What IT leaders need to prioritize to protect against cyberattacks

What IT leaders need to prioritize to protect against cyberattacks
(Image credit: Shutterstock)

We live in a world of increasingly sophisticated hackers and adversaries, out to steal data from people and companies for profit, knowledge or disruption. While business leaders juggle new, pressing concerns daily due to the pandemic, one item that unfortunately often gets put on the back burner is cybersecurity.

As businesses embrace digital transformation and new ways of working remotely at scale, keeping sensitive information safe is a growing challenge for employers and employees alike. Especially considering new research that has highlighted over 1 in 5 (22%) UK workers have received phishing emails related to COVID-19. And worryingly, only 24% of UK employees say their companies have increased cybersecurity training during the pandemic - suggesting many businesses may still be blind to the cyber risks associated with it.

With mass vaccination efforts still in development, COVID-19 challenges are here to stay for the time being. As a result, businesses must invest time, education and actions to remain vigilant to the cybersecurity risks associated with remote work. They need cyber resilience, or in other words, the right tools, processes and backup policies, coupled with cyber awareness and training, in place so that business can continue regardless of any malicious attack method.

Blurred lines increase uncertainty

Before the global pandemic and related lockdowns went into effect in early 2020, many businesses were already adopting part-time and full-time remote work schedules for employees. However, this still wasn’t to the scale we’ve become accustomed to today. As a result, employees have had to adjust to remote working on a full-time basis and the challenges and cyber threats that come with it.

For many, working in home environments can cause a problematic blurring of home and work boundaries. Not only are there issues of stress and mental health, but performing work tasks on improperly secured personal devices, or, alternatively, performing personal tasks on a work device, can present increased security risks for individuals, businesses and their networks.

It has never been more crucial for every employee to take ownership of their online behaviors because common threats, like phishing, are at record highs given the ongoing pandemic – and the employee is often the target.

In fact, the aforementioned report found that 34% of UK workers say they have received more phishing emails than this time last year. Phishing attacks continue to grow in popularity because, unfortunately, they work. Hackers and criminals weaponize the simple act of clicking and employ basic psychological tricks to illicit urgent or harmful action from unsuspecting employees.

Which is why its crucial employees are made aware of the importance of maintaining clear boundaries between work and personal lives, and that employers equip them with the knowledge needed to stay safe from opportunistic threats like phishing and have a process to check back on understanding and employee knowledge.

The way forward

The pandemic has changed our working lives for the foreseeable future. Workers are concerned - and with that concern comes a desire for information, safety and support. We’re seeing both organized crime and opportunistic attackers exploiting fear, uncertainty and doubt to target individuals and businesses in a variety of ways with pandemic-related phishing attacks. It’s clear from the survey answers that many workers feel that to properly prevent phishing, their employers need to invest more heavily in training and education, in addition to strong cybersecurity tools. Continuous focus, education and increased awareness of common attack methods are a central component to becoming more resilient against cyberattacks and other IT challenges. 

For businesses, that means implementing regular simulated phishing and external attacks that address the various ways hackers attempt to breach organizations through their users. By combining the latest detection, protection, prevention and response technology with consistent attack training and engaging content, IT security departments can tackle the people, process and technology combinations needed to successfully mitigate attacks. Additionally, businesses must ensure that all workers have clear distinctions between work and personal time, devices, and obligations. This helps reduce the amount of uncertainty that can ultimately lead to phishing-related breaches.

It’s also important for businesses working toward cyber resilience to value back up data and ensure employees can access and recover their data no matter where they are. Confidentiality, integrity and availability in the case of cyberattacks or other forms of potential data loss need to be clearly understood and planned for to address any weakness in the security system. While accidents happen, what matters most is being able to recover quickly and effectively. So, it’s also crucial to back up collaboration tools frequently used for meetings and communication as these will be key for continued productivity in the event of an attack. By investing in cyber resilience and the end user training needed to make it pay off, businesses can significantly reduce risk while protecting their reputation, staff, and customers. When staff feel they can identify cyber threats like phishing, they help themselves and their organizations to avoid the devastating effects of a cybersecurity breach.

  • Nick Emanuel, Senior Director of Product Management, Webroot..
Nick Emanuel

Nick Emanuel is Senior Director of Product at Carbonite + Webroot.