2021-09-07

Homeworking - the new attack surface for cyber criminals

The pandemic presents new and challenging situations for everyone, not least for those working in IT security. IT departments around the world are having to adapt and enable large numbers of employees to work from home in an efficient - and above all - secure way!

This is something that is discussed in an article in Microsoft Stories. Sandeep Karan, head of cybersecurity at L&T Technology Services (LTTS) shares his experiences from his company of about 17,000 employees. Before the pandemic hit, there were a few people working from home. Suddenly, thousands of people needed to go home from work and do it from there.

Now everyone needs access to servers and systems. Some need to bring home work equipment and high-end specialised computers to be connected and secured. Sandeep Karan mentions that employees may have different levels of security in their homes - in shared accommodation, for example, the risk of being compromised may be particularly high. This, of course, poses massive security risks for that company. And for all other companies and workplaces around the world.

It is clear that the pandemic has contributed to a sharp increase in the number of digital threats and attacks, as highlighted by KPMG in the article Cyberattacks reach record levels during covid-19, which mentions that 54% of Swedish IT leaders note an increase in cyberattacks*.

Both Sandeep Karan and KPMG identify employees as the potentially most vulnerable link. KPMG writes:

"During the pandemic, as employees moved from offices and familiar environments to work at kitchen tables and over home networks, new attack surfaces were opened up to cyber criminals."

It is important that we recognise that teleworking is here to stay and hybrid working is the new normal for many companies. How to do it safely? Of course, it's about adapting technology to deal with and counter the new threats. But above all, it's about changing attitudes, understanding that the threats are real and that those working from home are particularly vulnerable when new attack surfaces open up and familiar routines change. It's a cultural change. Sandeep Karan says:

"Now it's important for organizations to see this as a cultural change, and not just a technological one".

Cultural change is always in people and is about insight, risk awareness and knowledge. Ultimately, it is about education. Or as Sandeep Karan sums it up:

"So, one must invest in educating their employees and making them champions."

We agree.

Involve has been working for a long time with "insight lifting", i.e. creating insight in different ways, breaking old habits and motivating to new ways of working. IT security is an area we have been working on a lot.

Please contact us and we will tell you more.

Our offers:

Strategy communication and activation

Sustainability

Compliance