As the opportunities for cybercriminals are ever-expanding due to the effects of COVID-19, AT&T Business surveyed 800 cybersecurity experts across the UK, France and Germany to better understand the cyber risks. John Vladimir Slamecka, Regional President, EMEA, AT&T, explains why adapting quickly is critical to help stop a vulnerability from turning into a catastrophic breach.
As 2020 unfolded and our daily lives were turned upside down and inside out by the first, second and now third waves of COVID-19, one word kept coming to mind. Disruption.
It’s been a constant in business for a while now. The shift from physical to digital. The rise of sharing versus renting or owning. Big tech’s expansion into everything from collaboration to cloud. And here we are, at the start of a new year, with our personal and professional lives feeling equally (if not more) disrupted.
So where does cybersecurity fit into this narrative?
Millions made the switch to remote working in 2020 and have been working that way for most of the past year. Many now expect, and will perhaps demand, that the flexibility necessitated by the fight against Coronavirus becomes part of the future working contract. That means the patches, the quick fixes and the acceptance of risk that enabled a short-term move to home working, need to be remedied. Quickly.
Businesses that can do this in 2021 will not only help protect themselves from threats, they will also stand out from their competitors as forward-thinking, more prepared, and, ultimately, more trustworthy. According to a recent AT&T cybersecurity survey, a huge majority of companies (73%) ‘leading’ in cybersecurity strategies, controls and operations strongly agree that their security approach makes overall business success more likely.
Employees were, and still are, accessing sensitive data from their front rooms, bedrooms and dining rooms. Meanwhile, cybercriminals haven’t disappeared. Indeed, opportunities for cybercriminals are flourishing thanks to the expansion of potential entry points into company systems as well as distractions related to political and social concerns and unrest.
Is confidence misplaced?
To understand the risk better, AT&T Business surveyed 800 cybersecurity experts across the UK, France and Germany. We were surprised by what the data told us – we expected they’d admit to being unprepared for the rapid shift to remote working back in February and March. Only one in 10 agreed: 88% initially felt that they were good to go.
But the reality was different and over half (55%) said the switch made their companies more or much more vulnerable to cyberattacks. This rose to 70% for the biggest businesses with more than 5,000 employees.
The weakest link
So why is there such a large divide? Human error. When digging into where the biggest vulnerabilities lie, many of the experts we surveyed agreed – employees pose the greatest threat. Almost one in three (31%) of respondents to our survey said their colleagues’ lack of awareness, apathy and/or reluctance to adapt to new technologies presented the biggest challenge to implementing good cybersecurity.
But employees aren’t the only risk factor. Experts also cited more frequent and sophisticated cybersecurity attacks and a greater demand for products or services which put pressure on resources (both 29% respectively). Furthermore, a company’s internal cybersecurity expertise and preparedness was shown to be crucial. Cybersecurity experts said that having inadequate IT or cybersecurity personnel support (26%), a lack of external cybersecurity support services and products (24%) and not enough executive support or adequate financial investment (24%) were all key concerns.
So, we asked the same questions again, this time in Asia Pacific
To dig into these findings further, we extended our research across Hong Kong, Singapore and Australia where companies had been grappling with the effects of COVID-19 even longer.
While overall preparedness for remote working was also initially high across the region, with 93% of IT managers saying they were prepared for work from home arrangements, the transition wasn’t without risks.
Responders flagged Wi-Fi networks (39%), cloud storage (38%), email (36%), remote devices (32%) and video conferencing solutions (31%) as the biggest areas of concern. Additionally, beyond the logistical challenges of remote working, our second survey highlighted a range of new security threats developing.
As the lines blurred between the home and office, more than one in three remote workers started using their devices for both work and personal use (38%). Over one-third are accessing the web and business applications via private Wi-Fi networks. And 35% of users are accessing corporate networks from devices not managed by the company.
So, with similar results globally, what can businesses do to help provide that they are operating more safely and securely during COVID-19 – and beyond?
Protecting the business for the future
To stay ahead of cybercriminals, companies need to take a unified approach that aligns their people, processes and technology. With the transition from offices to home and hybrid working, companies need to take the time to reinforce cybersecurity policies and best practises.
With that in mind, I asked AT&T’s CSO, Bill O’Hern, for his thoughts on what cybersecurity experts and company executives need to be considering in 2021. Here are his four key takeaways:
- The attack surface has changed and it’s likely to stay changed. You’re familiar with the new basics, such as monitoring remote access and devices. You know that the action to watch is now at the VPN head-end, not in the local network. But are you budgeting properly for next year? Provide that your security plans align with the back-to-work strategy of your business.
- Cloud is a key play for security and continuity. Its very nature helps keep your business locally and globally resilient against pandemics and other major events. The security needs are different – beyond guarding an enterprise perimeter. But the benefits can be worth it.
- Digital Transformation helps security, too. When you use good practices in your development cycle and when you deploy infrastructure as code, you get protections in place quicker. It’s a good way to help keep pace with attackers.
- 5G and Internet of Things (IoT) are real. LAN speed is old news. Your people and processes are remote – and 5G will help give them highly secure, high-speed and low-latency connections like they were on your campus. Are you looking at the infrastructure to take advantage?
Organisations need to approach any business initiative with a cybersecurity-first mindset, prioritising it as a key part of the culture.
As remote working means data continues to reside in multiple locations, in 2021 and beyond, cybersecurity practices will become a key differentiator for businesses. With an often-remote workforce, companies will be increasingly judged based on their preparedness, strategies and controls. Those that take the right steps to help protect their business and employees will reap the benefits, while excessively vulnerable businesses could face reputational and financial consequences.
COVID-19 has accelerated reliance on technology – it’s now depended on for even basic tasks, like speaking to a colleague. We’re all doing incredible things under difficult circumstances. However, our remote-working revolution means we all face a host of new and continued cyber-risks. In 2021, how businesses respond to these risks will set them apart. The ability to adapt quickly is critical to help stop a vulnerability from turning into a catastrophic breach.
Click below to share this article