Throughout this year, since the pandemic began, IT professionals around the world have been overwhelmed by the need for businesses to strengthen their digital barriers. The shift towards remote work has undoubtedly been an opportunity for a new infrastructure both physical and virtual for all types of businesses, without discriminating budgets or sizes. This infrastructure has been called into action without much preparation, as there was no time to apply the pre-established protocols. It is clear then that this situation has been at least problematic for cybersecurity at a global level.
When there is more exposure to privileged data and computers to attack, criminal hackers are most aware of these shortcomings, increasing the risk of a cyber attack. The closest example of this vulnerability is phishing, with which weaknesses are checked and important data is accessed. In this way, Google and Microsoft have reported a significant increase in malicious activity, April being the month with the highest activity of this type. The biggest problem remains the uncertainty surrounding businesses as to whether they will ever return to normal in this field. The new reality also requires new computer security standards for companies that safeguard digital assets.
Now that the world's workforce is connecting remotely - using their own hardware - organizations have to change the paradigm of the last decades because they have to rethink the security apparatus and face the problem from a new perspective. In practice, the parameters to be monitored would no longer be only in the physical environment, but perimeters would have to be marked based on the software since what is sought is to protect the assets located in the virtual environment and in the cloud.
According to the consultancy PriceWaterhouseCoopers, there are at least five cybersecurity risks from the pandemic:
- Security controls would not be applied to new systems or tools with which remote work operates: Security departments would not be consulted regarding the systems prior to use, which would inevitably end in the lack of network penetration control. This results in controls not being applied and in a detriment to the detection capacity of those systems.
- Existing processes and good practices would not be taken into account or would not be available to employees when they encounter obstacles to common ways of working: An example of this is that workers may find it more convenient to do a file transfer using an application that is not authenticated as secure in order to pursue efficiency in the process. It also applies to the destruction of documents.
- Employees are more likely to be victims of social engineering: As attackers take advantage of the incipient workload, the new way of working and high levels of stress to exploit data collection from phishing. Remote working will cause employees to rely more on the non-verbal expressions of their colleagues, implying that the existing methods used to verify the authenticity of communications will be of vital importance.
- Relying on remote systems will make companies more vulnerable to denial of service attacks (known as DoS attacks): Maintaining reliable access to remote systems will be vital to business operations as employees work remotely. In this way, attackers can launch a denial of service attack to disrupt business or demand money.
- Employees will be required to work with technologies with which they are not familiar: This results in potential security risks, as remote collaboration tools can be used inappropriately or in an unsafe way, far from the way they were designed.
Any one of these five risks could seriously compromise the company's operations. What remains uncertain is how remote work will develop, as organizations should take into account performance during this phase of confinement and compare it to regular shifts so that a work-life balance is maintained.
As organizations adjust, they will also be forced to optimize costs and streamline their digital transformations, which will end up incentivizing security leaders to use service models that can do more with less. It must be taken into account that many companies do not have enough capacity to invest in computer security, so there will also be cases in which they would be beginning to have infrastructures for medium-sized organizations. This pandemic has in fact left an open field for innovation in cybersecurity, although this is not necessarily in all cases a matter to be urgently covered in the strategic management of business.
In conclusion, the pandemic has left many challenges for companies in terms of cybersecurity, since there are imminent risks that will affect their operations at uncertain levels, for which security agents will have to reinforce and rethink the way in which they ensure the security of the data that workers use.
*The opinions expressed in this article are those of the author and do not necessarily reflect the views of the administrators of The Crypto Legal blog or the Lawgic Tec association.
 'Hack-For-Hire' Attacks increase as COVID-19 spreads. In Forbes. [Online] Available at: https://www.forbes.com/sites/emmawoollacott/2020/05/28/hack-for-hire-attacks-increase-as-covid-19-spreads/#6d79dfb57e1b
 Managing the impact of COVID-19 on cybersecurity. [Online] Available at: https://www.pwccn.com/en/issues/cybersecurity-and-data-privacy/covid-19-impact-mar2020.pdf