WHITE PAPER
3 HEIGHTENED CYBER RISKS IN THE NEW NORMAL HOW SECURITY AND FRAUD TEAMS CAN ADAPT TO CONTINUE OPERATIONS AND STAY SECURE As organizations adapt to today’s business environment and changing dynamics brought on by the global health crisis, they face unprecedented challenges in protecting against cyber threats. Bad actors are exploiting the crisis using both new schemes and tried-and-true tactics. Three areas of increasing concern for cybersecurity are the escalating risks from a remote workforce; an expanding threat landscape in which new (largely cloud and SaaS) resources are being rapidly deployed to meet the demands of unprecedented remote work; and detecting and responding to threats due to altered security operations and environment. Read on to learn more about what security teams are up against and what they can do to adapt.
ESCALATING RISKS FROM THE REMOTE WORKFORCE The workforce has changed almost overnight. Remote work has become a universal requirement, not just an option. Many organizations have had to scramble to rapidly deploy capabilities for remote work during the crisis to continue business operations. Endpoints warrant a closer look. Endpoint vulnerabilities have increased as millions of workers are now accessing corporate networks and applications using their own technology (phones, tablets, laptops, etc.), as well as using home internet routers that may or may not be adequately protected. All these points of home connectivity provide new avenues for bad actors to advance their attacks. Employees are getting barraged with attacks. The bad actors are not just exploiting endpoints and home networks. There has also been a dramatic increase in phishing, spear phishing, credential stuffing and other familiar social engineering tactics to gain unauthorized access. These attacks are more sophisticated, and effective, as the bad actors exploit the crisis with false information, fraudulent websites packed with malware, and targeting of remote employees by spoofing IT or HR help desks and asking for sensitive information. It’s a good time for organizations to revisit anti-phishing tools and training to educate the workforce about threats that exploit the current situation.