 300% since the start of COVID-19. While these numbers may have settled a bit since then, they are likely to continue to be concerningly high as long as this situation persists.
Emergency security patches and sheer luck may have sufficed until now, but what is more likely, is that many businesses are already unknowing victims. In either case, in order to provide powerful protection for your organization during this new normal, the time for implementing a secure cyber management plan is now.
Cybersecurity Challenges Facing Businesses Right Now
The majority of cybersecurity challenges businesses are facing right now stem from the rapidly changing security landscape. There are so many variables in this landscape that many organizations are scrambling just to get by. A large percentage didn’t have an effective cybersecurity protocol in place, to begin with. Of the ones who did, most were still not anticipating or prepared for supporting a fully remote workforce. In this type of work environment, endpoint security must protect all devices, mobile included. Devices should be corporate assets, not personal ones. Exposure is likely because many organizations don’t have either the in-house or external access to perform their operations remotely and securely. It’s a matter of having limited resources to manage security and monitor employee data security practices.
The surge of employees working remotely means a lot more people are using their personal devices to conduct business while connecting to their home networks, or in cases of limited home access, public networks. This renders traditional perimeter-based security tools powerless, as they are no longer able to manage visibility or control. The risk of exposing confidential information to theft or damage is much greater.
In many cases, well-intentioned employees are just striving to accomplish their jobs. In doing so, they may be inadvertently leaking highly sensitive data by using unsecured networks.
Couple this with the drastic increase in external attacks (Google reported more than 18 million phishing and malware scams related to COVID-19 every single day back in April), and businesses are now facing an uphill cybersecurity battle of epic proportions.
The challenge facing many organizations is managing their security needs while in the midst of having considerably fewer resources. This is where a Managed Service Provider like DYOPATH comes in to fill the gaps in an organization when internal shortages become problematic and to help offset costs and risks.
What Can We Learn from the COVID-19 Pandemic about Cybersecurity?
I think the most vital lesson any organization can take from this is understanding the need to be prepared for the unknown threats that are imminent in the age of such a highly digital landscape. We couldn’t have necessarily known this pandemic was coming or the extent to which it would impact our world. But part of having a strong cybersecurity plan in place is being ready for the unknown.
In this particular situation, those who didn’t have a fully secure online environment that supports remote working before the pandemic are likely already experiencing the struggle to recover. This is similar to not having the proper security measures in place before a ransomware attack. Recovery and remediation afterwards can be much more difficult to achieve, not to mention costly. The longer you wait to implement cybersecurity solutions, the bigger the risk you take of suffering a total loss. This is why at DYOPATH, we are stressing the urgency of cybersecurity for your organization.
If you aren’t taking your cybersecurity seriously, especially in light of this pandemic, you are jeopardizing your organization’s chance for continuity. A recent survey from CrowdStrike and YouGov surveyed organizations globally to determine security risks during COVID-19. In this survey, 56% of respondents are now working from home more often as a result of COVID-19, with 60% using their personal devices for work. And yet half of the respondents admit that their organizations aren’t offering cybersecurity training on the risks of remote work and 86% of them believe their devices to be safe against cyber threats. 50% believe that their business is equally or even less likely to experience cybercrimes due to COVID-19. These results support a clear lack of cybersecurity priority across organizations despite all evidence pointing to a dire need for it.
What Measures Should Your Organization Be Taking?
Let me preface this by sharing what your organization should not do. If budgets need to be reduced, the one area you want to avoid downsizing is your IT staff and cybersecurity operations. In fact, if you weren’t allocating a strong portion of your budget to this in the first place, you should consider ways to allow for that now. The bulk of the workforce is now critically reliant on cyber to operate. As organizations consider their post COVID re-strategizing plans, they need to accommodate for this.
As for what should be done, the following are several proactive steps that organizations should apply immediately if they are not already doing so:
- Advise staff and customers to be cautious and scrutinous when opening links, emails, or documents related to COVID-19 to lessen the risk of cyberattacks
- Train employees, or if necessary, consider outsourcing workplace security training to address the added risks of working remotely
- Implement necessary measures to maintain the security of employees’ networks, devices, and data
- When possible, restrict employees from using their personal devices for work and from working in public spaces
- If there are existing security defenses in place, evaluate their functionality and capabilities for handling remote working conditions and defending against an increase in cyber threats
A longer-term strategy would involve revisiting and updating your business continuity plan (BCP) and disaster recovery (DR) plan. For many organizations, these plans might not have included the impact of a global pandemic. However, as we are experiencing one first-hand now, this should provide the catalyst needed to identify the risks and recovery options for ensuring an acceptable level of preservation.
And preservation is indeed the ultimate goal. It is impossible to completely eradicate cybersecurity risk; that is not an attainable goal. The key to true cybersecurity is an organization’s ability to prepare for, respond and adapt to, and recover from a known or unknown threat, while maintaining functionality and purpose as intended. At DYOPATH, we work with our clients to do exactly that. Because of this, many of our clients were already in a position to successfully navigate their IT security before this pandemic hit, keeping their organizations within their acceptable level of security risk in the aftermath.
Thank you for taking the time to read this blog. As part of our “Cyber Risk is Business Risk!” campaign, we are aiming to educate business leaders on the serious impact that cybersecurity has on organizations. I have one more blog coming up on the risk of relying on reactive cybersecurity measures.
If your organization is facing urgent cybersecurity breaches and you’re looking for immediate assistance, contact us today to see how our security engineers can help.
Chuck Orrico, Executive Vice President
About the author: Chuck Orrico is the Executive Vice President (EVP) at DYOPATH. He is responsible for leading strategic growth initiatives across both sales and marketing. Chuck has more than 35 years of experience in helping clients develop business solutions through IT strategic planning, information management and technology investment. Today, his entrepreneurial spirit and keen business acumen have helped DYOPATH maintain its focus on quality, which has resulted in improved business operations for its clients. His leadership is grounded in mentorship, business growth and client satisfaction. His passion for DYOPATH comes from the culture, values, and working with “A” players.