Cybersecurity is a crucial component of industry, requiring heavy investment to reduce the attack surface and thereby strengthen a company’s defensive posture.
If we use the poacher / gamekeeper metaphor, we might acknowledge that having the best gamekeeper will deter many poachers. However, there will always be some who are prepared to take a big risk for the best reward. So, if a company puts all its nice juicy deer in one open field, are they not asking for trouble?
To protect against this, many companies will secure the perimeter with walls, wire, alarms and guards, possibly separating the deer into segmented structures within the field. But motivated poachers will still be able to steal away food for their table. Most gamekeepers want the most impregnable perimeter money can buy, accessible by only one very secure door, with a finite number of keys.
Remote Working Risk Landscape
Covid-19 has necessitated a mass distribution of keys to that single door, to allow remote workers in almost every company to continue working. Remote workers need to access company information from their own devices, and some companies may need to introduce more secure doors to the perimeter to allow greater access to the network.
The more devices connected to a network, the larger its attack surface. The larger the attack surface, the easier it is for hackers to infiltrate the network. This means that each separate device becomes a gateway that hackers can exploit to explore vulnerabilities for their own gains.
COVID-19 Business Continuity
Before Covid-19, remote-working employees would have had official security programmes on their company laptops, with dual or multifactor authentication mechanisms for connecting to VPNs, with mandated patching and software update protocols in place to ensure secure access to confidential company information.
However, most remote working plans were expanded exponentially to include many more employees in a last minute rush to secure business continuity. Many remote workers are now likely to be accessing company networks from domestic computers via unsecured home Internet connections. To make matters worse, many home computers are already infected with malware that is designed to lie dormant until activated. The resultant vulnerabilities present malcontents with easy access to the keys for the cybersecurity door and innumerable options to exploit.Hackers only need access through one entry point to seize control of an entire network. Once in, they can steal company secrets, alter data, or even lock down the whole network.
Additional vulnerabilities are likely to have been exposed by the issue of remote working, vulnerabilities for which many companies may be unprepared. Firstly, a business continuity plan that exposes a larger attack surface (by home working on domestic computers) to an increased number of threats must also consider data breach management and internal monitoring of a workforce’s personal computers, many of which may not be owned by the company, nor contain auditable evidence of security updates.
Secondly, a company’s rapid change to temporary remote working must not allow protocols and operations to step outside formal business continuity and cybersecurity policies. Companies that do not monitor this carefully will risk invalidating company liabilities, cyber insurance policies, data protection plans and hard-won ISO accreditations.
Two recent insurance industry cyber risk surveys are worthy of note. One found that a majority of board members and senior executives who were responsible for their organisation’s cyber risk management, had less than one day in the last year to focus on cyber risk issues, despite concern over cyber threats being at an all-time high.
The other survey of senior executives found that nearly 80% of organisations now rank cyber risk as a top five concern, with only 11% expressing a high degree of confidence in their ability to assess cyber threats, prevent cyber-attacks and respond effectively. (Both polls were taken before Covid-19 hit).
The cybersecurity industry is brimming with statistics about the risk before and after Covid-19 and what the threat landscape is like now. One popular belief is that the world’s biggest cyber-attack will piggyback post-pandemic measures and will happen within the next six months.
In this very fertile risk landscape, prudent crisis management teams should take action now, to ensure they can protect themselves against a malware cyber-attack and all its resultant resolutions (whether indemnified or not) – or buy stock in a cyber security company*.
*Some cyber stocks jumped 30% in the six weeks after the Iranians cyber superpower vowed to take revenge through the US digital network after Major General Qasem Soleimani was killed at the BIAP in January’s drone strike.