Cybersecurity incidents have been increasing, fueled by growing automation, work-from-home trends, and increasingly sophisticated hackers. Less anticipated than threats from the outside – but just as dangerous – are the risks from valued employees inadvertently opening the door to danger or from careless employees exploiting their access.
The Verizon Data Breach Report says 92 percent of detected malware came in via email. In 2020, almost a third of all breaches incorporated social engineering techniques, such as phishing emails that trick employees into clicking a link or opening a malicious file.
According to Cisco, in March 2020, as the Covid-19 pandemic altered how companies did business, phishing attempts soared by 667%. As employees worked from home, networks were under more significant pressure. As employees have been working from personal devices and have also had their corporate devices connected to home networks for over a year, vulnerability management is vital as part of the return to office security checklist.
Cybersecurity teams need to ensure that all devices coming back onto the corporate network are cleared from cyber risks. Cybersecurity teams should also analyze the security posture of these devices to ensure employees are not potentially bringing back malware onto the network that can compromise the organization's systems.
The security challenges organizations face with returning to the office are 'hybrid,' and there is no one-size-fits-all solution. Organizations can protect users and improve their defenses by modifying their security controls to address how people work today. Preventing today's incidents involves strengthening the protection of three aspects: people, processes, and technology, all within a people-centric security strategy. Businesses must assume that someone within their organization will always click and craft a security strategy that protects people first.
Organizations must train their employees on the sophisticated attacks found in the wild. Companies should ensure that they assess end-user vulnerability and training on today's threats, providing actionable skills for protecting themselves in the office, at home, and in a hybrid environment.