Some of the most surprising news coming out of 2020 — a year when it seemed like there was a major breaking story every day — is the number of data breaches decreased during the first nine months of the year. 

This is the exact opposite of what experts expected. The security concerns as millions of workers moved from on-site to a remote working-from-home (WFH) model were real. The rise of phishing attacks and social engineering tied to worries about COVID-19 really happened. In addition, WFH created a more lax attitude toward cybersecurity as people juggled work and family tasks and did not have someone on hand to respond to questions regarding best practices.

And yet, the Identity Theft Resource Center reported a 30% decrease in data breaches in 2020 and a 60% drop in the number of identities that have been compromised compared to 2019, all while cyberattacks have increased. Why is that?

Challenges in Cybersecurity for Businesses

On the surface, it doesn’t seem to make much sense, even more so in light of all the doom and gloom from experts. So why is remote work cybersecurity working so well?

“Organizations are on high alert, looking for the signs of a cyberattack,” Eva Velasquez, president and CEO of the Identity Theft Resource Center, tells CNBC. “Companies are also making sure their teams are hyper-focused on phishing and other forms of attacks and scams that can lead to a data breach.”

It could be, too, that IT and security teams are finally looking at cybersecurity as a team effort.

“Cybersecurity relies on specialists of every kind —  CISOs, network systems administrators, cloud experts and more —  to achieve success. It takes a true team in order to avoid the pitfalls of cyber vulnerabilities and attacks,” reports the Center for Internet Security

But cybersecurity also relies on people who aren’t experts. The average worker must step up and do their part to keep the group safe from threat actors and attacks. Sometimes, this means turning to outside help. 

How to Maintain Security When Employees Work Remotely

Nobody planned for this massive shift from working on-site one day to remote work the next. Even for teams who had a little bit of time to plan, it was still just a matter of days. 

One study found 96% of organizational leadership admitted they weren’t prepared for the security challenges. The biggest task was to make sure as many workers as possible had virtual private network (VPN) connections to the network. The study notes that 22% of respondents felt VPNs overwhelmed IT and resulted in unknown devices connecting to the network. 

And yet, somehow, IT and cybersecurity teams managed to rise to those challenges. What has worked in favor of security teams is that many are accustomed to remote work and managing security issues from their couch. This kept security work flowing closer to normal.

Better Cybersecurity Awareness Training for Remote Work 

Cybersecurity awareness training has long been a sticking point for IT teams. Employees need more frequent training sessions and more hands-on sessions in order to understand the importance and urgency of practicing good security habits. WFH has emphasized the need for good security training even further.

To help teams improve cybersecurity awareness training, advocates have created courses for those employees working from home.

The SANS Institute, for example, developed a Security Awareness Work-From-Home Deployment Kit that “provides a step-by-step plan to quickly execute an awareness initiative to secure your remote workforce, including how to identify what to teach your workforce, the top three risks to focus on, what departments to coordinate with and how to effectively engage and communicate to your workforce.”

Having these modules designed for remote work means security teams can create awareness programs for the current situation. 

Third-Party Help With Remote Work Security

Employees rely on cloud computing to work remotely, so why not rely on the cloud to protect systems remotely? For teams that need more support, turning to a managed security service provider (MSSP) can provide the security support that would otherwise be missing in a WFH setup. 

Gartner suggests entities with a workforce at home should increase their reliance on MSSPs during remote work as a way to stay ahead of threat actors.

“Bad actors are always looking to take advantage of worldwide events, such as the pandemic, to exploit new vulnerabilities and circumvent even the most advanced security controls,” Jonathan Care, senior research director at Gartner, tells ChannelFutures

WFH Challenges in Cybersecurity for Business

Remote work isn’t a new idea — millions of workers have been remote working for years, either full-time or on a hybrid schedule — but rarely does WFH happen en masse and in such a hurry. 

As the Identity Theft Resource Center numbers show, security teams have been doing a good job at making sure their organization’s employees are meeting the security challenges faced in remote work. The challenge next will be to make sure all parties continue to keep up with their cybersecurity awareness training.

more from Security Services

To Cybersecurity Incident Responders Holding the Digital Front Line, We Salute You

Over the course of two decades, I’ve seen Incident Response (IR) take on many forms. Cybercrime’s evolution has pulled the nature of IR along with it — shifts in cybercriminals’ tactics and motives have been constant. Even the cybercriminal psyche has completely rebirthed, with more collaboration amongst gangs and fully established ransomware enterprises running. When I was first starting off,…

CISA Certification: What You Need to Know

The globally-recognized Certified Information Systems Auditor (CISA) certification shows knowledge of IT and auditing, security, governance, control and assurance to assess potential threats. As you can imagine, it’s very much in demand. It can also be confusing.  Is CISA Certification Related to the Cybersecurity and Infrastructure Security Agency? CISA, the certification, is related to CISA, the federal agency, right?  Wrong.…

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure and functionality. Thus, IBM Security…