Cybersecurity is becoming a priority for organizations of all sizes. Risk leaders and other senior practitioners at financial services firms ranked IT disruption as their top operational risk for 2021, according to a Risk.net survey.
The shift to remote work over the past year only heightened security risks and concerns — both from outside attackers and internally. Let’s explore some risk areas that CISOs and other IT executives should be aware of as they navigate transitioning back to the office or to a hybrid workforce.
According to the Agari Cyber Intelligence Division (ACID), between February and April of 2020, cyber phishing attacks increased by 3,000%. These attacks mainly focused on the financial sector, targeting high-ranking officials with access to financial information. Once hackers have access to an employee’s valid email account, it creates a snowball effect throughout the rest of the organization until the hackers have access to a large portion of the company.
Tessian’s Back to Work Security Behaviors Report found that a majority (67%) of IT decision-makers expect an increase in phishing emails that take advantage of employees transitioning back to working in offices.
To make matters worse, the report also revealed that nearly half of all employees developed bad habits concerning cybersecurity practices while working from home during the COVID-19 pandemic. Employees admitted that they were less likely to follow proper cybersecurity protocols as they felt they were less likely to get in trouble while working remotely.
Organizations need to reevaluate their cybersecurity protocols and make sure employees are aware of and following policies — whether they continue to work from home or return to the office.
Steps to ensure proper cybersecurity include:
Organizations must also be aware of digital skills gaps among their workforce. With technology constantly evolving, current employees may be less able to adapt and fully function in an increasingly complex work environment. Investing in current employees and new generations entering the workforce with training and resources helps businesses stay ahead of cybersecurity threats.
CISOs and other IT leaders need to ensure that their cybersecurity framework is efficient, effective, and agile enough to fully monitor and understand the chaotic world of information management. An effective IT and cyber risk management program equips your organization to scrutinize and evaluate risk across functions.