Some of the most surprising news coming out of 2020 — a year when it seemed like there was a major breaking story every day — is the number of data breaches decreased during the first nine months of the year.
This is the exact opposite of what experts expected. The security concerns as millions of workers moved from on-site to a remote working-from-home (WFH) model were real. The rise of phishing attacks and social engineering tied to worries about COVID-19 really happened. In addition, WFH created a more lax attitude toward cybersecurity as people juggled work and family tasks and did not have someone on hand to respond to questions regarding best practices.
And yet, the Identity Theft Resource Center reported a 30% decrease in data breaches in 2020 and a 60% drop in the number of identities that have been compromised compared to 2019, all while cyberattacks have increased. Why is that?
Challenges in Cybersecurity for Businesses
On the surface, it doesn’t seem to make much sense, even more so in light of all the doom and gloom from experts. So why is remote work cybersecurity working so well?
“Organizations are on high alert, looking for the signs of a cyberattack,” Eva Velasquez, president and CEO of the Identity Theft Resource Center, tells CNBC. “Companies are also making sure their teams are hyper-focused on phishing and other forms of attacks and scams that can lead to a data breach.”
It could be, too, that IT and security teams are finally looking at cybersecurity as a team effort.
“Cybersecurity relies on specialists of every kind — CISOs, network systems administrators, cloud experts and more — to achieve success. It takes a true team in order to avoid the pitfalls of cyber vulnerabilities and attacks,” reports the Center for Internet Security.
But cybersecurity also relies on people who aren’t experts. The average worker must step up and do their part to keep the group safe from threat actors and attacks. Sometimes, this means turning to outside help.
How to Maintain Security When Employees Work Remotely
Nobody planned for this massive shift from working on-site one day to remote work the next. Even for teams who had a little bit of time to plan, it was still just a matter of days.
One study found 96% of organizational leadership admitted they weren’t prepared for the security challenges. The biggest task was to make sure as many workers as possible had virtual private network (VPN) connections to the network. The study notes that 22% of respondents felt VPNs overwhelmed IT and resulted in unknown devices connecting to the network.
And yet, somehow, IT and cybersecurity teams managed to rise to those challenges. What has worked in favor of security teams is that many are accustomed to remote work and managing security issues from their couch. This kept security work flowing closer to normal.
Better Cybersecurity Awareness Training for Remote Work
Cybersecurity awareness training has long been a sticking point for IT teams. Employees need more frequent training sessions and more hands-on sessions in order to understand the importance and urgency of practicing good security habits. WFH has emphasized the need for good security training even further.
To help teams improve cybersecurity awareness training, advocates have created courses for those employees working from home.
The SANS Institute, for example, developed a Security Awareness Work-From-Home Deployment Kit that “provides a step-by-step plan to quickly execute an awareness initiative to secure your remote workforce, including how to identify what to teach your workforce, the top three risks to focus on, what departments to coordinate with and how to effectively engage and communicate to your workforce.”
Having these modules designed for remote work means security teams can create awareness programs for the current situation.
Third-Party Help With Remote Work Security
Employees rely on cloud computing to work remotely, so why not rely on the cloud to protect systems remotely? For teams that need more support, turning to a managed security service provider (MSSP) can provide the security support that would otherwise be missing in a WFH setup.
Gartner suggests entities with a workforce at home should increase their reliance on MSSPs during remote work as a way to stay ahead of threat actors.
“Bad actors are always looking to take advantage of worldwide events, such as the pandemic, to exploit new vulnerabilities and circumvent even the most advanced security controls,” Jonathan Care, senior research director at Gartner, tells ChannelFutures.
WFH Challenges in Cybersecurity for Business
Remote work isn’t a new idea — millions of workers have been remote working for years, either full-time or on a hybrid schedule — but rarely does WFH happen en masse and in such a hurry.
As the Identity Theft Resource Center numbers show, security teams have been doing a good job at making sure their organization’s employees are meeting the security challenges faced in remote work. The challenge next will be to make sure all parties continue to keep up with their cybersecurity awareness training.