Most companies do not have adequate security systems to support remote work and now have to face the new reality of COVID-19, which includes a wider range of attacks and less secure devices. Many companies also had to quickly adapt and adopt various digital tools, using new technologies that may not be sufficiently secure.
The 21% of organizations in Singapore revealed that they saw an increase in attacks on their IT systems due to the pandemic, according to a report by HackerOne released this week (25th August 2020). About 58% of these companies thought they were more likely to experience a data breach as a result of the global pandemic. The HackerOne study was conducted by Opinion Matters in July 2020 and published the results for 1,400 security professionals in Singapore, Australia, France, Germany, Canada, the United Kingdom and the United States.
Also, the 64% of the boards considered it possible that their organization would face a data breach as a result of the pandemic. HackerOne CEO Marten Mickos said: “The COVID-19 crisis has brought everything online. “As companies rush to meet remote work demands and customer demands for digital services, attacks have expanded dramatically, with security teams not being staffed to deal with them.”
With most employees working from home, it has become easier to carry out business attacks, warned Eugene Kaspersky, CEO of Kaspersky, who spoke at the Kaspersky Online Asia-Pacific Forum last week.
The security vendor reported a 25% increase in the number of new malware to more than 400,000 a day, up from 300,000 before the virus appeared. Kaspersky said this is the new reality and the right strategy is even more important at this stage.
David Koh, commissioner and chief executive of the Singapore Cyber Security Agency (CSA), agreed, noting that governments, industries and individuals needed to change the way they live and work, all in a very short time.
Companies had to adapt to work from home and attract partners and customers online, Koh said. “Things that some people thought were very difficult to do nine months ago had to change overnight,” he said. “We had to adapt radically and use new technologies literally overnight.”
Databases, for example, had to be expanded so that employees could access them from their home environment and controls that used to exist in physical workplaces were no longer relevant.
Instead, employees’ home Wi-Fi systems were now the main hubs, and they were not as secure as the office environment, Koh said.
Employees had been moved out of offices and into homes, but the agencies had not installed security systems outside their business walls, said Mark Johnston, head of security at Google Cloud Asia-Pacific for networking and collaboration experts.
Cybercriminals have also adapted, expanding their focus to harness the public interest in COVID-19 as a lure for scams and ransomware attacks.
New vulnerabilities were also exposed because users had moved out of their business environment and were no longer protected by firewalls, Johnston said.
There was also an increased focus on credentials, as more people had access to the corporate network from different home and online environments, he noted.
Mihoko Matsubara, chief cybersecurity strategist, said: “We are now more vulnerable because too many companies have adopted remote work.” He noted that 45% of organizations in Asia had not yet provided training to guide employees on how to work safely when doing so remotely.
Budgets are also likely to have shrunk due to the uncertain economic climate, which has further exacerbated the problem, Matsubara said.
According to a study by Barracuda Networks, 40% of companies worldwide have reduced their cybersecurity budget as a cost-saving measure due to COVID-19. About 51% said their workforce did not have adequate training on cybercrime-related risks and 51% had seen an increase in phishing attacks.
“We had to adapt to the COVID-19 situation abruptly and from a technological point of view, many of us were not ready,” Koh said. He noted that cyber security required a balance between usability, security and cost.
HackerOne’s Mickos noted that the outbreak forced organizations to realize that they were slow in the area of digital transformation and cloud migration.
About 37% in Singapore said the pandemic had prompted them to step up their digital transformation efforts, with 40% admitting they had to do so without being fully prepared. “The pressure he has put on security teams is enormous,” he said.
Koh also argued for the need to simplify technology, which was currently very complex and difficult to manage. “We urge everyone, including small and medium-sized enterprises, to be responsible for their own cyber security,” he said. “It has to be simple, so that everyone can take care of their own cyber security. Security must be present by default and not acquired by design. “