As the pandemic hit, change came suddenly and unexpectedly. Employees were working at their desks, and one moment later, they were sharing network connections with their family at home. Mixing personal and corporate computer resources is never a best practice. Hence, as the next phase in this story begins, enterprises need to take a closer look at their remote systems and ensure that they are secure and functional.
When the widespread work-from-home (WFH) era kicked off in March 2020, businesses were scrambling to provide employees with the tools needed to get work done. Determining the impact the WFH change would have on enterprise system security took a back seat to getting individuals back online ASAP.
Consequently, enterprise networks morphed from tightly controlled systems to anything that worked. The results? The end device mix expanded significantly. The potential corporate attack surface grew exponentially. The tech staff struggled to meet the demand for additional services, and new holes opened up for hackers. Here is a closer look at the impact of this new work modality.
The complexity of securing corporate endpoints grows
IT saw a dramatic increase in the number of external endpoints in 2020. The staff had to accommodate its existing systems and the new ones at home, stressing enterprise network security to the breaking point.
With the move to working at home, IT also lost control over employees’ end devices. No longer did they only have to worry about corporate-issued laptops. They suddenly had a wide, and growing, range of systems to support. Because these devices have different configurations, securing them became exponentially more complex.
In addition, best practices morphed. Corporations had spent significant time putting a lot of effort into designing enterprise security programs to thwart would-be hackers. Those rules had to be loosened to get employees online and working.
Most users have only surface-level knowledge about IT systems and began using systems that lacked enterprise security features. They also shared these systems with their spouses and children, who may frequent insecure sites and inadvertently download malware.
Companies also needed to turn up new public-facing web pages quickly. In many cases, they too were rushed and become easy targets for scripting and injection attacks.
The corporate attack vector grows
Meanwhile, the cyberattacks continued to intensify. In 2021, cybercrime is predicted to inflict $6 trillion in damages globally, according to market research firm CyberSecurity Ventures. The bad actors even began targeting the new remote users with COVID-related attacks masquerading as financial institutions offering COVID relief funds and health care providers supplying medical information. The Anti-Phishing Working Group found that phishing attacks doubled in 2020.
Most IT teams have not had time to go back and revamp their security measures to account for the new landscape, and a return to the “Good Old Days” is wishful thinking. The reality is that remote work is going to stay even after the pandemic ebbs. A full 74% of CFOs intend to increase remote work after the outbreak, according to a Gartner survey. In addition, close to half (48%) of businesses plan to offer part-time jobs, up from 30% pre-pandemic.
IT organizations are now forced to provide secure access to a growing base of remote users, deliver consistent and predictable experiences whenever they access business applications, and ensure that every transaction is secure. To meet those goals, the technology department needs to put a plan in place that updates and hardens their remote security capabilities.74% of CFOs intend to increase remote work after the outbreak. In addition, close to half (48%) of businesses plan to offer part-time jobs, up from 30% pre-pandemicClick To Tweet
Closing cybersecurity holes
IT teams need a suite of tools that deliver secure end-to-end access, address application, cloud, and network security concerns, and protect data and email. The requirements list is long.
- They often start with a Virtual Private Network (VPN) that funnels traffic through a firewall, VPN concentrator, or remote desktop. From here they might also begin building their Zero Trust roadmap.
- They need tools that prevent users from accessing domains that are known to be compromised.
- They must protect their SaaS applications from credential stuffing and brute force attacks.
- They require anti-phishing
- They need to detect and quarantine endpoints that may become compromised through phishing or other malware attacks.
In sum, IT teams need to invest in enterprise security, now more than ever. Their vendor must offer a complete suite of solutions that address the many problems and have a track record of protecting corporate assets.
The pandemic threw the world and IT departments into chaos. The impact has been significant, and many organizations’ security posture is out of step with the threat landscape. As a “new normal” begins, they need to turn their attention to their IT security systems and fill in the pieces missed when their remote user profile morphed overnight.
Barracuda has been delivering enterprise-grade, cloud-ready security solutions since 2003 and can help you secure your corporate data. More than 200,000 businesses worldwide rely on its solutions to safeguard their employees, data, and applications. Barracuda’s easy to deploy, comprehensive, and affordable products protect emails, applications, cloud, networks, and data.
Lightyear's web platform allows enterprises to buy, manage, and organize their spend on telecom and network services. Services sold on the platform include internet access, WAN, VoIP / UCaaS, colocation, and more.
Dennis Thankachan is the founder and CEO of Lightyear, a web platform that helps businesses comparison shop for network services (dedicated internet access, WAN solutions, VoIP, managed services, etc.). He regularly writes on various IT infrastructure and telecom topics here. Dennis is based in NYC.