Work-at-Home: The Impact on SecuritySurvey Sizes Up Increased Risks, New Duties for Security Staff
The shift to working at home is opening the door to cybersecurity incidents. Some 23% of respondents to a small survey conducted by the training organization International Information System Security Certification Consortium - also known as (ISC)2 - say their organization has experienced an increase in cybersecurity incidents since transitioning to remote work.
"COVID-19 hit us with all the necessary ingredients to fuel cybercrime: 100% work from home before most organizations were really ready; chaos caused by technical issues plaguing workers not used to [work from home] … temptation to visit unverified websites in search of up-to-the-minute information; and remote-workforce technology supported by vendors driven by 'new feature time to market' and NOT security," one respondent to the (ISC)2 study notes.
The (ISC)2 survey, based on responses from 256 cybersecurity professionals worldwide, is intended to offer a snapshot of how priorities have changed over the last two months.
Almost half of the security pros surveyed report that they have been shifted away from security duties and reassigned to IT duties over the last two months.
Of those that have been reassigned to IT duties, about 30% report that their organizations have seen an increase in security incidents over the last several weeks.
Organizations are asking their security teams to be creative in order to keep the workforce secure during this time, which means additional opportunities for the security team, the (ISC)2 report states.
"Security professionals are suddenly looked at as creative problem solvers and risk reducers in ways management never intended," Erik von Geldern, the CISO of FXCM, a British-based trading firm, said about the (ISC)2 survey results.
Fraudsters Adapt to Conditions
Security firm Kaspersky reported this week that attackers are taking advantage of the remote workforce to target devices using remote desktop protocol connections to gain access to corporate networks (see: RDP Brute-Force Attacks Rise During COVID-19 Crisis: Report).
And U.S. and U.K. law enforcement and government cybersecurity experts have warned that cybercrime groups and nation-state hacking gangs will continue to exploit the COVID-19 pandemic to further their own aims (see: UK and US Security Agencies Sound COVID-19 Threat Alert).