Where are we now?
Even after decades of development in our field, one thing stays consistent, change. There are always new threats, new vulnerabilities, new fixes. The only thing that stays the same is that things are always changing. This ever-evolving landscape is what makes cybersecurity so unique, and so important. We work tirelessly to stay ahead of it, whatever that looks like. While it is important to understand how our field has developed over these decades, it is just as important to understand the most recent realities facing cybersecurity. One inescapable reality that caused a dramatic shift in cyber was Covid.
Covid-19 spurred an unimageable rise of cyberattacks as the world shifted from in person to online. It may not have been the direct cause, but it did create more opportunities for cybercriminals. While many businesses have found a way to get back to the office it is safe to say that office culture will never be the same again. Now virtual meetings are more seamless than ever, and people have grown confident in communicating online. Unfortunately, the fallout of increased online activity is a much higher percentage of cyberattacks than ever before. This left many businesses unprepared and many employees untrained in safe cyber practices. Prior to the pandemic around 20% of cyber-attacks included previously unseen methods or malware. During the pandemic this number jumped to 35% of attacks, according to Deloitte. These numbers indicate that cyber criminals were finding new ways to commit cyber crimes throughout the pandemic.
The pandemic transformed the way people think about cybersecurity on a day-to-day basis. The perimeters of protection fell away, companies were now responsible for extending security to home environments. Many companies had to start approaching cyber attacks as a guaranteed risk. The new landscape of working from home meant changes in operations, compliance, and risk. Access to technology became more important than ever as the workspace shifted and evolved to keep proper social distancing. If companies were able to make the full transition, it meant every employee was completing all of their work virtually. The consequence was that very important work was often being completed on unsecure devices without consideration for amped cybersecurity.
The drastic uptick in remote work calls meant even greater vulnerability. Cybercriminals saw an opening. Without secure communications, companies would be left with no way to complete their work. Switzerland completed a survey that showed that during the pandemic, one in seven respondents experienced a cyberattack. During only a three-month period in 2020, over half a million people suffered a cyberattack via video conferencing services. (Deloitte) This put astronomical amounts of data at risk.
Another worry was the employees themselves. Working from a home environment meant that malicious employees would be able to engage in fraudulent or criminal activity with less worry of being caught. Even if employees have no intention of being malicious, they could unintentionally put their company’s data at risk because of the other ways they use their computer. Because employees were working from home in such massive quantities, many businesses had to put into place a “bring your own devices policy” that meant employees used their own devices for company work. Even if the employees were being cyber safe while working, that didn’t mean they weren’t putting company data at risk when using their computer recreationally. Using unsecure streaming services or other websites meant that company data was at risk even during non-working hours.
It didn’t take long for employers to realize they were in desperate need of updates to their policies and work practices. It was no longer acceptable for employers to let staff stay ignorant of the ever-increasing threat of cyberattacks. One thorough way to mitigate this risk was through educating staff to ensure safe online practices.
Even as we have gotten past a necessary work from home agenda, we have to remember that there are still people spending a majority of their working hours in home offices and public spaces. We have to continually adjust to make room for cybersecurity education that promotes safety in any space, especially with the current return-to-office movement we are starting to see now.
The history of cybersecurity offers immensely valuable lessons and a look into the past can parallel our currents circumstances so much so that the lessons are still applicable today. However, in our daily lives, we must set our sights on the future. It is no longer enough to access threats as they arise. We must be proactive in their prevention. Today we have to be vigilant in our fight to deter threats before they have a chance to emerge. To stay vigilant in our field means training today to prepare for tomorrow.
