Morten Brøgger, CEO of Wire discusses how cybercrime has flourished in the mass shift to remote work brought on by the COVID-19 outbreak. He investigates how popular communication tools have exposed businesses to cyberattacks, and how zero trust architecture can better defend in the future with proper security infrastructure.
The COVID-19 outbreak has forced many businesses to quickly find ways to digitize operations and implement mass remote workOpens a new window . However, as companies continue to grapple with keeping high levels of connectivity and productivity, cyberattacks have increased by an estimated 400%Opens a new window .
Many of these attacks have been waged within communication toolsOpens a new window , revealing underlying security and privacy weaknesses that are not only significant but chronic. Platforms like Zoom Opens a new window and Microsoft TeamsOpens a new window are now patching security flaws and reworking technology to better anticipate threats, but it’s clear that these reactive fixes fall short. To meet the ever-increasing challenge of remote work and cybercrime, communication platforms will need to be built to a new standard, with infrastructure that prioritizes cybersecurityOpens a new window .
Learn More: Moving UC to the Cloud: Tips and Best PracticesOpens a new window
The Current Weakness of Tools
The scramble to provide solutions for employees working remotely created a boom in collaboration platforms. Slack, Microsoft Teams and Zoom rose in popularity as a quick fix for maintaining employee productivity by offering a central tool that easily connected and integrated with other workplace apps.
Unfortunately, convenience came at a cost — the features that apparently helped boost productivity also created many vulnerabilities for cybercriminals to exploit. For example, Zoom has suffered a slew of security and privacy issues from cybercriminals disrupting video conference calls (known as “Zoombombingâ€Opens a new window ), to improper encryption key storageOpens a new window , to the undisclosed transfer of data to third partiesOpens a new window .
While the company has since released patches for vulnerabilities, updated its privacy policy and enabled additional security features, it is still under fire for its clear lack of proper security protocols (like its plan to only supply end-to-end encryption to paying customersOpens a new window ) Security issues in Microsoft Teams have also been discoveredOpens a new window – GIF integrations displayed vulnerabilities that cybercriminals could potentially leverage to take over an organization’s entire roster of Teams accounts (this has since been patched).
The primary concern is that these security and privacy issues are not new: they have simply come to the surface as usage rates increased due to mass remote working. Zoom, for example, had two security issuesOpens a new window to patch just last year that were equally as concerning but less publicized. It’s become clear that tools that are developed with ease-of-use, high integrations and simplicity in mind have chronic security issues. In fact, these security issues are so severe and persistent that it has led government entities to release new telework guidelinesOpens a new window and some organizations to ban the useOpens a new window of specific tools.
Learn More: 6 Practical Ways to Use Collaboration TechnologyOpens a new window
The New Secure Infrastructure
Communication tools that prioritize productivity and connectivity over everything have been shown to have major recurring security and privacy issues. They are always slightly behind the curve, racing to implement modern solutions to keep up with the onslaught of cyberattacks or the discovery of vulnerabilities.
The success rate is in the numbers; cybercriminals have become so capable that annual cost to businesses is estimated to soon reach $6 trillionOpens a new window globally. To keep up with the rise of cybercrime, remote workOpens a new window and ever-increasing need to protect digital assets, collaborationOpens a new window platforms need to evolve — they need true security infrastructure. Platforms that are built with a security-first infrastructure are not only better prepared from the beginning, they are also more capable of evolving and adapting to new challenges.
There are two key components that make security-first infrastructure work: transparency and zero trustOpens a new window . Tools that are hyper-transparent give companies better insight and confidence in the inner workings of the solution, especially with the management of sensitive data. Businesses should look out for platforms that are open-source, are audited by third parties, and publish clear privacy policies. Zero trust is a dynamic and hyper-vigilant security model that employs continuous monitoring and improvement to systems as a proactive defense against cyberthreatsOpens a new window .
Platforms that run on the zero trust framework assume that all data, devices, apps and users inside or outside of the corporate network are inherently insecure and must be authenticated/verified before being granted access. This means using stringent protocols and technologies such as multi-factor authentication, end-to-end encryption, identity access management, orchestration, and other comprehensive system permissions and safeguards.
Learn More: 7 Tips for Remote Software Update Management During COVID-19Opens a new window
Preparing for the Future of Work
COVID-19 has undoubtedly been a catalyst for the acceleration of remote working, however, it’s crucial for businesses to recognize that this is a trend that is here to stay. A recent Gartner survey found that 74% of CFOsOpens a new window plan to move at least 5% of their previously on-site workforce Opens a new window to permanently remote positions post-COVID 19. In that world, many employees will be accessing confidential and sensitive proprietary information across multiple channels of communication every day.
As that happens, the rate of successful cyberattacks will only increase unless organizations take aggressive defensive measures. It will require a paradigm shift in how companies manage the mobility and security of data at scale. Failing to do so will result in a dangerously high level of vulnerability to data breaches, loss of customer trust and significant financial loss — something businesses will not be able to afford in the uncertain economic future.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!