Some of the most surprising news coming out of 2020 — a year when it seemed like there was a major breaking story every day — is the number of data breaches decreased during the first nine months of the year. 

This is the exact opposite of what experts expected. The security concerns as millions of workers moved from on-site to a remote working-from-home (WFH) model were real. The rise of phishing attacks and social engineering tied to worries about COVID-19 really happened. In addition, WFH created a more lax attitude toward cybersecurity as people juggled work and family tasks and did not have someone on hand to respond to questions regarding best practices.

And yet, the Identity Theft Resource Center reported a 30% decrease in data breaches in 2020 and a 60% drop in the number of identities that have been compromised compared to 2019, all while cyberattacks have increased. Why is that?

Challenges in Cybersecurity for Businesses

On the surface, it doesn’t seem to make much sense, even more so in light of all the doom and gloom from experts. So why is remote work cybersecurity working so well?

“Organizations are on high alert, looking for the signs of a cyberattack,” Eva Velasquez, president and CEO of the Identity Theft Resource Center, tells CNBC. “Companies are also making sure their teams are hyper-focused on phishing and other forms of attacks and scams that can lead to a data breach.”

It could be, too, that IT and security teams are finally looking at cybersecurity as a team effort.

“Cybersecurity relies on specialists of every kind —  CISOs, network systems administrators, cloud experts and more —  to achieve success. It takes a true team in order to avoid the pitfalls of cyber vulnerabilities and attacks,” reports the Center for Internet Security

But cybersecurity also relies on people who aren’t experts. The average worker must step up and do their part to keep the group safe from threat actors and attacks. Sometimes, this means turning to outside help. 

How to Maintain Security When Employees Work Remotely

Nobody planned for this massive shift from working on-site one day to remote work the next. Even for teams who had a little bit of time to plan, it was still just a matter of days. 

One study found 96% of organizational leadership admitted they weren’t prepared for the security challenges. The biggest task was to make sure as many workers as possible had virtual private network (VPN) connections to the network. The study notes that 22% of respondents felt VPNs overwhelmed IT and resulted in unknown devices connecting to the network. 

And yet, somehow, IT and cybersecurity teams managed to rise to those challenges. What has worked in favor of security teams is that many are accustomed to remote work and managing security issues from their couch. This kept security work flowing closer to normal.

Better Cybersecurity Awareness Training for Remote Work 

Cybersecurity awareness training has long been a sticking point for IT teams. Employees need more frequent training sessions and more hands-on sessions in order to understand the importance and urgency of practicing good security habits. WFH has emphasized the need for good security training even further.

To help teams improve cybersecurity awareness training, advocates have created courses for those employees working from home.

The SANS Institute, for example, developed a Security Awareness Work-From-Home Deployment Kit that “provides a step-by-step plan to quickly execute an awareness initiative to secure your remote workforce, including how to identify what to teach your workforce, the top three risks to focus on, what departments to coordinate with and how to effectively engage and communicate to your workforce.”

Having these modules designed for remote work means security teams can create awareness programs for the current situation. 

Third-Party Help With Remote Work Security

Employees rely on cloud computing to work remotely, so why not rely on the cloud to protect systems remotely? For teams that need more support, turning to a managed security service provider (MSSP) can provide the security support that would otherwise be missing in a WFH setup. 

Gartner suggests entities with a workforce at home should increase their reliance on MSSPs during remote work as a way to stay ahead of threat actors.

“Bad actors are always looking to take advantage of worldwide events, such as the pandemic, to exploit new vulnerabilities and circumvent even the most advanced security controls,” Jonathan Care, senior research director at Gartner, tells ChannelFutures

WFH Challenges in Cybersecurity for Business

Remote work isn’t a new idea — millions of workers have been remote working for years, either full-time or on a hybrid schedule — but rarely does WFH happen en masse and in such a hurry. 

As the Identity Theft Resource Center numbers show, security teams have been doing a good job at making sure their organization’s employees are meeting the security challenges faced in remote work. The challenge next will be to make sure all parties continue to keep up with their cybersecurity awareness training.

More from Security Services

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website GTAForums.com. Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

Log4j Forever Changed What (Some) Cyber Pros Think About OSS

In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services. Nearly anything from popular consumer and enterprise platforms to critical infrastructure and IoT devices was exposed. Over 35,000 Java packages were impacted by Log4j vulnerabilities. That’s over 8% of the Maven Central repository, the world’s largest…