COVID-19 has fundamentally changed the way we live and work. After pressure on healthcare systems and adapting to a socially distant environment, the biggest challenge is defending businesses against cyber attack when many of us are working remotely.
The impact of a security breach can be divided into financial, reputational and legal damages.
Financial services firms, including insurance, have had to shift to almost 100% remote work. While most large firms had remote work processes in place, they were not designed for an entire workforce. Some firms have had to modify existing technology. This can create security gaps.
Cyber criminals have shifted their emphasis from corporate entities to home based users. Phishing attacks and business email compromise have increased, focusing on COVID-19 to trap unwary users. Remote infrastructure has also been a weakness. Another threat is employees working from home using personal devices and email accounts.
Employers have reacted by increased cyber security training using best practices for home environments. Firms are using more two factor authentication and remote administration of functions. In general, existing systems have adapted well.
The full impact of COVID-19 is unknown. Firms must continue to prioritize their security controls and collaborate with peers on emerging threats, best practices and resiliency. The single most important thing is staff awareness training.
(Adapted from a post on Cyber Security Intelligence website.)