As the business world navigates the ups and downs of today’s economy, a mindset shift is required to maintain cyber resilience. Cybersecurity, often an afterthought in a strong economy, must not be neglected in responding to shifts in the business landscape.

As more companies expand their remote workforce, the number of endpoints with access to corporate resources is proliferating. Hackers are seizing the opportunities this presents: Phishing email click rates have risen from around 5 percent to over 40 percent in recent months, according to Forbes.

With a strong cybersecurity mindset and some strategic planning, your company can position itself to survive these new working conditions and build up even more cyber resilience as you adapt. Because cybersecurity professionals are facing formidable adversaries, understanding how hackers think can go a long way in mitigating the threat they pose.

An Unfair Advantage

Security expert Frank Abagnale is one of the foremost experts on the thought processes of threat actors, and he was kind enough to lend his expertise to this piece.

Since the number of successful phishing attacks has skyrocketed, I asked him if this is more a function of hackers stepping up their game, or employees not possessing the right cybersecurity mindset to pay attention.

“It’s both,” he explained. “Any crisis is a perfect backdrop to phishing attacks. At the same time, employees are in a new environment, working from home with more distractions than ever. Add to this stress, cabin fever and anxiety, and you have the perfect phishing storm.”

What makes bad actors so successful, according to experts, is that they take advantage of the human condition. And the human condition is less guarded by security layers today than it has been in quite some time.

“Any fear and anxiety gets people to do things they normally would not do,” said Abagnale.

Take It From the Top

So what can an enterprise do to swim against this foreboding tide? Abagnale insists that vigilance is the key.

“It’s the way to go in normal times and especially now,” he said. “If a link or email sounds too good to be true, it probably is. Don’t rush to fill forms and provide your information to anyone who claims to be the IRS” — or someone who can accelerate your tax return.

But employees can’t be expected to bear the full responsibility of security, or even to recognize established best practices in every scenario. If something is too confusing or complicated and employees don’t know much about it, failure can seem inevitable. Good cybersecurity must be taught in ways that are easy to understand and that include actionable takeaways.

“We must use this time to educate and keep employees alert,” Abagnale asserted. And today, the cybersecurity responsibility elevator operates with only one button and one destination: the C-suite. It therefore falls to chief information security officers (CISOs) and security practitioners to connect the dots and ensure their colleagues understand what they can do to help.

Modern Problems, Modern Solutions

As we continue working, could the altered landscape change Abagnale’s mindset around cybersecurity? Would most of his convictions hold?

“I have been talking and warning executives and companies for over four decades about what criminals do to exploit unsuspecting humans,” he explained. “I now live to see the full effect of it, in a time that is ripe for fraud and deceit. My convictions are more reinforced today than ever. I am more energized to help educate the public about cybercrime and how we move forward to a better and more secure internet.”

Abagnale firmly believes that we must elevate our systems to prepare for the future, and the first piece of advice he would give to any company and security practitioner is to stop using passwords.

“Once you take the secret away from the human user, they cannot give it to the crooks,” he said. “They will not fall prey to keyloggers. It’s time we move forward from a 1960s technology to the 21st century.” Now may just be the time to put into action what Abagnale has been suggesting for years, and the path to a passwordless world may be simpler than you think.

Of course, moving away from passwords is just one aspect of the mindset shift security experts must embrace to bolster their cyber resilience. Don’t just keep cybersecurity and cyber hygiene front of mind; take the opportunity to reevaluate the true efficacy of our fundamental assumptions about security. Drastic changes in the threat landscape will continue to develop as working norms are overhauled, and security measures devised for outdated threats likely won’t serve us in the future — or even the present.

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…