COVID-19 has initiated a whole new host of cybersecurity threats. Twitter was one of the latest victims, its employees allegedly being targeted so that hackers should take over the accounts of certain verified users. And just before that, a June 25 story in The New York Times detailed the way in which a foreign entity is attempting to infiltrate American business by taking advantage of remote employees whose organizations – more than 400 million worldwide – use virtual private networks (VPNs).
This should be a wake-up call – especially for cybersecurity officers. What were once considered sufficient safeguards to keep sensitive information secure, are now beginning to prove insufficient in this world of remote work.
Twitter’s situation, for example, shows the danger of having a risk management strategy too heavily focused on mitigating external threats. In addition to the external actors that have learned to penetrate this first line of defense, acts from internal actors can be just as dangerous to a business’ bottom line – even if that’s not their intent. Insider threats from negligent actors that mistakenly send sensitive information to the wrong email address, for example, reportedly make up 62 percent of such incidents....
Inside attacks can happen. Malice does not always have to be the reason for a cyberattack. A threat actor can target an otherwise loyal employee based on his role or access level and coerce him into breaching the company’s security on behalf of an external third party.