Written by Tony Pepper, CEO, Egress
The impact of COVID-19 has dramatically changed the world we operate in, and yet many of the problems we experienced prior to the pandemic not only remain but have increased ten-fold. Alongside the devastating health and economic impacts of the pandemic, there has also been a huge escalation in ransomware, phishing, and growth in insider risk as organizations shifted employees to home working.
Remote working immediately intensified insider risk as most organizations went from centralized office locations to their employees being scattered across states and even countries, operating from dining tables, spare bedrooms, and home offices. Overnight, this magnified the risk that every individual poses to sensitive personal and privileged information.
( Also Read: Importance of Cybersecurity in Business )
This doesn’t necessarily mean that employees are malicious. On the contrary, most people are simply trying to do their jobs well and effectively, but we all make mistakes, like sending an email to the wrong person or forgetting to redact non-pertinent data from a file. In the home-working environment – where distractions are multiplied with children, pets, and deliveries (to name just a few!) – the risks of these mistakes are amplified.
Understanding the risks that people pose
As we look to the future, with hybrid and remote working here to stay, so security and in particular, human layer security will continue to be on the board agenda. Organizations have become acutely aware of the risk their people present to their business.
What we found in 2020 was that the “new normal” of remote working rapidly became just “normal” as the pandemic continued throughout the year. We might not have loved it all the time, but we’ve certainly had to accept a work-life that relies on Zoom, where Teams chats and Slack replace water cooler conversations, and we lived and breathed email!
As vaccines start to be rolled out, there is renewed hope that life will return to some sort of regularity and it’s likely we’ll soon be resurrecting the phrase “new normal” as we talk about implementing flexible working across homes and offices worldwide.
A rise in human-activated security incidents
This next phase is likely to cause disruption again and wherever there is disruption, cybercriminals see opportunity. I expect we’ll see the surge in phishing attacks continue in 2021. Another topic for leadership teams will be communications around employees returning to an office environment.
Amid a mix of ongoing limitations, as different states go in and out of restrictions, there may be a need for desk-booking or the frequent re-authorization of access keys and so on. All these communications and more will inevitably become the subject of targeted phishing attacks, with cybercriminals tempting employees to click links and secure their seat in the office for the next working week.
As well as inbound security incidents, we’ll also continue to see the rise in outbound email data breaches that’s been the hallmark of remote working. Recent Egress research shows that 94% of organizations have seen an increase in outbound email traffic since March 2020 – and with that, a rise in human-activated security incidents, such as adding the wrong email address, attaching the wrong documents, or forgetting to use the Bcc field.
With this new type of flexible working, we’ll see our reliance on email continue and, with it, the likelihood that data will be put at risk. It will also mean that security around people, wherever they are, will become even more important.
Securing individuals will be even more important in our hybrid world
As technology changed the way we work, so organizations first looked to secure their network layer, then their application layer. Now the focus must be on the human layer. Securing individuals and mitigating insider threats will remain a top priority for organizations as they support this new flexible hybrid working regime between offices and homes in 2021.
As a result, we’re going to see organizations closely examining their security tech stack, and upgrading legacy technologies that can’t scale or, simply, make life difficult for employees. Older solutions built on static rules and blanket policies have failed to prevent insider data breaches to date – and reliance on them will only make the situation worse in 2021. Instead, this will be the year for intelligent technologies, like contextual machine learning, to add value to businesses in the mainstream.