As offices re-open, organizations everywhere are at significant risk for cyber crime. The primary reason behind these inevitable threats is the permanence of remote work, which Check Point calls the “new normal”. As the lockdowns ensued, organizations were forced to compress several years’ worth of IT changes into just a few weeks, in order to support remote workforces.
The support of remote work required heavy reliance on the cloud, as well as online collaborations tools, such as Zoom. Consequently, the rapid changes exponentially grew the attack surfaces for hackers to exploit. To better understand the situation, Check Point conducted a survey on 270 IT and security professionals to learn priorities and concerns as their offices explore re-opening.
The “New Normal” has begun
In the survey, 75% of respondents said their offices were open again for limited numbers of employees as lockdowns lift. On average, staff are still working 4 days out of 5 at home, meaning remote-working vulnerabilities and threats will are here to stay.
Fear over the Next, Big Cyber Attack
Over 75% of respondents said their biggest concern was an increase in cyber-attacks, especially phishing and social engineering exploits. 51% said that attacks on unmanaged home endpoints was a concern, followed by attacks against employee mobile devices (33%).
Top Cyber Crimes to Watch Out For
- Social engineered cyber attacks exploiting fear, uncertainty and doubt. Demand for information on the new virus, accompanied by fear, confusion and even the boredom of confinement, has multiplied opportunities for cybercriminals to deliver malware, ransomware and phishing scams.
- Cloud cyber-crime. Many Infosec and DevOps teams rushing to the cloud did not scale their cloud security postures to the level of their traditional data centers. This gap, in simple words, presents a dangerous opportunity to hackers.
- Phishing exploits on employees working from home. Employees are now their own CISO – with the drastic shift to allow work from home, we face a reality where our living room is now part of the company’s perimeter. Every company now needs to rely more on each one of its employees to guard its data and critical network credentials.
“Organizations had to restructure their network and security fabrics almost overnight to respond to the Covid-19 pandemic, and doing this inevitably meant that security gaps opened up, increasing their attack surface and creating new opportunities for criminals,” said Rafi Kretchmer, VP Product Marketing at Check Point Software Technologies. “Now that we are moving towards a ‘new normal’ way of working as lockdowns lift globally, organizations need to close off those security gaps and secure their networks, from employees’ home PCs and mobiles to the enterprise data center, with a holistic, end-to-end security architecture. The Covid-19 pandemic may be fading, but the cyber-crime pandemic it triggered is here to stay. However with the right approach to security, we can prevent attacks from causing widespread damage and disruption.”
Cyber Crime During the Coronavirus Pandemic
In April, a separate survey by Check Point showed that organizations were being hit by a ‘perfect storm’ of increased cyber-attacks, while having to manage the massive and rapid changes to their networks and employee working practices during the pandemic. 71% of respondents reported an increase in cyber-attacks during February and March 2020, and 95% said they faced added IT security challenges with provision of large-scale remote access for employees, as well as managing shadow IT usage.
How to Protect Yourself as Offices Re-Open
- Real time prevention. As we all know, vaccination is better than treatment. The same goes in cyber security. Real-time prevention of threats, before they can infiltrate the network, is the key to blocking future attacks. 79% of respondents to our new survey said their main priority is tightening their network security and focusing on attack prevention.
- Secure your everything. Every part in the chain matters. The “new normal” requires organizations to revisit and check the security level and relevance of their network’s infrastructures, processes, compliance of connected mobile and PC devices, IoT etc. The increased use of the cloud means an increased level of security, especially in technologies that secure workloads, containers and serverless applications on multi and hybrid cloud environments.
Boost visibility. So many changes in the company’s infrastructure present a unique opportunity to check your security investments. Did we miss a blind spot? The highest level of visibility, reached through consolidation, will guarantee the best effectiveness.
