A new report has warned that the move to remote working will necessitate a sea change in the thinking around cyber security and risk.
Broker Aon has issued a joint report with analytics firm CyberCube which examines the implications around the move towards greater home working and what it means for a firm’s cyber risk.
The report, “Pandemic Under the Microscope: A Focus on the Cyber Risk Impacts of Working from Home”, found that the switch to widespread homeworking has created new vulnerabilities for criminals to exploit.
According to the report, homeworking has exposed new access points for cyber criminals to gain entry to corporate systems including domestic PCs, laptops and Wi-Fi routers. It has also led to a diminution in employees’ distinction between work and personal emails and increasing usage of devices with insecure passwords.
Workers based at home are more likely to use online applications that would be prohibited in the corporate environment due to security concerns.
Criminals have also exploited the public’s need for information on COVID-19 to create a range of social media and text message attacks, particularly in those countries worst affected by the virus.
In addition, the rapid rise of online shopping due to lockdown has exposed the public to a higher level of well-established cyber scams such as form-jacking and spoofing.
Jon Laux, Head of Cyber Analytics, Reinsurance Solutions at Aon, said: “The lesson this report draws is that cyber-security at home is a different animal to cyber-security in the workplace. Organisations are going to have to think more laterally. They’ll need to be more user-centric with a particular focus on employee’s own devices and the cloud-based applications they use.
“The traditional approach to cyber security must be replaced by something that recognizes users will operate in a decentralized and remote fashion. For large organisations, that’s going to create a lot of change management to handle.”
The Report warned any organisation that rapidly deployed new technology, applications, services, or systems at the onset of the pandemic should now be focused on undertaking a thorough review to ensure that they have implemented best practices in security configuration and architecture. It added many organisations are discovering that their rapid deployments, while necessary, may have introduced undesirable security vulnerabilities in the environment, which should be remediated before they are exploited by malicious actors, or which may permit unintentional information sharing or leakage by users.
Darren Thomson, CyberCube’s Head of Cyber Security Strategy, said: “Insurers underwriting cyber risk will need to be very mindful of these changes and how they affect an organisation’s risk profile. These are new norms that need to be incorporated into their underwriting appetite in addition to well-established threats like ransomware, which shows no signs of diminishing. Indeed, homeworking may slow the ability of policyholders and insurers to respond quickly to ransomware infections.”