Through the GRC Lens – April 2020

Posted by

Has “work-from-home” opened the door to more cyber-attacks?

In the last few months, the COVID-19 pandemic redefined risk management, forced businesses to review their cyber-attack mitigation strategies to understand the gaps in their approach to cybersecurity. Today, the world seems to be gradually re-emerging from the crisis and getting a grip on understanding the aftermath. Globally, businesses are beginning to prepare themselves for their return to work, anticipating the mid- to long-term implications of the crisis and working towards strategically responding to the challenges. While the world gets ready to adapt to the New Normal, let’s find out what made it to the headlines in April, through the GRC lens.

Redefining the remote work environment

In early March, JP Morgan, experimented by allowing 10% of their employees to work from home. A month later, JPMorgan’s Co-president Daniel Pinto, said that staff could work from home on a rotational basis more permanently, in line with the bank’s future vision of work. Recently, tech-giant Facebook also announced that most of its employees will be allowed to work from home through the end of 2020 and Twitter made WFH permanent for all its employees.

After witnessing no significant drop in productivity with the WFH regime, organizations around the world, seem to be getting comfortable with the idea. The new social distancing policies have also got organizations reconsidering their plan to get back to office.

Arguably, COVID-19 proved to be the greatest catalyst for rapid change in workplaces. According to the Bureau of Labor Statistics, only 29 percent of Americans were able to work from home before the COVID-19 era. It now appears that this could outlast the lockdown. However, this growing shift to virtual ways of working dramatically altered the cyber threat landscape, with a potential for greater risks, this year.


Strengthening the cyber defense

In the beginning of April, Marriott International revealed that a security breach may have exposed the personal information of 5.2 million guests. Soon enough, Cognizant was hit by ‘Maze’ ransomware attack, causing disruptions to some of its clients. Zoom, a heavily-used video-conferencing app, was again compromised by credential stuffing and over 5,00,000 credentials were sold on the dark web. Recently, Unacademy, an India-based online learning platform also suffered a data breach that exposed details of 22 million users.

Phishing increased by 350% since the coronavirus outbreak started (between January to March 2020), according to data gathered and analyzed by Atlas VPN. It goes without saying that remote work inevitably brings a new set of risks and challenges.

While we can’t solely blame the shift from office spaces to work from home for the increase in cyberattacks, organizations need to step up their cyber game to align better to this new way of working.

In a recent virtual conference, hosted by Global Cyber Center of NY, William Altman, the company’s Senior Analyst, said, “Organizations of all kinds are facing an uptick in email-based threats, endpoint-security gaps and other problems as a result of the sudden switch to a fully remote workforce…It’s now more important than ever to consider both the security practitioner as well as ethical-hacker perspectives in order to stay secure, that’s what this is all about.”

Looking at the brighter side, we can believe that every crisis comes with opportunities for reinvention and differentiation. Although, no one could have predicted the upheaval caused by the COVID-19 pandemic which disrupted businesses and economies around the globe, it has now become imperative for organizations to pay extra attention to the blind spots in risk management and strengthen their cyber defense.