8 July 2020, LONDON – The novel coronavirus (COVID-19) and the resultant move to widespread homeworking has created new vulnerabilities for criminals to exploit. This is the key finding of a new report authored jointly by cyber analytics expert CyberCube and professional services firm Aon.
According to the report, homeworking has exposed new access points for cyber criminals to gain entry to corporate systems including domestic PCs, laptops and Wi-Fi routers. It has also led to a diminution in employees’ distinction between work and personal emails and increasing usage of devices with insecure passwords.
Workers based at home are more likely to use online applications that would be prohibited in the corporate environment due to security concerns.
Criminals have also exploited the public’s need for information on COVID-19 to create a range of social media and text message attacks, particularly in those countries worst affected by the virus.
In addition, the rapid rise of online shopping due to lockdown has exposed the public to a higher level of well-established cyber scams such as form-jacking and spoofing.
Any organization that rapidly deployed new technology, applications, services, or systems at the onset of the pandemic should now be focused on taking a look back and ensuring that they have implemented best practices in security configuration and architecture. Many organizations are discovering that their rapid deployments, while necessary, may have introduced undesirable security vulnerabilities in the environment, which should be remediated before they are exploited by malicious actors, or which may permit unintentional information sharing or leakage by users.
Darren Thomson, CyberCube’s Head of Cyber Security Strategy, said: “Homeworking is one of the biggest changes people have had to handle during the pandemic but it’s here to stay – and that’s changed the footprint of organizations’ IT systems. More laptops, more mobile access, more devices that were never designed for corporate work – and employees juggling work life and home life on the same machine.
“Insurers underwriting cyber risk will need to be very mindful of these changes and how they affect an organization’s risk profile. These are new norms that need to be incorporated into their underwriting appetite in addition to well-established threats like ransomware, which shows no signs of diminishing. Indeed, homeworking may slow the ability of policyholders and insurers to respond quickly to ransomware infections.”
Jon Laux, Head of Cyber Analytics, Reinsurance Solutions at Aon, said: “The lesson this report draws is that cyber-security at home is a different animal to cyber-security in the workplace. Organizations are going to have to think more laterally. They’ll need to be more user-centric with a particular focus on employee’s own devices and the cloud-based applications they use.
“The traditional approach to cyber security must be replaced by something that recognizes users will operate in a decentralized and remote fashion. For large organizations, that’s going to create a lot of change management to handle.”
CyberCube and Aon’s joint report, Pandemic Under the Microscope: A Focus on the Cyber Risk Impacts of Working from Home, is available for download from CyberCube’s website.
A video featuring Jon and Darren discussing some of the report’s key findings can be found on CyberCube’s YouTube channel.
Yvette Essen, Head of Content & Communications, firstname.lastname@example.org
Alexandra Lewis, Head of Marketing & Communications for Data & Analytic Services, email@example.com
CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s Software-as-a-Service platform helps (re)insurance organizations make better decisions when advising clients on the financial impact of cyber risk, underwriting individual risks or managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modeling on thousands of points of technology failure.
The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the (re)insurance industry, with access to an unparalleled ecosystem of data partners and backing from ForgePoint Capital, HSCM Bermuda, MTech Capital and individuals from Stone Point Capital. For more information, please visit www.cybcube.com or email firstname.lastname@example.org
Aon plc (NYSE: AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.
Sign up for News Alerts here
If you're looking for more information on CyberCube or on how to collaborate with us, feel free to get in touch with me directly.
I'd be happy to help!