It seems surreal to think back to what the world was like two years ago. We were all sitting in our offices, enjoying face-to-face meetings and chats over a cup of coffee. No one expected things would change so dramatically and so quickly, but they did.
The first few months of the COVID-19 pandemic spurred a complex and rapid exercise of reorganization. As a result, business and state-wide closures affected how we live, work, and travel — and cybercriminals immediately took advantage of the opportunities these heavy operational changes presented.
A recent 2021 Cost of a Breach Report by IBM revealed that between 2020-2021 there was a 10% increase in the average cost of a digital breach. But was the pandemic the root cause of the threat changes we’ve seen in the cybersecurity community within the past two years?
Let’s look at how the COVID-19 outbreak springboarded an expansion on remote operations and a few problems that were on the rise long before coronavirus became a household name:
Remote Vulnerabilities Galore
You remember what it was like: one morning, you woke up and didn’t have to leave your house to sign into work. The shift to remote operations meant employees were no longer working inside of protected corporate environments, and vulnerabilities that businesses never had to consider became top-of-mind.
Cybercriminals were having a field day with the new landscape of attack vectors. They launched COVID-19 themed schemes — calling, emailing, texting, and socially-engineering employees. They found a plethora of easy-to-guess passwords on home and public Wi-Fi networks. They used automation tools to iterate new malware versions and accelerate distribution, as any compromised employee provided them the door into the corporate network.
The numbers don’t lie. The average cost of a breach was a whopping $1.07 million higher in cases where remote work was a factor in causing the breach, according to IBM's 2021 Cost of a Breach Report. The report also states that, on average, it takes 46 days longer to identify and 12 days longer to contain a breach in organizations where more than 50% of employees work remotely. There’s no denying the rise in remote-related security consequences in recent years, but we can’t help but wonder.
Is COVID-19 Fully to Blame?
It's easy to say that COVID-19 changed the world of remote operations and exposed us to a whole new threat landscape, but — did it?
It’s tempting to blame all the trouble on the pandemic, but the reality is much more complex. The cybersecurity issues we’ve been experiencing in the past two years are not new. They were gradually increasing for more than a decade. Employees were already a target in cyberattacks, endpoints were always weak points in security posture, and remote work was already on the rise. Moreover, phishing existed long before the pandemic, and social engineering was already a tactic long before the virus.
Throughout 2020, the lack of proper cybersecurity awareness became painfully evident as breaches dominated headlines. The truth is that a single employee’s mistake can undermine even the best security. The pandemic shined a light on gaps that most organizations already had and showed how important it is to address them.
Research shows that companies deploy an average of 47 different cybersecurity solutions and technologies. Juggling too many tools with disconnected threat data makes it harder to identify and remediate legitimate threats.
Additionally, the shortage of qualified cybersecurity professionals has made hiring and retaining experts increasingly difficult. Without a clear picture of the gaps in their cybersecurity, many organizations were not prepared for the dramatic shift to remote work — a problem that existed before the pandemic. These are just a few examples of security problems piling up long before the COVID-19 outbreak.
The COVID-19 pandemic ultimately put a spotlight on the importance of cybersecurity. Updated security protocols and controls that once seemed too complex, costly, and perpetually postponed suddenly became of vital importance for people around the world. Better cybersecurity in the future suddenly became better cybersecurity now.
We have the pandemic to thank for our newfound awareness and urgency to identify our threat landscape and patch security gaps. Comprehensive cybersecurity is no longer a nice-to-have; it’s a must. As a result, more organizations are looking for solutions that will help keep them and their employees safer.
It’s Time for a Cybersecurity Overhaul
In the post-COVID-19 world, organizations need a holistic approach to cybersecurity that solidifies their security posture and eliminates gaps. After all, a locked front door does little good if the windows are unlocked!
We need to change our approach to cybersecurity fundamentally, making it:
- proactive instead of reactive,
- correlated instead of siloed,
- and automated instead of manual.
All is possible when automating your threat detection and response strategy and remediation measures. Learn more about the power of automation in our complimentary ebook: Leveraging Automation to Revolutionize Cybersecurity.