Cybercrime is targeting more businesses than ever during the pandemic, with new working conditions resulting in new risks to networks. How do you ensure your network and your users are better prepared for attacks?
Business may have slowed due to the COVID-19 pandemic but cybercrime never stops. In fact, all evidence shows it has been on the rise. Fuelled by the chaos of a ‘new normal’, attackers have tested new vectors and repurposed old ones to take advantage of the situation. And it’s been working.
According to Scamwatch, the ACCC’s monitoring service for cybercrime, more than 3,000 scams related to the COVID-19 pandemic targeting individuals and businesses have been reported in Australia. Meanwhile, Prime Minister Scott Morrison has warned Australians that sophisticated attacks on Australian businesses have also been on the rise.
This is an issue across all industries, affecting small, medium and large business alike. With staff working from home, the lines have become increasingly blurred with criminals targeting personal accounts and free tools in order to get to sensitive corporate information. These attacks have been carefully targeted using phishing attacks that seem all too plausible, with messages purporting to be from government or security departments asking users to check network access settings in the rush to enable remote working.
What has become clear is that the risks to business can be devastating. A recent study commissioned by Microsoft has found that Australian businesses are losing $29 billion annually in direct economic impacts due to cyber incidents.
The challenge is it is no longer an option to simply lock down remote access to business networks and enforce rigid access policies that stifle the ability to work from anywhere. The pandemic changed the nature of how and where we will work and a return to an office-bound past will never be the norm again.
Instead, instituting advanced authentication protocols and working with cloud infrastructure that puts security at its heart will deliver a way forward that provides the flexibility we need while ensuring our systems are protected by the latest intelligent security technologies.
Even as many staff begin to transition back into the workplace, a new hybrid model must emerge to balance the needs of external and internal network users while also ensuring they are empowered to succeed while mitigating risk for the organisation.
All new risk management plans
There is no perfect security in a networked world. Having robust risk assessment and management processes should be part of any security operation. As the pandemic has taught us, our business continuity plans may suddenly be more than a thought experiment. Our ability to respond quickly to a security crisis and continue to operate may be tested with little warning, so it’s essential to carefully plan for the worst and remain vigilant to prevent it from occurring.
Education has also become more important than ever. With so many staff operating outside the corporate environment, ensuring they are adhering to best practice in how they manage their home networks and their devices is essential, as is bolstering their personal radar for the kinds of communications that they should avoid interacting with.
Finally, investment in security should be at the forefront of IT discussions. The Telstra Research Barometer backs this up, noting that 45% of organisations will invest in cyber security solutions in the next year.
Telstra has been working hard with customers to enhance the network layer of security in many new ways. From the Cleaner Pipes initiative, which works to protect activity at the network distribution level, to services like Telstra Internet Protection and our Managed Security Services, which provide security monitoring and incident response to clients when they need it most.
The ‘new normal’ is set to be a hybrid network environment, and the lessons of recent months should be converted into practical steps that can safeguard against a more complicated future – one in which every individual connection needs the right protections embedded into whichever method they use to connect to wider business networks.