Hybrid Work Makes Businesses More Vulnerable to Cybercriminals

Ongoing hybrid working practices threaten to leave financial institutions exposed after the pandemic.

The pandemic has been devastating for many people and firms; however, some found a silver lining. As bad as things might have been for people, economies, and society, it was boom-time for cybercriminals. They flourished during 2020 and will continue to be a significant threat as we get back to business.

The figures are bleak. Reports of cybercrime shot up by almost 70% in the US compared to 2019, according to the FBI's 2020 Internet Crime Report (ICR). Lockdown created an ideal environment for cybercriminals: overnight, businesses had to convert to remote working models, people had to work off their own unsecured devices, data became mobile, and companies had to operate in a way that their security strategies were unprepared for. Mostly, remote working was successful, but it made businesses vulnerable. According to an Apricorn survey, 58% of companies think hybrid working puts them at risk of a data breach. A third of IT decision-makers say employees knowingly put corporate data at risk.

The RSA's Quarterly Fraud Report found that phishing remains the most common approach, but others such as brand abuse (hackers imitating brands) are becoming more common. Phishing accounted for 33% of attacks, up 13% from the previous quarter. More people banking online, account takeover attempts soared, and logins to a new account from a new device accounted for 31% of fraud activity. In addition, the amount of fraudulent activity originating from a mobile device increased by more than 25%, while the number of fraudulent payment transactions from mobiles rose by 17%.

State and Federal regulators have understood companies having to react quickly during the pandemic but will increasingly expect adjustments to the new hybrid work environment. We can also expect further regulatory changes to cope with some of the unique challenges posed during the pandemic.

All signs are pointing to hybrid working becoming the norm for many businesses. Businesses will need to overhaul their security strategy to monitor an increase in the use of endpoints, mobile device use, and third-party relationships. All these create new vulnerabilities to already-implemented defenses. However, many companies remain surprisingly calm about this gap in defenses. Employees have been allowed to buy their own devices, which might not have been thoroughly secured. In addition, old versions of software such as Zoom are still common, complete with a host of security vulnerabilities. 

Another study by Tessian revealed some other startling stats:

  • 43% of employees have made mistakes that have compromised cybersecurity
  • A third of workers rarely or never think about cybersecurity when at work
  • 52% of employees make more mistakes when they're stressed, while 43% are more error-prone when tired
  • 58% have sent an email to the wrong person at work, and 1 in 5 companies lost customers after an employee sent a misdirected email.

Even more worryingly, due to the pandemic, many firms are slashing IT departments in an attempt to cut costs.

Michael Markulec

technology executive, cyber-security guru, politician, rugby player, deadhead, brewer, former army officer, crossfitter, and hard-drinking calypso poet.